Sisyfos: A Modular and Extendable Open Malware Analysis Platform

Sisyfos is a modular and extensible platform for malware analysis; it addresses multiple operating systems, including critical infrastructure ones. Its purpose is to enable the development and evaluation of new tools as well as the evaluation of malware classifiers. Sisyfos has been developed based on open software for feature extraction and is available as a stand-alone tool with a web interface but can be integrated into an operational environment with a continuous sample feed. We present the structure and implementation of Sisyfos, which accommodates analysis for Windows, Linux and Android malware.

Download Full-text

Dynamic Android Malware Analysis with De-Identification of Personal Identifiable Information

2020 the 3rd International Conference on Computing and Big Data ◽

10.1145/3418688.3418694 ◽

2020 ◽

Author(s):

Che-Chun Hu ◽

Tzung-Han Jeng ◽

Yi-Ming Chen

Keyword(s):

Malware Analysis ◽

Android Malware

Download Full-text

Malware Analysis Platform Based on Secondary Development of Xen

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.530-531.865 ◽

2014 ◽

Vol 530-531 ◽

pp. 865-868

Author(s):

Jin Rong Bai ◽

Guo Zhong Zou ◽

Shi Guang Mu

Keyword(s):

Program Analysis ◽

Secondary Development ◽

Malware Analysis ◽

Similar System ◽

Execution Trace ◽

Tracking Ability ◽

Automated Platform ◽

Analysis Platform ◽

Analysis Environment ◽

As If

The API calls reflect the functional levels of a program, analysis of the API calls would lead to an understanding of the behavior of the malware. Malware analysis environment has been widely used, but some malware already have the anti-virtual, anti-debugging and anti-tracking ability with the evolution of the malware. These analysis environments use a combination of API hooking and/or API virtualization, which are detectable by malware running at the same privilege level. In this work, we develop the fully automated platform to trace the native API calls based on secondary development of Xen and have obtained the most transparent and similar system to a Windows OS as possible in order to obtain an execution trace of a program as if it was run in an environment with no tracer present. In contrast to other approaches, the hardware-assisted nature of our approach implicitly avoids many shortcomings that arise from incomplete or inaccurate system emulation.

Download Full-text

Android Malware Analysis Using Machine Learning Classifiers

Algorithms for Intelligent Systems - Proceedings of International Conference on Computational Intelligence and Emerging Power System ◽

10.1007/978-981-16-4103-9_15 ◽

2021 ◽

pp. 171-179

Author(s):

Sakshi Jain ◽

Tarul Khandelwal ◽

Yash Jain ◽

Jyoti Gajrani

Keyword(s):

Machine Learning ◽

Malware Analysis ◽

Android Malware ◽

Machine Learning Classifiers ◽

Learning Classifiers

Download Full-text

Critical Infrastructures: The Operational Environment in Cases of Severe Disruption

Sustainability ◽

10.3390/su11030838 ◽

2019 ◽

Vol 11 (3) ◽

pp. 838 ◽

Cited By ~ 4

Author(s):

Ossi Heino ◽

Annina Takala ◽

Pirjo Jukarainen ◽

Joanna Kalalahti ◽

Tuula Kekki ◽

...

Keyword(s):

Emergency Services ◽

Critical Infrastructure ◽

Service Providers ◽

Terrorist Attack ◽

Critical Infrastructures ◽

Operational Environment ◽

Electricity Grid ◽

Operational Conditions ◽

Key Stakeholders ◽

Administrative Structures

The functioning and resilience of modern societies have become more and more dependent on critical infrastructures. Severe disturbance to critical infrastructure is likely to reveal chaotic operational conditions, in which infrastructure service providers, emergency services, police, municipalities, and other key stakeholders must act effectively to minimize damages and restore normal operations. This paper aims to better understand this kind of operational environment resulting from, for example, a terrorist attack. It emphasizes mutual interdependencies among key stakeholders in such situations. The empirical contribution is based on observations from a workshop, in which participants representing the critical services and infrastructures in Finland discussed in thematic groups. Two scenarios guided the workshop discussions; nationwide electricity grid disruption and presumably intentionally contaminated water supply in a city. The results indicate that more attention should be paid to the interdependencies between critical infrastructures, as well as to the latent vulnerabilities hidden inside the systems. Furthermore, producing security seems to require continuous interaction and creation of meanings between extremely different actors and logics. This implies a need for changes in thinking, particularly concerning the ability to define problems across conventional administrative structures, geographical boundaries and conferred powers.

Download Full-text

Operationalising resilience for disaster medicine practitioners: capability development through training, simulation and reflection

Cognition Technology & Work ◽

10.1007/s10111-019-00587-y ◽

2019 ◽

Vol 22 (3) ◽

pp. 667-683

Author(s):

Jonas Hermelin ◽

Kristofer Bengtsson ◽

Rogier Woltjer ◽

Jiri Trnka ◽

Mirko Thorstensson ◽

...

Keyword(s):

Cognitive Skills ◽

Safety Management ◽

Critical Infrastructure ◽

Disaster Medicine ◽

Development Programme ◽

The Body ◽

Operational Environment ◽

Capability Development ◽

Educational Training

Abstract Resilience has in recent decades been introduced as a term describing a new perspective within the domains of disaster management and safety management. Several theoretical interpretations and definitions of the essence of resilience have been proposed, but less work has described how to operationalise resilience and implement the concept within organisations. This case study describes the implementation of a set of general resilience management guidelines for critical infrastructure within a Swedish Regional Medical Command and Control Team. The case study demonstrates how domain-independent guidelines can be contextualised and introduced at an operational level, through a comprehensive capability development programme. It also demonstrates how a set of conceptual and reflective tools consisting of educational, training and exercise sessions of increasing complexity and realism can be used to move from high-level guidelines to practice. The experience from the case study demonstrates the value of combining (1) developmental learning of practitioners’ cognitive skills through resilience-oriented reflection and interaction with dynamic complex open-ended problems; (2) contextualisation of generic guidelines as a basis for operational methodological support in the operational environment; and (3) the use of simulation-based training as part of a capability development programme with increasing complexity and realism across mixed educational, training and exercise sessions. As an actual example of a resilience implementation effort in a disaster medicine management organisation, the study contributes to the body of knowledge regarding how to implement the concept of resilience in operational practice.

Download Full-text

Modal-based vibrothermography using feature extraction with application to composite materials

Structural Health Monitoring ◽

10.1177/1475921719872415 ◽

2019 ◽

Vol 19 (4) ◽

pp. 967-986 ◽

Cited By ~ 3

Author(s):

Xintian Chi ◽

Dario Di Maio ◽

Nicholas AJ Lieven

Keyword(s):

Feature Extraction ◽

Composite Materials ◽

Damage Detection ◽

Infrared Camera ◽

Experimental Tests ◽

Detection Algorithm ◽

Modal Testing ◽

Theoretical Development ◽

Operational Environment ◽

Practical Applications

This research focuses on the development of a damage detection algorithm based on modal testing, vibrothermography, and feature extraction. The theoretical development of mathematical models is presented to illustrate the principles supporting the associated algorithms, through which the importance of the three components contributing to this approach is demonstrated. Experimental tests and analytical simulations have been performed in laboratory conditions to show that the proposed damage detection algorithm is able to detect, locate, and extract the features generated due to the presence of sub-surface damage in aerospace grade composite materials captured by an infrared camera. Through tests and analyses, the reliability and repeatability of this damage detection algorithm are verified. In the concluding observations of this article, suggestions are proposed for this algorithm’s practical applications in an operational environment.

Download Full-text