scholarly journals Platform-Independent Malware Analysis Applicable to Windows and Linux Environments

Electronics ◽  
2020 ◽  
Vol 9 (5) ◽  
pp. 793
Author(s):  
Chanwoong Hwang ◽  
Junho Hwang ◽  
Jin Kwak ◽  
Taejin Lee
Keyword(s):  
Operating System ◽  
Binary Data ◽  
Continuous Operation ◽  
Experimental Results ◽  
Malware Analysis ◽  
Malicious Codes ◽  
Iot Devices

Most cyberattacks use malicious codes, and according to AV-TEST, more than 1 billion malicious codes are expected to emerge in 2020. Although such malicious codes have been widely seen around the PC environment, they have been on the rise recently, focusing on IoT devices such as smartphones, refrigerators, irons, and various sensors. As is known, Linux/embedded environments support various architectures, so it is difficult to identify the architecture in which malware operates when analyzing malware. This paper proposes an AI-based malware analysis technology that is not affected by the operating system or architecture platform. The proposed technology works intuitively. It uses platform-independent binary data rather than features based on the structured format of the executable files. We analyzed the strings from binary data to classify malware. The experimental results achieved 94% accuracy on Windows and Linux datasets. Based on this, we expect the proposed technology to work effectively on other platforms and improve through continuous operation/verification.

Platform Independent Analysis of Probabilities on Multithreaded Programs

2013 ◽  
Vol 1 (3) ◽  
pp. 48-65
Author(s):  
Yuting Chen
Keyword(s):  
Operating System ◽  
Static Analysis ◽  
Main Idea ◽  
Experimental Results ◽  
Machine To Machine ◽  
Concurrent Program ◽  
Acceptable Accuracy ◽  
Multithreaded Programs ◽  
Independent Analysis ◽  
And Performance

A concurrent program is intuitively associated with probability: the executions of the program can produce nondeterministic execution program paths due to the interleavings of threads, whereas some paths can always be executed more frequently than the others. An exploration of the probabilities on the execution paths is expected to provide engineers or compilers with support in helping, either at coding phase or at compile time, to optimize some hottest paths. However, it is not easy to take a static analysis of the probabilities on a concurrent program in that the scheduling of threads of a concurrent program usually depends on the operating system and hardware (e.g., processor) on which the program is executed, which may be vary from machine to machine. In this paper the authors propose a platform independent approach, called ProbPP, to analyzing probabilities on the execution paths of the multithreaded programs. The main idea of ProbPP is to calculate the probabilities on the basis of two kinds of probabilities: Primitive Dependent Probabilities (PDPs) representing the control dependent probabilities among the program statements and Thread Execution Probabilities (TEPs) representing the probabilities of threads being scheduled to execute. The authors have also conducted two preliminary experiments to evaluate the effectiveness and performance of ProbPP, and the experimental results show that ProbPP can provide engineers with acceptable accuracy.

KylinX

2021 ◽  
Vol 37 (1--4) ◽  
pp. 1-27
Author(s):  
Yiming Zhang ◽  
Chengfei Zhang ◽  
Yaozheng Wang ◽  
Kai Yu ◽  
Guangtao Xue ◽  
...  
Keyword(s):  
Operating System ◽  
Virtual Machine ◽  
Web Server ◽  
Experimental Results ◽  
Similar Performance ◽  
Dynamic Mapping ◽  
Memory Footprint ◽  
Dynamic Library ◽  
High Flexibility

Unikernel specializes a minimalistic LibOS and a target application into a standalone single-purpose virtual machine (VM) running on a hypervisor, which is referred to as (virtual) appliance . Compared to traditional VMs, Unikernel appliances have smaller memory footprint and lower overhead while guaranteeing the same level of isolation. On the downside, Unikernel strips off the process abstraction from its monolithic appliance and thus sacrifices flexibility, efficiency, and applicability. In this article, we examine whether there is a balance embracing the best of both Unikernel appliances (strong isolation) and processes (high flexibility/efficiency). We present KylinX, a dynamic library operating system for simplified and efficient cloud virtualization by providing the pVM (process-like VM) abstraction. A pVM takes the hypervisor as an OS and the Unikernel appliance as a process allowing both page-level and library-level dynamic mapping. At the page level, KylinX supports pVM fork plus a set of API for inter-pVM communication (IpC, which is compatible with conventional UNIX IPC). At the library level, KylinX supports shared libraries to be linked to a Unikernel appliance at runtime. KylinX enforces mapping restrictions against potential threats. We implement a prototype of KylinX by modifying MiniOS and Xen tools. Extensive experimental results show that KylinX achieves similar performance both in micro benchmarks (fork, IpC, library update, etc.) and in applications (Redis, web server, and DNS server) compared to conventional processes, while retaining the strong isolation benefit of VMs/Unikernels.

Windows Malware Detection Method Based on the Path IRP

2014 ◽  
Vol 687-691 ◽  
pp. 2626-2629
Author(s):  
Fu Yong Zhang
Keyword(s):  
Operating System ◽  
Positive Selection ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Method ◽  
Malware Detection ◽  
Experimental Results ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Request Sequence

Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.

scholarly journals Measurement of the Parameters of Multiple Sinusoids Based on Binary Data

2021 ◽  
Author(s):  
Paolo Carbone
Keyword(s):  
Binary Data ◽  
Threshold Level ◽  
Experimental Results ◽  
Peak Amplitude ◽  
Theoretical Simulation ◽  
Simulation Based ◽  
Measurement Results ◽  
Sinusoidal Signals ◽  
The One

<p>This paper introduces a novel procedure for quick estimation of the parameters of a sum of sinusoidal signals based on one-bit measurements. Amplitude, phases and, frequencies of the signal components are assumed unknown, as well as the threshold level of the comparator used to produce measurement results. To provide enough information at the one-bit quantizer input, a sinewave is assumed to dither one of the two comparator's inputs. To ease the procedure's application, only the peak-to-peak amplitude of this dither signal is assumed known. Theoretical, simulation-based and experimental results validate the presented approach.</p>

scholarly journals A Game-Based Scheme for Resource Purchasing and Pricing in MEC for Internet of Things

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Yajing Leng ◽  
Ming Wang ◽  
Bowen Ma ◽  
Ying Chen ◽  
Jiwei Huang
Keyword(s):  
Internet Of Things ◽  
Stackelberg Game ◽  
Incentive Compatibility ◽  
Experimental Results ◽  
Stackelberg Equilibrium ◽  
Optimal Solutions ◽  
Challenging Problem ◽  
Simulation Experiments ◽  
Iot Devices ◽  
The Individual

Mobile edge computing (MEC) is emerging as a promising paradigm to support the applications of Internet of Things (IoT). The edge servers bring computing resources to the edge of the network, so as to meet the delay requirements of the IoT devices’ service requests. At the same time, the edge servers can gain profit by leasing computing resources to IoT users and realize the allocation of computing resources. How to determine a reasonable resource leasing price for the edge servers and how to determine the number of resource purchased by users with different needs is a challenging problem. In order to solve the problem, this paper proposes a game-based scheme for resource purchasing and pricing aiming at maximizing user utility and server profit. The interaction between users and the edge servers is modeled based on Stackelberg game theory. The properties of incentive compatibility and envy freeness are theoretically proved, and the existence of Stackelberg equilibrium is also proved. A game-based user resource purchasing algorithm called GURP and a game-based server resource pricing algorithm called GSRP are proposed. It is theoretically proven that solutions of the proposed algorithms satisfy the individual rationality property. Finally, simulation experiments are carried out, and the experimental results show that the GURP algorithm and the GSRP algorithm can quickly converge to the optimal solutions. Comparison experiments with the benchmark algorithms are also carried out, and the experimental results show that the GURP algorithm and the GSRP algorithm can maximize user utility and server profit.

scholarly journals Performance evaluation of relational embedded databases: an empirical study

2018 ◽  
Vol 6 (1) ◽  
pp. 1-8
Author(s):  
Hassan B. Hassan ◽  
Qusay I. Sarham
Keyword(s):  
Performance Evaluation ◽  
Database Management System ◽  
Experimental Results ◽  
Operational Performance ◽  
Embedded Devices ◽  
Wide Range ◽  
Iot Devices ◽  
Data Updating ◽  
Rapid Deployment ◽  
Embedded Databases

Introduction: With the rapid deployment of embedded databases across a wide range of embedded devices such as mobile devices, Internet of Things (IoT) devices, etc., the amount of data generated by such devices is also growing increasingly. For this reason, the performance is considered as a crucial criterion in the process of selecting the most suitable embedded database management system to be used to store/retrieve data of these devices. Currently, many embedded databases are available to be utilized in this context. Materials and Methods: In this paper, four popular open-source relational embedded databases; namely, H2, HSQLDB, Apache Derby, and SQLite have been compared experimentally with each other to evaluate their operational performance in terms of creating database tables, retrieving data, inserting data, updating data, deleting data. Results and Discussion: The experimental results of this paper have been illustrated in Table 4. Conclusions: The experimental results and analysis showed that HSQLDB outperformed other databases in most evaluation scenarios.

scholarly journals Subcarrier-Sniffer:CSI-based Subcarrier-Level Spectrum Sensing Algorithm

2019 ◽  
Author(s):  
Zhenjiang Tan ◽  
Zheng Lu ◽  
Hongyu Sun
Keyword(s):  
Spectrum Sensing ◽  
Channel State Information ◽  
Spectrum Sharing ◽  
Smart Homes ◽  
Experimental Results ◽  
Spectrum Utilization ◽  
Channel State ◽  
State Information ◽  
Level Spectrum ◽  
Iot Devices

Abstract: As the massive deployment of the heterogeneous IoT devices in the coexisting environment such as smart homes,Traditional channel-based spectrum sharing algorithms such as CSMA has great limitations to further optimize spectrum utilization. Therefore, exploring more efficient spectrum sensing algorithm becomes hot topic these years. This paper proposes Subcarrier-Sniffer, which utilizes Channel State Information (CSI) to sense the subcarrier-level detailed status of the spectrum. In order to evaluate the performance of Subcarrier-Sniffer, we implemented Subcarrier-Sniffer by USRP B200min, and the experimental results show that when the distance between Subcarrier-Sniffer and the monitored devices is not great than 7 m, the accuracy of subcarrier-level spectrum sensing could achieve 100% in our settings.

Alleviating the Thrashing by Adding Medium- Term Scheduler

2010 ◽  
pp. 118-136
Author(s):  
Moses Reuven ◽  
Yair Wiseman
Keyword(s):  
Operating System ◽  
Approximation Algorithms ◽  
Shared Memory ◽  
Bin Packing ◽  
Memory Capacity ◽  
Substantial Improvement ◽  
Experimental Results ◽  
Memory Usage ◽  
Medium Term ◽  
Short Term

A technique for minimizing the paging on a system with a very heavy memory usage is proposed. When there are processes with active memory allocations that should be in the physical memory, but their accumulated size exceeds the physical memory capacity. In such cases, the operating system begins swapping pages in and out the memory on every context switch. The authors lessen this thrashing by placing the processes into several bins, using Bin Packing approximation algorithms. They amend the scheduler to maintain two levels of scheduling - medium-term scheduling and short-term scheduling. The mediumterm scheduler switches the bins in a Round-Robin manner, whereas the short-term scheduler uses the standard Linux scheduler to schedule the processes in each bin. The authors prove that this feature does not necessitate adjustments in the shared memory maintenance. In addition, they explain how to modify the new scheduler to be compatible with some elements of the original scheduler like priority and realtime privileges. Experimental results show substantial improvement on very loaded memories.

Phát hiện mã độc IoT botnet dựa trên đồ thị PSI với mô hình Skip-gram

2020 ◽  
Vol 7 (1) ◽  
pp. 29-36
Author(s):  
Ngô Quốc Dũng ◽  
Lê Văn Hoàng ◽  
Nguyễn Huy Trung
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Network Model ◽  
Neural Network Model ◽  
Experimental Results ◽  
Data Set ◽  
Iot Devices

 Tóm tắt— Trong bài báo này, nhóm tác giả đề xuất một phương pháp phát hiện mã độc IoT botnet dựa trên đồ thị PSI (Printable String Information)  sử dụng mạng nơ-ron tích chập (Convolutional Neural Network - CNN). Thông qua việc phân tích đặc tính của Botnet trên các thiết bị IoT, phương pháp đề xuất xây dựng đồ thị để thể hiện các mối liên kết giữa các PSI, làm đầu vào cho mô hình mạng nơ-ron CNN phân lớp. Kết quả thực nghiệm trên bộ dữ liệu 10033 tập tin ELF gồm 4002 mẫu mã độc IoT botnet và 6031 tập tin lành tính cho thấy phương pháp đề xuất đạt độ chính xác (accuracy) và độ đo F1 lên tới 98,1%. Abstract— In this paper, the authors propose a method for detecting IoT botnet malware based on PSI graphs using Convolutional Neural Network (CNN). Through analyzing the characteristics of Botnet on IoT devices, the proposed method construct the graph to show the relations between PSIs, as input for the CNN neural network model. Experimental results on the 10033 data set of ELF files including 4002 IoT botnet malware samples and 6031 benign files show Accuracy and F1-score up to 98.1%. 

Sign in / Sign up

Export Citation Format

Share Document