DOCSLIB.ORG

Classifying Advanced Malware Into Families Based on Instruction Link Analysis Alsa Tabatabaei

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Classifying Advanced Malware Into Families Based on Instruction Link Analysis Alsa Tabatabaei i i Classifying Advanced Malware into Families based on Instruction Link Analysis Alsa Tabatabaei School of Computing, Science, and Engineering University of Salford Manchester, UK Submitted in Partial Fulfilment of the Requirements of the Degree Master of Philosophy, 2018 i ` i i Table of Contents Table of Contents ..................................................................................................................................... i Acknowledgement...................................................................................................................................... xi Declaration ................................................................................................................................................ xii Abstract .................................................................................................................................................... xiii Chapter One ................................................................................................................................................ 1 1 Overview ............................................................................................................................................ 1 1.1 Background .................................................................................................................................. 1 1.2 Research Problem ........................................................................................................................ 3 1.3 Research Hypothesis.................................................................................................................... 4 1.4 Research Questions...................................................................................................................... 5 1.5 Research Motivation .................................................................................................................... 6 1.6 Research Challenges .................................................................................................................... 6 1.7 Justification, Aims, and Objectives ............................................................................................. 6 1.8 Research Aims ............................................................................................................................. 7 1.9 Research Objectives .................................................................................................................... 7 1.10 Significant of the Study ............................................................................................................... 8 1.11 Research Scope and Limitations .................................................................................................. 8 1.12 Research Methodology and Research Methods........................................................................... 8 1.12.1 Research Methodology ......................................................................................................... 8 i ` i i 1.12.2 Research Methods .............................................................................................................. 10 1.13 Research Overview and Structure ............................................................................................. 11 Chapter Two .............................................................................................................................................. 12 Related Literature Review......................................................................................................................... 12 2 Overview .......................................................................................................................................... 12 2.1 Characterisation of Malware ..................................................................................................... 12 2.2 Understanding Advanced Malware ........................................................................................... 13 2.2.1 Understanding Advanced Persistent Threats (APTs) ......................................................... 14 2.3 An Overview of Static and Dynamic Analysis .......................................................................... 15 2.4 Machine Learning (ML) ............................................................................................................ 17 2.4.1 Supervised Machine Learning ............................................................................................ 20 2.4.2 Unsupervised Machine Learning ....................................................................................... 21 2.5 Data Mining ............................................................................................................................... 23 2.5.1 Association Rule in Data Mining ....................................................................................... 25 2.5.2 Mining Opcode Relevance ................................................................................................. 26 2.6 Analysis to Detect Malware ...................................................................................................... 28 2.7 Techniques over Malware Detection ......................................................................................... 32 2.7.1 Classification of Malware .................................................................................................. 34 2.7.2 Clustering of Malware ........................................................................................................ 35 2.8 Dealing with Advanced Persistent Threats (APT) .................................................................... 36 ii ` i i 2.8.1 Common Techniques to Detect Advanced Persistent Threats (APT) ................................ 36 2.9 Summary and Remarks .............................................................................................................. 37 Chapter Three ............................................................................................................................................ 39 Methodology ............................................................................................................................................. 39 3 Overview .......................................................................................................................................... 39 3.1 Fundamental Techniques and the Proposed Models ................................................................. 39 3.2 Expectation Maximization (EM) Clustering ............................................................................. 42 3.3 K-means and K-medoids Clustering.......................................................................................... 42 3.4 Hierarchical Clustering .............................................................................................................. 43 3.5 Why EM? ................................................................................................................................... 44 3.6 Obtaining and Dealing with Data .............................................................................................. 44 3.6.1 Data Collection ................................................................................................................... 45 3.6.2 Data Preparation ................................................................................................................. 46 3.6.3 Feature Extraction .............................................................................................................. 46 3.6.4 Data Cleaning ..................................................................................................................... 47 3.6.5 Feature Construction .......................................................................................................... 49 3.6.6 Feature Selection ................................................................................................................ 53 Chapter Four ............................................................................................................................................. 54 Design and Implementation of Research Case Studies ............................................................................. 54 4 Overview .......................................................................................................................................... 54 iii ` i i 4.1 Opcode Mining .......................................................................................................................... 54 4.2 Kaggle Case Study..................................................................................................................... 55 4.2.1 Dataset Characteristics and Pre-processing........................................................................ 55 4.2.2 Experimental Set up and Reports ....................................................................................... 56 4.3 APTs Case Study ....................................................................................................................... 67 4.3.1 Dataset Characteristics and Pre-processing........................................................................ 68 4.3.2 Experimental set up and Reports ........................................................................................ 68 4.4 Summary ...................................................................................................................................
Load more

Recommended publications
  • Clones Stick Together
    TVhome The Daily Home April 12 - 18, 2015 Clones Stick Together Sarah (Tatiana Maslany) is on a mission to find the 000208858R1 truth about the clones on season three of “Orphan Black,” premiering Saturday at 8 p.m. on BBC America. The Future of Banking? We’ve Got A 167 Year Head Start. You can now deposit checks directly from your smartphone by using FNB’s Mobile App for iPhones and Android devices. No more hurrying to the bank; handle your deposits from virtually anywhere with the Mobile Remote Deposit option available in our Mobile App today. (256) 362-2334 | www.fnbtalladega.com Some products or services have a fee or require enrollment and approval. Some restrictions may apply. Please visit your nearest branch for details. 000209980r1 2 THE DAILY HOME / TV HOME Sun., April 12, 2015 — Sat., April 18, 2015 DISH AT&T DIRECTV CABLE CHARTER CHARTER PELL CITY PELL ANNISTON CABLE ONE CABLE TALLADEGA SYLACAUGA BIRMINGHAM BIRMINGHAM BIRMINGHAM CONVERSION CABLE COOSA SPORTS WBRC 6 6 7 7 6 6 6 6 AUTO RACING Friday WBIQ 10 4 10 10 10 10 6 p.m. FS1 St. John’s Red Storm at Drag Racing WCIQ 7 10 4 Creighton Blue Jays (Live) WVTM 13 13 5 5 13 13 13 13 Sunday Saturday WTTO 21 8 9 9 8 21 21 21 7 p.m. ESPN2 Summitracing.com 12 p.m. ESPN2 Vanderbilt Com- WUOA 23 14 6 6 23 23 23 NHRA Nationals from The Strip at modores at South Carolina WEAC 24 24 Las Vegas Motor Speedway in Las Gamecocks (Live) WJSU 40 4 4 40 Vegas (Taped) 2 p.m.
    [Show full text]
  • The Perpetuation of Historical Myths in New Orleans Tourism
    University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses Spring 5-31-2021 Don’t Be Myth-taken: The Perpetuation of Historical Myths in New Orleans Tourism Madeleine R. Roach University of New Orleans, [email protected] Follow this and additional works at: https://scholarworks.uno.edu/td Part of the Oral History Commons, Public History Commons, Social History Commons, and the United States History Commons Recommended Citation Roach, Madeleine R., "Don’t Be Myth-taken: The Perpetuation of Historical Myths in New Orleans Tourism" (2021). University of New Orleans Theses and Dissertations. 2902. https://scholarworks.uno.edu/td/2902 This Thesis is protected by copyright and/or related rights. It has been brought to you by ScholarWorks@UNO with permission from the rights-holder(s). You are free to use this Thesis in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights- holder(s) directly, unless additional rights are indicated by a Creative Commons license in the record and/or on the work itself. This Thesis has been accepted for inclusion in University of New Orleans Theses and Dissertations by an authorized administrator of ScholarWorks@UNO. For more information, please contact [email protected]. Don’t Be Myth-taken: The Perpetuation of Historical Myths in New Orleans Tourism A Thesis Submitted to the Graduate Faculty of the University of New Orleans in partial fulfillment of the in the requirements for the degree of Master of Arts in History Public History By Madeleine Roach B.A.
    [Show full text]
  • BUSINESS of PLASTIC SURGERY Navigating a Successful Career Copyright © 2010 by World Scientific Publishing Co
    World Scientific 7339tp.indd 2 5/6/10 4:37:46 PM Published by World Scientific Publishing Co. Pte. Ltd. 5 Toh Tuck Link, Singapore 596224 USA office: 27 Warren Street, Suite 401-402, Hackensack, NJ 07601 UK office: 57 Shelton Street, Covent Garden, London WC2H 9HE British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. THE BUSINESS OF PLASTIC SURGERY Navigating a Successful Career Copyright © 2010 by World Scientific Publishing Co. Pte. Ltd. All rights reserved. This book, or parts thereof, may not be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording or any information storage and retrieval system now known or to be invented, without written permission from the Publisher. For photocopying of material in this volume, please pay a copying fee through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA. In this case permission to photocopy is not required from the publisher. ISBN-13 978-981-4277-29-7 ISBN-10 981-4277-29-0 Illustrations by Heather Furnas Cover design by Max Jaime Korman and Jimmy Low Typeset by Stallion Press Email: [email protected] Printed in Singapore. Shelley - The Business of Plastic Surgery.pmd 1 8/2/2010, 6:17 PM May 6, 2010 13:42 SPI-B902 9in x 6in b902-fm We dedicate this book to all plastic surgeons who are committed to doing the very best for their patients. In today’s world, success is often determined by more than skill and hard work.
    [Show full text]
  • Automated Identification of Bias Inducing Words in News Articles
    Information Processing and Management 58 (2021) 102505 Contents lists available at ScienceDirect Information Processing and Management journal homepage: www.elsevier.com/locate/ipm Automated identification of bias inducing words in news articles using linguistic and context-oriented features Timo Spinde a,b,<, Lada Rudnitckaia a, Jelena Mitrovi¢ c, Felix Hamborg a,e, Michael Granitzer c, Bela Gipp b,e, Karsten Donnay d,e,<< a University of Konstanz, Universitätsstraße 10, DE-78464 Konstanz, Germany b University of Wuppertal, Gaußstraße 20, DE-42119 Wuppertal, Germany c University of Passau, Innstraße 41, DE-94032 Passau, Germany d University of Zurich, Rämistrasse 71 CH-8006 Zürich, Switzerland e Heidelberg Academy of Sciences and Humanities, Germany ARTICLEINFO ABSTRACT MSC: Media has a substantial impact on public perception of events, and, accordingly, the way media 00-01 presents events can potentially alter the beliefs and views of the public. One of the ways in 99-00 which bias in news articles can be introduced is by altering word choice. Such a form of bias Keywords: is very challenging to identify automatically due to the high context-dependence and the lack Media bias of a large-scale gold-standard data set. In this paper, we present a prototypical yet robust and Feature engineering diverse data set for media bias research. It consists of 1,700 statements representing various Text analysis media bias instances and contains labels for media bias identification on the word and sentence Context analysis level. In contrast to existing research, our data incorporate background information on the News analysis Bias data set participants' demographics, political ideology, and their opinion about media in general.
    [Show full text]
  • Less Than Exciting Behaviors Associated with Unneutered
    1 c Less Than Exciting ASPCA Behaviors Associated With Unneutered Male Dogs! Periodic binges of household destruction, digging and scratching. Indoor restlessness/irritability. N ATIONAL Pacing, whining, unable to settle down or focus. Door dashing, fence jumping and assorted escape behaviors; wandering/roaming. Baying, howling, overbarking. Barking/lunging at passersby, fence fighting. Lunging/barking at and fighting with other male dogs. S HELTER Noncompliant, pushy and bossy attitude towards caretakers and strangers. Lack of cooperation. Resistant; an unwillingness to obey commands; refusal to come when called. Pulling/dragging of handler outdoors; excessive sniffing; licking female urine. O UTREACH Sexual frustration; excessive grooming of genital area. Sexual excitement when petted. Offensive growling, snapping, biting, mounting people and objects. Masturbation. A heightened sense of territoriality, marking with urine indoors. Excessive marking on outdoor scent posts. The behaviors described above can be attributed to unneutered male sexuality. The male horomone D testosterone acts as an accelerant making the dog more reactive. As a male puppy matures and enters o adolescence his primary social focus shifts from people to dogs; the human/canine bond becomes g secondary. The limited attention span will make any type of training difficult at best. C a If you are thinking about breeding your dog so he can experience sexual fulfillment ... don’t do it! This r will only let the dog ‘know what he’s missing’ and will elevate his level of frustration. If you have any of e the problems listed above, they will probably get worse; if you do not, their onset may be just around the corner.
    [Show full text]
  • Words and Images Matter NETWORK RESPONSIBILITY INDEX TABLE of CONTENTS
    A COMPREHENSIVE ANALYSIS OF TELEVISION’S LESBIAN, GAY, BISEXUAL, AND TRANSGENDER IMAGES. words and images matter NETWORK RESPONSIBILITY INDEX TABLE OF CONTENTS • TABLE OF CONTENTS TK EXECUTIVE SUMMARY 3 ABC 8 CBS 10 CW 12 FOX 14 NBC 16 ABC FAMILY 18 FX 20 HBO 22 HISTORY 24 MTV 26 SHOWTIME 28 TBS 31 TLC 32 TNT 34 USA 36 MORE CABLE NETWORKS 38 BIOS 41 EXECUTIVE SUMMARY The GLAAD Network Responsibility Index (NRI) is an evaluation of the quantity and quality of images of lesbian, gay, bisexual and transgen- der (LGBT) people on television. It is intended to serve as a road map toward increasing fair, accurate, and inclusive LGBT media representations. GLAAD has seen time and again how images of multi-dimensional gay and transgender people on television have the power to change public percep- tions. The Pulse of Equality Survey, commissioned by GLAAD and conducted by Harris Interactive, confirmed a growing trend toward greater acceptance among the American public. Among the 19% who reported that their feelings toward gay and lesbian people have become more favorable over the past 5 years, 34% cited “seeing gay or lesbian characters on television” as a contrib- uting factor. In fact when Vice President Joe Biden endorsed marriage equality this year, he cited the NBC sitcom Will & Grace as one of the factors that led to a better understanding of the LGBT community by the American public. As diverse LGBT images in the media become more prevalent, the general public becomes exposed to the truth of the LGBT community: lesbian, gay, bisexual and transgender Americans are parents and teachers, law enforce- ment and soldiers, high school students and loving elderly couples.
    [Show full text]
  • Moral Knowledge and the Politics of Cinema Censorship Erin Elif Alp
    Screen Cleaning: Moral Knowledge and the Politics of Cinema Censorship Erin Elif Alp Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2016 © 2015 Erin Elif Alp All rights reserved ABSTRACT Screen Cleaning: Moral Knowledge and the Politics of Cinema Censorship Erin Elif Alp This dissertation asks how the structure of moral authority and media viewership in America has changed over the course of the 20th century. In order to address this question, I examine the ways in which American films are, and have been, labeled inappropriate or appropriate for public viewership. I ask how censorship, regulation and rating systems work to create and manage moral ambiguity, and what types of ramifications moral ambiguity is thought to have on viewers. I also address the types of problems associated with American cinema over time, and propose several analytical dimensions to capture and unpack the processes of censoring cinema. This framework is built on the notions of filth and moral ambiguity, moral repercussion, a process of responsibilization, and the telos for cinema, all of which influences how an organization interacts with movies and morality. In lapses of symmetry between on- and off-screen worlds, moral ambiguity arises in ways that responsibilize either content controllers or audiences themselves. I show the links between these articulations and how the moral repercussions of exposure to cinema are defined. I also argue that where in the past moral ambiguity was commonly perceived as a dangerous aspect of cinema, especially by censors and Hollywood film production regulators, contemporary movie raters present a film’s moral ambiguity as a resource to the viewer.
    [Show full text]
  • Finally, but Most Importantly, I Thank Jennifer for All of Her Quiet Sacrifices
    UNWILLING PILGRIMAGE: VIKINGS, RELICS, AND THE POLITICS OF EXILE DURING THE CAROLINGIAN ERA (c. 830-940) by Daniel C. DeSelm A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (History) in The University of Michigan 2009 Doctoral Committee: Associate Professor Paolo Squatriti, Chair Professor Elizabeth L. Sears Professor Raymond Van Dam Associate Professor Diane O. Hughes © Daniel C. DeSelm 2009 Acknowledgements There are many people without whom I would never have been able to complete this project. My biggest debt is to my doctoral advisor, Paolo Squatriti, for six years of patient and thoughtful guidance. I also offer my sincere thanks to the rest of my dissertation committee, Ray Van Dam, Diane Hughes, and Betsy Sears, each of whom invested tremendous effort in helping me improve this manuscript. I would also like to remember Professor Robert Brentano, who inspired me many years ago. This project was greatly helped by the charitable input and criticism of many scholars, including Patrick Nold, Michael Michalek, Jon Arnold, and all my fellow graduate students at the University of Michigan. I am also grateful to the Rackham Graduate School for its kind assistance, Carla Zecher and the Newberry Library in Chicago for their support, and to the staff of the École nationale des chartes in Paris (particularly Gaëlle Béquet), for their willingness to accommodate me as I bumbled through their archives. Thanks also to Jane and David DeSelm for their tireless editorial help, and to Ken Faulk and Alex Angelov for their assistance in preparing the manuscript. Finally, but most importantly, I thank Jennifer for all of her quiet sacrifices.
    [Show full text]
  • Ready to Ride
    Veterinary Medical Clinic August 31 - September 6, 2019 William Oglesby, DVM We Treat Both Small Animals and Large Animals 804 Southeast Boulevard Clinton, NC 28328 Monday-Friday 7:30am-5:30pm Ready (910) 592-3338 Healthy Animals are to ride Happy Animals Danny Pino stars in “Mayans M.C.” AUTO HOME FLOOD LIFE WORK 101 E. Clinton St., Roseboro, N.C. 910-525-5222 [email protected] We ought to weigh well, what we can only once decide. SEE WHAT YOUR NEIGHBORS Complete Funeral Service including: Traditional Funerals, Cremation Pre-Need-Pre-Planning Independently Owned & Operated ARE TALKING ABOUT! Since 1920’s FURNITURE - APPLIANCES - FLOOR COVERING ELECTRONICS - OUTDOOR POWER EQUIPMENT 910-592-7077 Butler Funeral Home 401 W. Roseboro Street 2 locations to Hwy. 24 Windwood Dr. Roseboro, NC better serve you Stedman, NC www.clintonappliance.com 910-525-5138 910-223-7400 910-525-4337 (fax) 910-307-0353(fax) Sampson Independent — Saturday, August 31, 2019 — Page 3 Sports This Week SATURDAY 7:15 p.m. FSS MLB Baseball Chicago WRAZ PBC Face to Face (30m) ESPN2 Get Up! (1h) 7:00 p.m. ESPN ITF Tennis Men’s and 5:30 p.m. ESPN Pardon the Interruption White Sox at Atlanta Braves. From Sun- WRDC Ring of Honor Wrestling (1h) 11:00 a.m. ESPN2 ITF Tennis Men’s and Women’s Quarter-final U.S. Open. From (30m) 7:00 a.m. ESPN SportsCenter (1h) Trust Park-- Atlanta, Ga. (Live) (3h) WTVD Peyton’s Places (30m) Women’s Fourth Round U.S. Open. From USTA Billie Jean King National Tennis ESPN2 Highly Questionable (30m) WGN Wingshooting USA (30m) 7:30 p.m.
    [Show full text]
  • 10 Things I Hate About You 100 Greatest Discoveries 100 Questions
    10 Things I Hate About You Americas Got Talent Batman: The Brave and the Bored to Death 100 Greatest Discoveries Amish Mafia Bold Borgia 2011 100 Questions An Idiot Abroad Battlefield - World War II Boss 2011 1000 Places To See Before Ancient Aliens Battles BC Boston Legal You Die Ancient Rome The Rise And Battles of the Ancient World Boys Over Flowers 1000 Ways To Die Fall Of An Empire Battlestar Galactica Brain Games 1001 de nopti Andromeda BBC A History Of Christianity Brave New World With 18 to life Angel BBC Around the World in 80 Stephen Hawking 2 Broke Girls Angel Beats Days with Michael Palin Breaking Bad 2 Months 2 Million Angels Among Us BBC Days That Shook the Breaking In 2 Stupid Dogs Angels in America World Breakout 2057 Anger Management BBC James Mays Things You Breakout Kings 21 Jump Street Animated Clip Need to Know Brickleberry 24 Anthony Bourdain: No Beastmaster Britain's Got Talent 30 Rock Reservations Beauty and the Beast (2012) Britannia High 3rd Rock From The Sun Ao no Exorcist Beaver Falls Brooklyn Nine 49Days Apocalypse: The Second Becker Brotherhood 5ive Days to Midnight World War Beelzebub Brothers and Sisters 666 Park Avenue Apostol Being Erica Buffy the Vampire Slayer 7th Heaven Apparitions Being Human Bugs Bunny 8 Simple Rules Appropriate Adult Being Human (US) Bullrun 90210 Archangel Being Mary Jane Bunheads 911: The Days After Archer Believe Burn Notice A Double Shot at Love Arctic Air Ben 10: Alien Force Cake Boss A Gifted Man Are We There Yet? Ben 10: Ultimate Alien Cake Boss: Next Great Baker A Girl's
    [Show full text]
  • American Horror Story : Asylum Murphy's Queer Reality
    Droits d'auteurs Cette création est mise à disposition selon le Contrat : « Attribution-Pas d'Utilisation Commerciale-Pas de modification 4.0 International » disponible en ligne : http://creativecommons.org/licenses/by-nc-nd/4.0/ Corentin! Fricard | Mémoire de Master | Université de Limoges | 2016 ! 2 ! Synopsis In 1964, Massachusetts, a serial-killer named Bloody-Face kills and skins women. After having presumably killed his girlfriend, Kit Walker is accused of being the infamous killer and is interned in the Briarcliff Manor, home for the criminally insane. The asylum is maintained under strict religious order by Sister Jude; a former drunk and bar singer, who turned nun after a hit-and-run in which the life of a young girl was threatened . Jude is "determined to force “productivity, prayer, and purification” on her patients1." Due to the arrival of Bloody Face, the asylum becomes the center of media attention. Lana Winters, a lesbian journalist, begins to investigate the care and treatment provided to the patients of the asylum. As she begins to discover the hidden horror, Sister Jude detains Lana as a patient to cure her homosexuality, and prevents the truth from ever getting out. What ensues is a tale of sexual violence against women: electro-convulsive therapy, aversion/conversion therapy, rape, wire-hanger abortion, etc. Under these conditions, Lana forms new relationships with the patients and discovers the asylum's darker secrets. Dr Arden, employee of the institution, is a former Nazi who found refuge in the asylum after the Second World War, and uses the asylum to experiment on patients.
    [Show full text]
  • Survival Challenge TV Series Puts
    CHIEFLAND Thursday, July 18, 2019 Proudly servingITIZEN Chiefland and Levy County for 68 years C1 section, 18 pages Volume 68, Number 19 www.chieflandcitizen.com Chiefland, FL 32644 $.75 LCSO School grades up across the board makes SEAN ARNOLD and industry certifications, are also fig- overall score – from a 42 to a 52 – thanks Editor ured into the scores. to significant upticks in ELA and math The district showed improvement in scores. The Levy County school district saw all 11 categories, moving up its ranking ELA gains were a focus of the district series of across-the-board gains on the latest an- among districts to 42nd out of 67, up this past school year, according to Edi- nual school and district grades released from 56th in 2018. Levy scored a C in six son. by the Florida Department of Education of the previous seven years. We’ve worked really hard on our this month, as the county increased its “I’m very proud of the district overall,” English Language Arts and we saw some arrests in overall score by 11.5 percent to go from Superintendent Jeff Edison said. “Almost good gains there, especially in the high a C to a B district. every school came up, and some of them schools,” the superintendent said. “It’s The district earned its largest improve- significantly. going to be another focal point this year, ments in the areas of middle school stu- “That just goes to the hard work of the because I think that’s one of the hard- Manatee dent performance and English Language teachers and administrators.” est ones to get.
    [Show full text]