Ransomware Detection Based On Opcode Behavior Using K-Nearest Neighbors Algorithm

Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating howransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect theransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) asan extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcodesequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN)algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ransomware.The proposed ransomware detection method considers the closest distance to a previously identifiedransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracyof 98.86% for 1-gram opcode and using 1-NN classifier.

Synthesis and Analysis of Three-Port DC/DC Converters with Two Bidirectional Ports Based on Power Flow Graph Technique

This paper presents a systematic topological study to derive all possible basic and non-isolated three-port converters (TPCs) using power flow diagrams. Unlike most reported TPCs with one bidirectional port, this paper considers up to two bidirectional ports and provides a comprehensive analytical tool. This tool acts as a framework for all power flow combinations, selection, and design. Some viable converter configurations have been identified and selected for further analysis.

Using the Context-Sensitive Policy Mechanism for Building Data Acquisition Systems in Large Scale Distributed Cyber-Physical Systems Built on Fog Computing Platforms

The article deals with the use of context-sensitive policies in the building of data acquisition systems in large scale distributed cyber-physical systems built on fog computing platforms. It is pointed out that the distinctive features of modern cyber-physical systems are their high complexity and constantly changing structure and behavior, which complicates the data acquisition procedure. To solve this problem, it is proposed to use an approach according to which the data acquisition procedure is divided into two phases: model construction and data acquisition, which allows parallel realization of these procedures. A distinctive feature of the developed approach is that the models are built in runtime automatically. As a top-level model, a multi-level relative finite state operational automaton is used. The automaton state is described using a multi-level structural-behavioral model, which is a superposition of four graphs: the workflow graph, the data flow graph, the request flow graph and the resource graph. To implement the data acquisition procedure using the model, the context-sensitive policy mechanism is used. The article discusses possible approaches to implementation of suggested mechanisms and describes an example of application.

Hierarchical Attention Graph Embedding Networks for Binary Code Similarity against Compilation Diversity

Binary code similarity comparison is the technique that determines if two functions are similar by only considering their compiled form, which has many applications, including clone detection, malware classification, and vulnerability discovery. However, it is challenging to design a robust code similarity comparison engine since different compilation settings that make logically similar assembly functions appear to be very different. Moreover, existing approaches suffer from high-performance overheads, lower robustness, or poor scalability. In this paper, a novel solution HBinSim is proposed by employing the multiview features of the function to address these challenges. It first extracts the syntactic and semantic features of each basic block by static analysis. HBinSim further analyzes the function and constructs a syntactic attribute control flow graph and a semantic attribute control flow graph for each function. Then, a hierarchical attention graph embedding network is designed for graph-structured data processing. The network model has a hierarchical structure that mirrors the hierarchical structure of the function. It has three levels of attention mechanisms applied at the instruction, basic block, and function level, enabling it to attend differentially to more and less critical content when constructing the function representation. We conduct extensive experiments to evaluate its effectiveness and efficiency. The results show that our tool outperforms the state-of-the-art binary code similarity comparison tools by a large margin against compilation diversity clone searching. A real-world vulnerabilities search case further demonstrates the usefulness of our system.

Analysis of Liquid Crystal Tunable Thin-Film Optical Filters Using Signal Flow Graph Technique

In this paper, a liquid crystal tunable thin-film optical bandpass filter is studied and analyzed using the signal flow graph technique. This paper investigates an exact form for calculating the transmission coefficients, reflection coefficients, and the transmission intensity of the filter. The simulation results show the filter performance and the channel shape profile. In addition, the results show the tuning capability of the filter. The signal flow graph technique provides an attractive method for analyzing the thin-film optical filters since it overcomes the difficulty of the refractive index concept in extending to optical applications. Moreover, it simplifies the filter analysis and design process.