A Universal Malicious Documents Static Detection Framework Based on Feature Generalization

In this study, Portable Document Format (PDF), Word, Excel, Rich Test format (RTF) and image documents are taken as the research objects to study a static and fast method by which to detect malicious documents. Malicious PDF and Word document features are abstracted and extended, which can be used to detect other types of documents. A universal static detection framework for malicious documents based on feature generalization is then proposed. The generalized features include specification check errors, the structure path, code keywords, and the number of objects. The proposed method is verified on two datasets, and is compared with Kaspersky, NOD32, and McAfee antivirus software. The experimental results demonstrate that the proposed method achieves good performance in terms of the detection accuracy, runtime, and scalability. The average F1-score of all types of documents is found to be 0.99, and the average detection time of a document is 0.5926 s, which is at the same level as the compared antivirus software.

Lessons of Centralized Procurement of Domestic Office and Antivirus Software in 2019–2020 Years

The article shows effects assessment of procurement process centralisation and centralized purchasing; describes case of centralized procurement of domestic office and antivirus software for federal government bodies; explain advantages and disadvantages; forms recommendations for future centralized procurement.

DOCKING MOLEKULER SENYAWA AKTIF BUAH DAN DAUN JAMBU BIJI (Psidium guajava L.) TERHADAP PROTEIN SARS-CoV-2

Pada akhir 2019, terjadi wabah pneumonia baru berasal dari Wuhan, Provinsi Hubei yang disebabkan oleh virus SARS-CoV-2. Sehingga perlu dilakukan penghambatan protein virus tersebut sebagai salah satu penemuan kandidat obat baru. Tujuan penelitian untuk mencari bahwa senyawa metabolit sekunder yang terdapat dalam pada buah dan daun jambu biji (Psidium guajava L) mempunyai aktivitas sebagai antivirus dengan cara menghambat protein SARS-CoV-2. Metode penambatan molekul (docking molecular) untuk prediksi struktur kompleks senyawa-protein yang dinamakan docking ligan-protein. Penelitian dilakukan dengan cara analisis secara In Silico senyawa metabolit sekunder tanaman jambu biji dan memodelkan interaksi senyawa pada protein SARS-CoV-2 yang berperan sebagai antivirus. Software yang digunakan adalah PLANTS, YASARA, ChemSketch, dan Ligplus. Penelitian diawali dengan validasi internal pada salah satu reseptor SARS-CoV-2 dengan kode protein PDB.ID 6LU7. Proses docking dilakukan terhadap native ligand, senyawa kimia pada tanaman jambu biji, dan senyawa pembanding sebagai kontrol positif. Hasil penelitian menunjukkan bahwa score docking dari tiga senyawa metabolit sekunder terbaik masih lebih tinggi dibandingkan dengan ligan native-nya. Score docking kaemferol, kuersetin dan hyperin adalah -90.399, -92.012 dan -92.231 kkal/mol. Ikatan kompleks dengan ligan native masih lebih stabil (kuat) dibandingkan dengan kompleks antara protein dan senyawa aktif dari Jambu Biji.

Awareness, Adoption, and Misconceptions of Web Privacy Tools

Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires insights into people’s tool awareness and understanding. Towards that end, we conducted a demographically-stratified survey of 500 US participants to measure their use of and perceptions about five web browsing-related tools: private browsing, VPNs, Tor Browser, ad blockers, and antivirus software. We asked about participants’ perceptions of the protections provided by these tools across twelve realistic scenarios. Our thematic analysis of participants’ responses revealed diverse forms of misconceptions. Some types of misconceptions were common across tools and scenarios, while others were associated with particular combinations of tools and scenarios. For example, some participants suggested that the privacy protections offered by private browsing, VPNs, and Tor Browser would also protect them from security threats – a misconception that might expose them to preventable risks. We anticipate that our findings will help researchers, tool designers, and privacy advocates educate the public about privacy- and security-enhancing technologies.

Macro Based Malware Detection System

Macro based Malware has taken a great rise is these recent years, Attackers are now using this malware for hacking purposes. This virus is embedded inside the macro of a word document and can be used to infect the victim’s machine. These infected files are usually sent through emails and all antivirus software are unable to detect the virus due to the format of the file. Due to the format being a rich text file and not an executable file, the infected file is able to bypass all security. Hence it is necessary to develop a detection system for such attacks to help reduce the threat. Technical research is carried out to identify the tools and techniques essential in the completion of this system. Research on methodology is done to finalise which development cycle will be used and how functions will be carried out at each phase of the development cycle. This paper outlines the problems that people face once they are attacked through macro malwares and the way it can be mitigated. Lastly, all information necessary to start the implementation has been gathered and analysed

Malware Detection Based on Code Visualization and Two-Level Classification

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

ANALISIS PERFORMA PERANGKAT LUNAK ANTIVIRUS DENGAN MENGGUNAKAN METODOLOGI PENGUKURAN PERFORMANCE

This research aims to observe the performance of licensed enterprise antivirus software. The company Antivirus researched is Trend Micro Worry-Free Service and Kaspersky Endpoint Security. To get the data done testing on the specified antivirus parameters using the help of tools like Rebooter, BootRacer, Teracopy, Process Explorer and IP Messenger. Testing both antivirus software did as many as 8 parameters are boot time, restart, full scan, copy-paste files and use memory capacity during a full scan or when idle. The results of the data found at random are analyzed with statistical tests using Test T and test F. Tests conducted to indicate there is no significant average score difference from the test result value of 8 antivirus parameters. The result of the T-Test statistical analysis and F-test is that both anti-virus product has the advantages and disadvantages in each of the parameters with the speed of time and memory capacity used. But when calculated as a whole, antivirus Kaspersky Endpoint Security becomes the best antivirus performance.