Memory and Cache Contention Denial-of-Service Attack in Mobile Edge Devices

In this paper, we introduce a memory and cache contention denial-of-service attack and its hardware-based countermeasure. Our attack can significantly degrade the performance of the benign programs by hindering the shared resource accesses of the benign programs. It can be achieved by a simple C-based malicious code while degrading the performance of the benign programs by 47.6% on average. As another side-effect, our attack also leads to greater energy consumption of the system by 2.1× on average, which may cause shorter battery life in the mobile edge devices. We also propose detection and mitigation techniques for thwarting our attack. By analyzing L1 data cache miss request patterns, we effectively detect the malicious program for the memory and cache contention denial-of-service attack. For mitigation, we propose using instruction fetch width throttling techniques to restrict the malicious accesses to the shared resources. When employing our malicious program detection with the instruction fetch width throttling technique, we recover the system performance and energy by 92.4% and 94.7%, respectively, which means that the adverse impacts from the malicious programs are almost removed.

Feature Reduction and Optimization of Malware Detection System Using Ant Colony Optimization and Rough Sets

Malware is a malicious program that can cause a security breach of a system. Malware detection and classification is one of the burning topics of research in information security. Executable files are the major source of input for static malware detection. Machine learning techniques are very efficient in behavioral-based malware detection and need a dataset of malware with different features. In windows, malware can be detected by analyzing the portable executable (PE) files. This work contributes to identifying the minimum feature set for malware detection employing a rough set dependent feature significance combined with Ant Colony Optimization (ACO) as the heuristic-search technique. A malware dataset named claMP with both integrated features and raw features was considered as the benchmark dataset for this work. The analytical results prove that 97.15% and 92.8% data size optimization has been achieved with a minimum loss of accuracy for claMP integrated and raw datasets, respectively.

Malware Classification Using Simhash Encoding and PCA (MCSP)

Malware is any malicious program that can attack the security of other computer systems for various purposes. The threat of malware has significantly increased in recent years. To protect our computer systems, we need to analyze an executable file to decide whether it is malicious or not. In this paper, we propose two malware classification methods: malware classification using Simhash and PCA (MCSP), and malware classification using Simhash and linear transform (MCSLT). PCA uses the symmetrical covariance matrix. The former method combines Simhash encoding and PCA, and the latter combines Simhash encoding and linear transform layer. To verify the performance of our methods, we compared them with basic malware classification using Simhash and CNN (MCSC) using tanh and relu activation. We used a highly imbalanced dataset with 10,736 samples. As a result, our MCSP method showed the best performance with a maximum accuracy of 98.74% and an average accuracy of 98.59%. It showed an average F1 score of 99.2%. In addition, the MCSLT method showed better performance than MCSC in accuracy and F1 score.

Pengamanan Sistem Informasi Melalui Enkripsi Data

In the era of information -based society information is one of the very important economic resources. the ability to access and profide information quickly and accurately becomes very essential for organization, whether in the form of commercial organizations or non profit organizations. the value ao an information leads to the desired information is often can only be accessed by certain people. therefore, security issue is an important aspect within information system. the develoment of information technology especially in data communications generate information system more vlnerable to various types of threats that can damage the system or data.threats can come from the hacker attack sand malicious program smade up of trap doors, logic bombs, trojan horses and viruses. therefore, information management that to provide security system that can be used in encriyption, which is aprocess to secure a message(called plain text) into a hiden mesagge (called cipher text). Ciphertext is a message that is not readabl. Encryptionis used to encrypt the data or information that cannot be read by unauthorized people. by encrypting, the data is encoded using a key. to open (decrypt) the data, a key is needed which can be the same as the key to encrypt ( for the case of private key Cryptography based information system security) or with a different key (for the case of public key cryptography). Implementation of data Encryptionis expected to provide data and system security that covers confidentiality integrity and availability.

RRR Concept and unknown Facts of Ransomware

Ransomware is the word which is very popular nowadays. Ransomware is a malicious program that infects the device once it gets into and cannot decrypt the data until the key is provided by the hacker. Ransomware not only forbids the access but also infect the network, where it is communicating with, by encrypting the content that is located on mapped and unmapped network drives where the whole organization networks falls down. In Ransomware various families exist like Cryptoworm, Raas and many. This Ransomware Target is mainly on corporates for beneficial profits. Cryptocurrency is one of the enabling factors of Ransomware. In 2019 according to research work Ransomware raised because of phishing emails and smshing to 109 percent over 2017. Ransomware detections in the first half of the year were up 77% compared to the latter half of 2018. Around 851 million Ransomware contagious activities happened in 2018. 34% of corporates came across with this malware and took months or more to recover back and to access their own data. The algorithms that are used by the Ransomware is very complex which cannot be understood by the normal users. This article is to share research findings about Ransomware, some unknown facts where exactly how Ransomware is growing, and also Restrict Recognize React concept (RRR concept) of Ransomware which is mainly for avoiding Ransomware. Restricting is the measures that as to be carried out for avoiding the Ransomware, Recognize is for identifying the Ransomware if device is infected with it, React is mainly responding to the attack to get rid of Ransomware.

Ransomware Evolution, Growth and Recommendation for Detection

Ransomware is a malicious program that can affect any person or organization. Ransomware is a complicated malicious attack that aims at lock or encrypt user files. Up to this date, there is no individual method, tool, which guarantee to protect against ransomware. Most tools available can detect some types of ransomware but it fails to detect other types of ransomware. In this research author talks about several methods, tools, procedures which can be taken to reduce the possibility of ransomware occurrences. Up to this moment, the main methods used by attacker to infect your machine are malicious emails and malicious links. After analyzing several reports written by some anti-viruses’ company such as Kaspersky ,McAfee, and several researches which talks about ransomware, author conclude two points: first point, educating users, following up a strict security policy, procedures and backup strategies are the best methods which can be taken to minimize the possibility of ransomware. second point, future methods to detect ransomware mainly will be based on artificial intelligence.

A Survey on Artificial Intelligence in Malware as Next-Generation Threats

Recent developments in Artificial intelligence (AI) have a vast transformative potential for both cybersecurity defenders and cybercriminals. Anti-malware solutions adopt intelligent techniques to detect and prevent threats to the digital space. In contrast, cybercriminals are aware of the new prospects too and will probably try to use it in their activities. This survey aims at providing an overview on the way artificial intelligence can be used to power a malicious program that is: intelligent evasion techniques, autonomous malware, AI against itself, and applying bio-inspired computation and swarm intelligence.

Method for Assessing Effectiveness of Protection of Electronic Document Management using the Petri and Markov Nets Apparatus

Traditional approaches to assessing the effectiveness of information security, based on a comparison of the possibilities of realizing threats to information security in absence and application of protection measures, do not allow to analyze the dynamics of suppression by security measures of the process of implementing threats. The paper proposes a new indicator of the effectiveness of protection of electronic documents, aimed at assessing the possibility of advancing security measures of the process of implementing threats in electronic document management systems using the probability-time characteristics of the dynamics of the application of protection measures and the implementation of threats to electronic documents. Mathematical models were developed using the Petri-Markov network apparatus and analytical relationships were obtained for calculating the proposed indicator using the example of the "traffic tunneling" threat (placing intruder packets in trusted user packets) and unauthorized access (network attacks) to electronic documents, as well as the threat of intrusion of malicious program by carrying out an "blind IP spoofing" attack (network address spoofing). Examples of calculating the proposed indicator and graphs of its dependence on the probability of detecting network attacks by the intrusion detection system and on the probability of malware detection by the anti-virus protection system are given. Quantitative dependencies are obtained for the effectiveness of protection of electronic documents due to being ahead of protection measures for threat realization processes, both on the probability of detecting an intrusion or the probability of detecting a malicious program, and on the ratio of the time spent by the protection system on detecting an attempt to implement a threat and taking measures to curb its implementation, and threat implementation time. Models allow not only to evaluate the effectiveness of measures to protect electronic documents from threats of destruction, copying, unauthorized changes, etc., but also to quantify the requirements for the response time of adaptive security systems to detectable actions aimed at violating the security of electronic documents, depending on the probability -temporal characteristics of threat realization processes, to identify weaknesses in protection systems related to the dynamics of threat realization and the reaction of defense systems to such threats electronic document.

Heterogeneous Graph Matching Networks for Unknown Malware Detection

Information systems have widely been the target of malware attacks. Traditional signature-based malicious program detection algorithms can only detect known malware and are prone to evasion techniques such as binary obfuscation, while behavior-based approaches highly rely on the malware training samples and incur prohibitively high training cost. To address the limitations of existing techniques, we propose MatchGNet, a heterogeneous Graph Matching Network model to learn the graph representation and similarity metric simultaneously based on the invariant graph modeling of the program's execution behaviors. We conduct a systematic evaluation of our model and show that it is accurate in detecting malicious program behavior and can help detect malware attacks with less false positives. MatchGNet outperforms the state-of-the-art algorithms in malware detection by generating 50% less false positives while keeping zero false negatives.

What Is This Sensor and Does This App Need Access to It?

Mobile sensors have already proven to be helpful in different aspects of people’s everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors results in a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users and makes the task of sensor management more complex. In this paper, first, we discuss the issues around the security and privacy of mobile sensors. We investigate the available sensors on mainstream mobile devices and study the permission policies that Android, iOS and mobile web browsers offer for them. Second, we reflect the results of two workshops that we organized on mobile sensor security. In these workshops, the participants were introduced to mobile sensors by working with sensor-enabled apps. We evaluated the risk levels perceived by the participants for these sensors after they understood the functionalities of these sensors. The results showed that knowing sensors by working with sensor-enabled apps would not immediately improve the users’ security inference of the actual risks of these sensors. However, other factors such as the prior general knowledge about these sensors and their risks had a strong impact on the users’ perception. We also taught the participants about the ways that they could audit their apps and their permissions. Our findings showed that when mobile users were provided with reasonable choices and intuitive teaching, they could easily self-direct themselves to improve their security and privacy. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.