DOCSLIB.ORG

Software Similarity and Classification

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Software Similarity and Classification By Silvio Cesare, BIT, M.Info Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy Deakin University June, 2013 Acknowledgments I would like to thank the people who made writing this thesis possible. A special thanks to my partner, Kylie, who has supported me greatly. Thanks to Dani, Joe, and Eva who always add a degree of the unexpected to life. Thanks to my mother, Maxine, who enabled me early on to pursue academia. Thanks to my sister, Paloma, who knows too well the life of academic pursuits. Finally, thanks to my supervisor, Prof. Yang Xiang, who has supported me for many years during my Masters degree and PhD. Publications Books 1. Silvio Cesare, Yang Xiang, “Software Similarity and Classification”, Springer, 2012. Refereed Journal Papers 1. Silvio Cesare, Yang Xiang, Wanlei Zhou, "Control Flow-based Malware Variant Detection", IEEE Transactions on Dependable and Secure Computing, IEEE, 2013, (in press). (ERA A) 2. Silvio Cesare, Yang Xiang, Wanlei Zhou, “Malwise - An Effective and Efficient Classification System for Packed and Polymorphic Malware”, IEEE Transactions on Computers, IEEE, vol. 62, no. 6, pp. 1193-1206, 2013. (ERA A*) 3. Yini Wang, Sheng Wen, Silvio Cesare, Wanlie Zhou, Yang Xiang, "Eliminating Errors in Worm Propagation Models", Communication Letters, IEEE, vol. 15, no. 9, pp. 1022-1024, 2011. (ERA A) 4. Yini Wang, Sheng Wen, Silvio Cesare, Wanlie Zhou, Yang Xiang, "The Microcosmic Model of Worm Propagation", The Computer Journal, vol. 54, no. 10, pp. 1700-1720, 2011. (ERA A*) 5. 5. Yongrui Cui, Mingchu Li, Yang Xiang, Yizhi Ren, Silvio Cesare, "A Quality-of- Service based Fine-grained Reputation System in the Grid Economy", Concurrency and Computation: Practice and Experience, 2011. (ERA A) Refereed Conference Papers 1. Silvio Cesare, Yang Xiang, Jun Zhang, "Clonewise - Detecting Package-level Clones Using Machine Learning", 9th International Conference on Security and Privacy in Communication Networks (SecureComm 2013), 2013. (ERA A) 2. Silvio Cesare, Yang Xiang, "Simseer and Bugwise - Web Services for Binary-level Software Similarity and Defect Detection", 10th Australasian Symposium on Parallel and Distributed Computing (AusPDC 2012), 2012. 3. Silvio Cesare, Yang Xiang, “Wire – A Formal Intermediate Language for Binary Analysis”, IEEE Trustcom, IEEE, 2012. (ERA A) 4. Silvio Cesare, Yang Xiang, "Malware Variant Detection Using Similarity Search over Sets of Control Flow Graphs", IEEE Trustcom, IEEE, 2011. (ERA A) Industry Conferences 1. Black Hat, 2013 - Bugalyze.com - Detecting Bugs Using Decompilation and Data Flow Analysis 2. AusCERT, 2013 - Simseer.com - Malware Detection in a Cloud 3. Ruxcon, 2012 - FooCodeChu - Web Services for Software Analysis, Malware Detection, and Vulnerability Research 4. Ruxcon Breakpoint, 2012 - Detecting Bugs in Binaries Using Decompilation and Data Flow Analysis 5. Black Hat, 2012 - Clonewise – Automated Package Clone Detection 6. AusCERT, 2012 - Effective Flowgraph-based Malware Variant Detection 7. Ruxcon, Professional Delegates Event, 2011 - Faster, More Effective Flowgraph- based Malware Classification 8. Ruxcon, 2011 - Automated Detection of Software Bugs and Vulnerabilities in Linux Media Articles and Interviews 1. "AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry" CSO 2. "Scanner Identifies Malware Strains, Could Be Future of AV" Slashdot 3. "“Tool detects software plagiarism, theft and malware outbreaks” SC Magazine 4. “Research offers software salvation from AV friendly-fire” SC Magazine 5. “Tool kills hidden Linux bugs, vulnerabilities” Slashdot 6. "'Clonewise' Security Service Helps Identify Vulnerable Code" Dark Reading 7. Risky Business #177 -- Silvio Cesare discusses his AV PhD 8. Risky Business #203 -- LulzSec: They're baaaaaaaack 2 Software Similarity and Classification This thesis identifies the key topics in software similarity and classification. It examines the task of detecting software variants, clones, derivatives, and classes of software. From this theory, we propose a novel system to detect package-level clones of software using pattern classification techniques enabling us to discover software vulnerabilities in Linux. We also propose a formal language to aid binary analysis and using this framework, propose a novel system to detect malware variants through unique malware signatures, database indexing, and searching algorithms. These systems have been evaluated on real data sets including over 10,000 Linux packages making up the Debian Linux distribution where 34 previously unknown clones and over 30 previously unknown vulnerabilities were identified. Our malware system was evaluated on over 15,000 real malware and is demonstrated to be more effective and efficient than previous systems maintaining a near real-time scan performance. TABLE OF CONTENTS Contents Chapter 1: Introduction 1 1.1 Background 1 1.2 Motivation 2 1.3 Problem Formulization 3 1.4 Problem Overview 4 1.5 Aims and Scope 5 1.6 Contributions 6 1.7 Thesis Organization 7 Chapter 2: Related Work 9 2.1 Taxonomy of Program Features 9 2.1.1 Syntactic Features 10 2.1.2 Semantic Features 15 2.1.3 Taxonomy of Features in Program Binaries 16 2.1.4 Case Studies 17 2.2 Program Transformations and Obfuscations 18 2.2.1 Compiler Optimisation and Recompilation 18 2.2.2 Program Obfuscation 20 2.2.3 Plagiarism, Software Theft, and Derivative Works 21 2.2.4 Malware Packing, Polymorphism, and Metamorphism 22 2.2.5 Features under Program Transformations 28 2.3 Formal Methods of Program Analysis 28 2.3.1 Static Feature Extraction 28 2.3.2 Formal Syntax and Lexical Analysis 29 2.3.3 Parsing 29 2.3.4 Intermediate Representations 30 2.3.5 Formal Semantics of Programming Languages 32 2.3.6 Theorem Proving 33 2.3.7 Model Checking 34 2.3.8 Data Flow Analysis 34 2.3.9 Abstract Interpretation 36 2.3.10 Intermediate Code Optimisation 37 2.3.11 Research Opportunities 37 2.4 Static Analysis of Binaries 37 2.4.1 Disassembly 38 2.4.2 Intermediate Code Generation 40 2.4.3 Procedure Identification 41 2.4.4 Procedure Disassembly 42 2.4.5 Control Flow Analysis, Deobfuscation and Reconstruction 42 2.4.6 Pointer Analysis 43 2.4.7 Decompilation of Binaries 43 1 TABLE OF CONTENTS 2.4.8 Obfuscation and Limits to Static Analysis 46 2.4.9 Research Opportunities 46 2.5 Dynamic Analysis 47 2.5.1 Relationship to Static Analysis 47 2.5.2 Environments 48 2.5.3 Debugging 48 2.5.4 Hooking 48 2.5.5 Dynamic Binary Instrumentation 49 2.5.6 Virtualization 49 2.5.7 Application Level Emulation 49 2.5.8 Whole System Emulation 51 2.6 Feature Extraction 52 2.6.1 Processing Program Features 52 2.6.2 Strings 53 2.6.3 Vectors 53 2.6.4 Sets 53 2.6.5 Sets of Vectors 53 2.6.6 Trees 53 2.6.7 Graphs 53 2.6.8 Embeddings 54 2.6.9 Kernels 54 2.6.10 Research Opportunities 54 2.7 Software Birthmark Similarity 55 2.7.1 Distance Metrics 55 2.7.2 String Similarity 56 2.7.2.3 Longest Common Subsequence (LCS) 57 2.7.3 Vector Similarity 57 2.7.4 Set Similarity 58 2.7.5 Set of Vectors Similarity 59 2.7.6 Tree Similarity 59 2.7.7 Graph Similarity 60 2.8 Software Similarity Searching and Classification 61 2.8.1 Instance-based Learning and Nearest Neighbour 61 2.8.2 Statistical Machine Learning 63 2.8.3 Research Opportunities 64 2.9 Applications 65 2.9.1 Malware Classification 65 2.9.2 Software Theft Detection (Static Approaches) 67 2.9.3 Software Theft Detection (Dynamic Approaches) 69 2.9.4 Plagiarism Detection 69 2.9.5 Code Clone Detection 70 2.9.6 Critical Analysis 71 2.10 Future Trends 72 Concluding Remarks 73 Chapter 3: Clonewise – Detecting Package-level Clones Using Machine Learning 74 2 TABLE OF CONTENTS 3.1 Introduction 74 3.1.1 Motivation for Package-level Clone Detection 75 3.1.2 Motivation for Automated Approaches 76 3.1.2 Generability 77 3.1.3 Innovation 78 3.1.4 Structure of the Chapter 79 3.2 Problem Definition and Our Approach 79 3.2.1 Problem Definition 79 3.2.2 Our Approach 79 3.3 Initial Attempts 80 3.3.1 Containment for Embedded Package Clone Detection 80 3.3.2 Intersection for Shared Package Clone Detection 81 3.3.3 Motivations for Other Approaches 81 3.4 Package Clone Detection 81 3.4.1 Shared Package Clone Detection 82 3.4.2 Shared Package Clone Classification 86 3.4.3 Embedded Package Clone Detection 86 3.4.4 Classification Using Asymmetric Bagging 87 3.5 Inferring Security Problems 88 3.5.1 Use-case of Clone Detection to Detect Vulnerabilities 88 3.5.2 Standardization Efforts 89 3.5.3 Debian Linux Security Tracking 89 3.5.4 Automated Vulnerability Inference 89 3.6 System Implementation 91 3.6.1 Software 91 3.6.2 Scaling The Analysis 93 3.7 Evaluation 95 3.7.1 Filenames as Features 95 3.7.2 Establishing the Ground Truth for Training and Evaluation 95 3.7.3 Accuracy of Shared Package Clone Detection 97 3.7.4 Accuracy of Embedded Package Clone Detection 98 3.7.5 Practical Package Clone Detection 99 3.7.6 Vulnerability Detection 99 3.7.7 Automated Vulnerability Detection 99 3.8 Discussion 102 3.8.1 Practical Consequences of Our Research 103 3.8.2 Referencing CVEs in an advisory. 104 Concluding Remarks 104 Chapter 4: Wire - A Formal Intermediate Language for Binary Analysis 105 4.1 Introduction 105 4.1.1 Motivation 105 4.1.2 Innovation 107 4.1.3 Structure of the Chapter 108 4.2 Translating Native Code 108 3 TABLE OF CONTENTS 4.2.1 Disassembly 108 4.2.2 Abstract Machines 109 4.2.3 Intermediate Code Generation 109 4.2.4 Register Mapping between Native Architectures and Wire 110 4.2.5 Label Generation 110 4.2.6 Condition Code Generation 110 4.2.7
Recommended publications
  • A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform

    A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform

    International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform Mr. Sagar Vitthal Shinde1 M.Tech Comp. Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email id: [email protected] Ms. Amrita A. Manjrekar2 Assistant Professor, Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email Id: [email protected] Abstract late). It has been recently reported that almost 60% of Android is most popular platform for mobile devices. existing malware send stealthy premium rate SMS messages. Smartphone’s and mobile tablets are rapidly indispensable in Most of these behaviors are exhibited by a category of apps daily life. Android has been the most popular open sources called Trojanized that can be found in online marketplaces mobile operating system. On the one side android users are not controlled by Google. However, also Google Play, the increasing, but other side malicious activity also official market for Android apps, has hosted apps which have simultaneously increasing. The risk of malware (Malicious been found to be malicious [1] [21]. apps) is sharply increasing in Android platform, Android Existing system consist of some limited features of android mobile malware detection and prevention has become an app, malware detection is based on behavioral base. The important research topic. Some malware attacks can make the malware detection and prevention process is also static which phone partially or fully unusable, cause unwanted SMS/MMS create some problems such as it increase false positive rate.
  • Methods for Improving the Quality of Software Obfuscation for Android Applications

    Methods for Improving the Quality of Software Obfuscation for Android Applications

    Methods for Improving the Quality of Software Obfuscation for Android Applications Methoden zur Verbesserung der Qualit¨atvon Softwareverschleierung f¨urAndroid-Applikationen Der Technischen Fakult¨atder Friedrich-Alexander-Universit¨at Erlangen-N¨urnberg zur Erlangung des Grades DOKTOR-INGENIEUR vorgelegt von Yan Zhuang aus Henan, VR China Als Dissertation genehmigt von der Technischen Fakult¨atder Friedrich-Alexander-Universit¨at Erlangen-N¨urnberg Tag der m¨undlichen Pr¨ufung: 26. September 2017 Vorsitzende des Promotionsorgans: Prof. Dr.-Ing. Reinhard Lerch Gutachter: Prof. Dr.-Ing. Felix C. Freiling Prof. Dr. Jingqiang Lin Dedicated to my dear parents. Abstract Obfuscation technique provides the semantically identical but syntactically distinguished transformation, so that to obscure the source code to hide the critical information while preserving the functionality. In that way software authors are able to prevail the re- sources e.g. computing power, time, toolset, detection algorithms, or experience etc., the revere engineer could afford. Because the Android bytecode is practically easier to decompile, and therefore to reverse engineer, than native machine code, obfuscation is a prominent criteria for Android software copyright protection. However, due to the lim- ited computing resources of the mobile platform, different degree of obfuscation will lead to different level of performance penalty, which might not be tolerable for the end-user. In this thesis, we optimize the Android obfuscation transformation process that brings in as much “difficulty" as possible meanwhile constrains the performance loss to a tolerable level. We implement software complexity metrics to automatically and quantitatively evaluate the “difficulty" of the obfuscation results. We firstly investigate the properties of the 7 obfuscation methods from the obfuscation engine Pandora.
  • What Are Kernel-Mode Rootkits?

    What Are Kernel-Mode Rootkits?

    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
  • Jabber & IRC & SIP ICQ-, Chat- Und Skype-Ersatz Für Echte Männer

    Jabber & IRC & SIP ICQ-, Chat- Und Skype-Ersatz Für Echte Männer

    Jabber & IRC & SIP ICQ-, Chat- und Skype-Ersatz für echte Männer (und Frauen) Schwabacher Linux Tage 09 Überblick „Unschönes“ an proprietärer Kommunikation Rechtliche Grauzone EULAs IRC & Jabber: ICQ erschlagen SIP-Telefonie: Skype erschlagen Zusammenfassung Diskussion & Fragen Schwabacher Linux Tage 09 Worüber reden wir eigentlich? ICQ, MSN, Yahoo! & Co. „Kostenlose“ Chat- und Kurznachrichten-Dienste Unterstützen „Offline-Nachrichten“ Infrastrukturen in Amerika Es gelten amerikanische Bedingungen! Bieten proprietäre Client-Software für Windoos und Mac an Alternative Client-Software ist nicht erlaubt Schwabacher Linux Tage 09 Worüber reden wir eigentlich? (2) Skype „Kostenloser“ Dienst für Internet-Telefonie Ebay bietet proprietäre Client-Software für Windoos, Mac Schwabacher Linux Tage 09 Der Haken Dienste sind „kostenlos“: Der wahre Preis steht in der EULA! EULA Lang (Soll nicht gelesen werden?) Unverständliche juristische Formulierungen Für den Standardnutzer heute nur noch „Auf 'Akzeptieren' klicken. Ist ein bindender Vertrag! Schwabacher Linux Tage 09 Der Haken (2) [...] You agree that [...] you surrender your copyright and any other proprietary right in the posted material or information. You further agree that ICQ LLC. is entitled to use at its own discretion any of the posted material or information in any manner it deems fit, including, but not limited to, publishing the material or distributing it. [...] Schwabacher Linux Tage 09 Unbewusste Probleme Massenhaftes Sammeln personenbezogener Daten Datenschleudern/Datenhandel Abgrasen
  • Detection and Classification of Malicious Processes Using System

    Detection and Classification of Malicious Processes Using System

    Detection and Classification of Malicious Processes Using System Call Analysis A Thesis Submitted to the Faculty of Drexel University by Raymond J. Canzanese, Jr. in partial fulfillment of the requirements for the degree of Doctor of Philosophy May 2015 c Copyright 2015 Raymond J. Canzanese, Jr. ii Dedications To Madison, without whose support and companionship this would have been a far less rewarding and enjoyable experience. iii Acknowledgments Throughout the course of writing this thesis, I was surrounded by an outstanding community who provided the support, inspiration, encouragement, and distraction necessary for its completion. To my advisers, Moshe Kam and Spiros Mancoridis, and committee, Naga Kandasamy, Ko Nishino, Harish Sethu, and Steven Weber, I am most thankful. It was their insights, guidance, feedback, and support that made this thesis possible. I cannot overstate the depth and breadth of the lessons I have learned from them, which have shaped not only this thesis, but my general approach to problem solving, my outlook on life, and my ambitions. That my advisers managed to find the time, energy, and patience to meet with me regularly to discuss my successes and failures confounds me. Watching them advance in their careers while remaining so humble and grounded has been truly inspiring. I also had the great fortune to learn from a number of other faculty members here at Drexel who have helped shape and inspire this work, including Kapil Dandekar, John Walsh, Tom Chmielewski, Ali Shokoufandeh, and Marcello Balduccini. My friends and colleagues here at Drexel, especially those members of the Data Fusion Lab and Software Engineering Research Group, have also served to educate, motivate, and inspire me.
  • Technical Notes All Changes in Fedora 13

    Technical Notes All Changes in Fedora 13

    Fedora 13 Technical Notes All changes in Fedora 13 Edited by The Fedora Docs Team Copyright © 2010 Red Hat, Inc. and others. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. For guidelines on the permitted uses of the Fedora trademarks, refer to https:// fedoraproject.org/wiki/Legal:Trademark_guidelines. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. Java® is a registered trademark of Oracle and/or its affiliates. XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. All other trademarks are the property of their respective owners. Abstract This document lists all changed packages between Fedora 12 and Fedora 13.
  • Download Briefing Schedule

    Download Briefing Schedule

    WED. JULY 31 07:00-17:00 REGISTRATION 08:00-08:50 BREAKFAST Sponsored by / Forum Ballroom ROOM Roman II Roman IV Roman I / III Palace II Palace III Augustus V / VI Palace I Augustus I / II Augustus III / IV 08:50-09:00 Welcome & Introduction to Black Hat USA 2013 / Augustus Ballroom 09:00-10:00 Keynote Speaker: General Keith B. Alexander / Augustus Ballroom 10:00-10:15 Break 10:15-11:15 Mainframes: The Past Will BlackberryOS 10 From a Security With BIGDATA comes BIG New Trends in FastFlux Networks Lessons from Surviving a Combating the Insider Threat Beyond the Application: Cellular Java Every-Days: Exploiting How to Build a SpyPhone Come to Haunt You Perspective responsibility: Practical (Wei Xu + Xinran Wang) 300Gbps Denial of at the FBI: Real-world Lessons Privacy Regulatory Space Software Running on Three (Kevin McNamee) (Philip Young) (Ralf-Philipp Weinmann) exploiting of MDX injections Service Attack Learned (Christie Dudley) Billion Devices (Dmitry Chastuhin) (Matthew Prince) (Patrick Reidy) (Brian Gorenc + CrowdSource: An Open Source, Jasiel Spelman) Crowd Trained Machine Learning Legal Considerations for Model for Malware Detection Cellular Research (Joshua Saxe) (Marcia Hofmann) TM 11:15-11:45 Coffee Service Sponsored by / Octavius Ballroom 11:45-12:45 Black-box Assessment of Shattering Illusions in Lock-Free Power Analysis Attacks for Denying Service to DDoS What Security Researchers Just-In-Time Code Reuse: The A Tale of One Software Bypass TLS 'Secrets' Million Browser Botnet Pseudorandom Algorithms Worlds: Compiler/Hardware
  • Chemnitzer Linux-Tage 2013 – Tagungsband – 16

    Chemnitzer Linux-Tage 2013 – Tagungsband – 16

    Team der Chemnitzer Linux-Tage: Chemnitzer Linux-Tage 2013 – Tagungsband – 16. und 17. März 2013 Team der Chemnitzer Linux-Tage Chemnitzer Linux-Tage 2013 16. und 17. März 2013 – Tagungsband – Universitätsverlag Chemnitz 2013 Bibliografische Information der Deutschen Nationalbibliothek Die Deutsche Nationalbibliothek verzeichnet diese Publikation in der Deutschen Nationalbibliografie; detail- lierte bibliografische Angaben sind im Internet über http://dnb.d-nb.de abrufbar. Technische Universität Chemnitz/Universitätsbibliothek Universitätsverlag Chemnitz Herstellung und Auslieferung: Verlagshaus Monsenstein und Vannerdat OHG Am Hawerkamp 31 48155 Münster http://www.mv-verlag.de ISBN 978-3-941003-80-4 URL: http://nbn-resolving.de/urn:nbn:de:bsz:ch1-qucosa-105403 URN: urn:nbn:de:bsz:ch1-qucosa-105403 Satz und Layout: Jens Pönisch und Monique Kosler Coverfoto: Petra Pönisch Graphik Innentitel: Petra Pönisch URL der Chemnitzer Linux-Tage: http://chemnitzer.linux-tage.de Premiumsponsoren Weitere Sponsoren R Linux Professional Institute Medienpartner 6 Inhaltsverzeichnis 1 Vorwort 11 2 Inhalt der Hauptvorträge 13 2.1 AsciiDoc – medienneutrales, technisches Publizieren . 13 2.2 Erzeugen einfacher OpenStreetMap-Karten . 21 2.3 Gnuplot für Anfänger . 31 2.4 Himbeertorte – Raspberry Pi zum Anfassen . 41 2.5 Linux-Versteher dank strace . 49 2.6 Nutzung des OCRA-Algorithmus und LinOTP beim Online-Banking . 61 2.7 Petabyte-Storage leicht gemacht: Ceph . 69 2.8 Sensordaten per SNMP verteilen . 77 2.9 Vertraulich kommunizieren mit OTR . 85 2.10 WeLoupe Next Generation Web-Scanner . 95 2.11 Zuverlässigkeit von GNU/Linux-basierten eingebetteten Systemen . 103 3 Zusammenfassungen der weiteren Vorträge 111 3.1 3D-Visualisierung mit Blender . 111 3.2 Aktuelle Entwicklungen beim Linux-Kernel .
  • Poezio Documentation Release 0.12.1

    Poezio Documentation Release 0.12.1

    Poezio Documentation Release 0.12.1 Mathieu Pasquet - Florent Le Coz - Emmanuel Gil Peyrot Oct 12, 2018 Contents 1 Installing poezio 1 1.1 poezio in the GNU/Linux distributions.................................1 1.2 Install from source............................................1 1.3 Docker images..............................................4 2 Configuration 5 2.1 Global section options..........................................5 2.2 Optional section options......................................... 16 3 Usage 19 3.1 Tab list.................................................. 19 3.2 Generalities................................................ 20 3.3 Contact list tab.............................................. 21 3.4 Chatroom tab............................................... 21 3.5 Private tab................................................ 23 3.6 Conversation tab............................................. 23 3.7 Dataforms tab.............................................. 25 3.8 List tab.................................................. 25 3.9 Confirm tab................................................ 25 3.10 Bookmarks tab.............................................. 27 4 Commands 29 4.1 Global commands............................................ 29 4.2 Chat tab commands........................................... 32 4.3 MultiUserChat tab commands...................................... 33 4.4 Private tab commands.......................................... 34 4.5 Normal Conversation tab commands................................... 34 4.6
  • Malware Detection and Classification Based on Extraction of API Sequences

    Malware Detection and Classification Based on Extraction of API Sequences

    Downloaded from http://iranpaper.ir http://translate68.ir Malware Detection and Classification Based on Extraction of API Sequences Dolly Uppal, Rakhi Sinha, Vishakha Mehra and Vinesh Jain Department of Computer Engineering and Information Technology Government Engineering College Ajmer, India [email protected], [email protected], [email protected], [email protected] Abstract— With the substantial growth of IT sector in the the concept of pattern (byte code-signature) recognition. Anti- 21st century, the need for system security has also become Virus Scanners (AVS) follow traditional signature based inevitable. While the developments in the IT sector have detection method to identify malware. Signatures are the innumerable advantages but attacks on websites and computer sequences of bytes existent in the database. Although systems are also increasing relatively. One such attack is zero day signature based examination can discern malware by yielding malware attack which poses a great challenge for the security low false positive rates but this technique turns out to be testers. The malware pen testers can use bypass techniques like inefficient for malware whose signature are not listed in the Compression, Code obfuscation and Encryption techniques to database. Also, once should be well versed with the minutiae easily deceive present day Antivirus Scanners. This paper of software for static analysis, which is not usually possible. elucidates a novel malware identification approach based on Malware detection using static analysis can be easily extracting unique aspects of API sequences. The proposed feature selection method based on N grams and odds ratio circumvented by malware writers by making use of the selection, capture unique and distinct API sequences from the obfuscation techniques.
  • The Journal of AUUG Inc. Volume 23 ¯ Number 4 December 2002

    The Journal of AUUG Inc. Volume 23 ¯ Number 4 December 2002

    The Journal of AUUG Inc. Volume 23 ¯ Number 4 December 2002 Features: This Issues CD: Knoppix Bootable CD 4 Using ODS to move a file system on the fly 7 Handling Power Status using snmptrapd 9 Process Tracing us ptrace - Part 2 11 Viruses: a concern for all of us 13 Viruses and System Security 21 Why Success for Open Source is great for Windows Users 22 Root-kits and Integrity 24 Installing and LAMP System 32 Exploring Perl Modules - Part 2: Creating Charts with GD:: Graph 38 DVD Authoring 41 Review: Compaq Presario 1510US 43 Athlon XP 2400 vs Intel Pentium 4 2.4Ghz and 2.8Ghz 46 Creating Makefiles 52 The Story of Andy’s Computer 54 News: Public Notices 5 AUUG: Corporate Members 9 AUUG: Chapter Meetings and Contact Details 61 Regulars: President’s Column 3 /var/spool/mail/auugn 3 My Home Network 5 AUUGN Book Reviews 7 ISSN 1035-7521 Print post approved by Australia Post - PP2391500002 AUUG Membership and General Correspondence The AUUG Secretary AUUG Inc Editorial PO Box 7071 Con Zymaris [email protected] Baulkham Hills BC NSW 2153 Telephone: 02 8824 95tl or 1800 625 655 (Toll-Free) I remember how exhilarating my first few brushes Facsimile: 02 8824 9522 with computerswere. It was the late ’70s. We had just Email: [email protected] experienced two massive waves of pop-technology AUUG Management Committee which swept through the public consciousness like a Email: au ugexec@au u.q.org.au flaring Tesla-coil: Star Wars had become the most successful film of all time, playing in cinemas (and President drive-ins.., remember those?) for over two years.