Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

Study on Prevention and Solution of Ransomware Attack

The development of science and technology in this era brought many advantages for peoples, organizations, enterprises, and companies merely a lot of cyber threats are occurring nowadays. Ransomware is one of the families of malicious software that spread quickly and cause a critical impact around the world. Ransomware attacks the victim by infecting the malicious file into the device; they will encrypt and deny the victim to access it. A ransom demand message will prompt the user so that they will gain the money anonymously. The victims are only allowed to access after pay the demand using crypto-currencies such as Bitcoin. There is a lot of reason that cause the ransomware attack around the world, for example, the vulnerability of the system. Otherwise, the weaknesses of security knowledge also become one of the causes. However, many preventions allow the user to avoid the ransomware propagate but the system is not fully free from the ransomware attack. Thus, a lot of solutions are giving out by the researcher to overcome the problem after the attack.

Blockchain Technology for Management of Intangible Cultural Heritage

With the development of information technology and network technology, digital archive management systems have been widely used in archive management. Different from the inherent uniqueness and strong tamper-proof modification of traditional paper archives, electronic archives are stored in centralized databases which face more risks of network attacks, data loss, or stealing through malicious software and are more likely to be forged and tampered by internal managers or external attackers. The management of intangible cultural heritage archives is an important part of intangible cultural heritage protection. Because intangible heritage archives are different from traditional official archives, traditional archive management methods cannot be fully applied to intangible heritage archives’ management. This study combines the characteristics of blockchain technology with distributed ledgers, consensus mechanisms, encryption algorithms, etc., and proposes intangible cultural heritage file management based on blockchain technology for the complex, highly dispersed, large quantity, and low quality of intangible cultural heritage files. Optimizing methods, applying blockchain technology to the authenticity protection of electronic archives and designing and developing an archive management system based on blockchain technology, help to solve a series of problems in the process of intangible cultural heritage archives management.

Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

A Study on Hazards of Computer Viruses

Computer use is becoming part of our lives every other day however there have been considerable threats of computer viruses in the recent past. Viruses have had adverse effects on data and programs ranging from formatting hard disks, damaging information infrastructure, suddenly restarting machines, deleting or modifying data and in some cases mild effects such as slowing down machines or producing irritating sounds. Viruses have been a major cause for worry especially with the advances in data processing, storage and movement of information technologically. Many computer users and organizations especially the computer intensive organizations have had to invest heavily in dealing with viruses particularly those organizations running the windows platform. These computer viruses have been defined by their characteristics of entry and multiplication without the user’s notice as well as diverting the normal functioning of the computer. This paper seeks to define a virus and explain its related terms such as malicious software, worms, and Trojan horses. It explains vulnerabilities of operating systems in relation to viruses, it makes an observation on strengths of Linux versus Windows, outline the present state of affairs, apart from using anti-virus software, there are other procedures which can help protect against viruses which are also mentioned, the future of computer viruses and the conclusion that the Internet is serving its purpose of interconnecting computer and hence promoting distribution of viruses then makes some recommendations on viruses.

Investigating Malware Propagation and Behaviour Using System and Network Pixel-Based Visualisation

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attacks that resulted in major financial damages to many businesses and institutions. Understanding the characteristics of such malware, including how malware can propagate and interact between systems and networks is key for mitigating these threats and containing the infection to avoid further damage. In this study, we present visualisation techniques for understanding the propagation characteristics in dynamic malware analysis. We propose the use of pixel-based visualisations to convey large-scale complex information about network hosts in a scalable and informative manner. We demonstrate our approach using a virtualised network environment, whereby we can deploy malware variants and observe their propagation behaviours. As a novel form of visualising system and network activity data across a complex environment, we can begin to understand visual signatures that can help analysts identify key characteristics of the malicious behaviours, and, therefore, provoke response and mitigation against such attacks.

Technology of key feature identification s in malware API calls sequences

Today, almost everyone is faced with computer security problems in one or another way. Antivirus programs are used to control threats to the security of malicious software. Conventional methods for detecting malware are no longer effective enough; nowadays, neural networks and behavioral analysis technology have begun to be used for these purposes. Analyzing the behavior of programs is a difficult task, since there is no clear sequence of actions to accurately identify a program as malicious. In addition, such programs use measures to resist such detection, for example, noise masking the sequence of their work with meaningless actions. There is also the problem of uniquely identifying the class of malware due to the fact that malware can use similar methods, while being assigned to different classes. In this paper, it is proposed to use NLP methods, such as word embedding, and LDA in relation to the problems of analyzing malware API calls sequences in order to reveal the presence of semantic dependencies and assess the effectiveness of the application of these methods. The results obtained indicate the possibility of identifying the key features of malware behavior, which in the future will significantly improve the technology for detecting and identifying such programs.

Development of the malware detection model based on an analysis of API request sequences

Анализ актуальности существующих работ по изучению нейросетевых алгоритмов обнаружения вредоносного программного обеспечения позволил определить оптимальный подход к решению задачи распознавания вирусов. Был сформирован набор данных, содержащий последовательности системных запросов для 2083 исполняемых файлов. Обучение модели рекуррентной нейронной сети на полученном наборе данных позволило получить классификатор с точностью распознавания вредоносных программ 97,6%. Ключевой аспект значимости работы заключается в практической ориентированности исследования - полученная модель будет применена в качестве компонента системы комплексного анализа вредоносного программного обеспечения. An analysis of the relevance of existing works on the study of neural network algorithms for detecting malicious software made it possible to determine the optimal approach to solving the problem of virus recognition. A dataset has been generated containing sequences of system requests for 2083 executable files. Training the recurrent neural network model on the generated dataset made it possible to obtain a classifier with a malware recognition accuracy of 97.6%. The key aspect of the significance of the work lies in the practical orientation of the research - the resulting model will be applied as a component of a system for complex analysis of malicious software.