Abstract

The current immersive increase of cyber-attacks requires constant evolution of the used security solutions. Current malware detection solutions are only able to identify known malwares that were previously detected. They also lack the ability to deeply investigate every file in the system. Therefore, new detection techniques are needed to fill this gab. In this study, a flexible and an effective rule-based approach is proposed to detect malicious files by searching for specific types of strings that should not exist in normal legitimate files. The proposed detection technique relies on the use of LOKI as a scanning agent that uses customized YARA rules with different complexities to search for the needed strings. The proposed methodology has been tested and it detected all malwares successfully.

Highlights

  • The Internet usage has increased drastically during the past few years

  • The output of the scan shows a number of detected files that have suspicious strings that matched YARA rule database

  • The file was not downloaded by the system users. It was used by the attacker since it is located in the “temp” folder which is a common place to find malwares. the “webshell.php” file which has the highest score value is clearly a malicious file since it contains many commands/functions that enable the attacker to perform many malicious activities and it is located in the “temp” folder

Read more

Summary

Introduction

The Internet usage has increased drastically during the past few years. The term “Internet of Things” (IoT) has become popular, where different devices are connected to the Internet to provide users with requests or services without being around which saves their time and makes their lives much easier. Due to the increased number of businesses/individuals who use IoT technologies, especially in critical domains such as health and military sectors, a lot of sensitive data are being sent/received. Security has become a crucial aspect in protecting these sensitive data. Securing IoT devices and its data is not an easy task due to the numerous types of cyber-attacks. Current techniques to detect IoT malicious files are not mature enough due to their lack of accuracy, intensive processing power, complexity, inefficiency and time consumption

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.