Malicious Functionality Research Articles

Detection of Evasive Android Malware Using EigenGCN

Recently there is an upsurge in Android malware that use obfuscation and repackaging techniques for evasion. Malware may also combine both these techniques to create stealthy adversarial mimicry samples to launch mimicry attacks. In mimicry attacks, the adversary makes sure that the static and dynamic features present in the crafted malware mimics the features present in the legitimate applications. In such cases, the existing detection mechanisms may become less effective. We found that the malicious nature of Android applications can be determined by identifying certain subgraphs that appear in their system call graphs. These subgraphs can be determined with the help of spectral clustering mechanism present in EigenGCN. With this, the system call graph G will be partitioned into two subgraphs G1 and G2, in which the malicious functionality if any will be present in the subgraph G1. The graph Fourier transform based pooling technique in EigenGCN then computes the features of the subgraphs in the form of graph signals. This graph signals serve as a robust signature to detect malware. The proposed mechanism gave an accuracy of 98.7% on common malware, 97.3% on obfuscated malware, 97.8% on repackaged malware, and 90% on adversarial mimicry malware datasets. As far as we know, this is the first work that proposes a malware detection mechanism, that can detect common as well as obfuscated, repackaged, and mimicry malware in Android.

Enhancing android malware detection explainability through function call graph APIs

Nowadays, mobile devices are massively used in everyday activities. Thus, they contain sensitive data targeted by threat actors like bank accounts and personal information. Through the years, Machine Learning approaches have been proposed to identify malicious Android applications, but recent research highlights the need for better explanations for model decisions, as existing ones may not be related to the app’s malicious functionalities.This paper proposes an explainable approach based on static analysis to detect Android malware. The novelty lies in the specific analysis conducted to select and extract the features (i.e., APIs taken from the DEX Call Graph) that immediately provide meaningful explanations of the model functionality, thus allowing a significant correlation of the malware behavior with its family. Moreover, since we contain the number and type of features, the distinct impacts of each one appear more evident. The attained results show that it is possible to reach comparable results (in terms of accuracy) to existing state-of-the-art models while providing easy-to-understand explanations, which may yield significant insights into the malicious functionalities of the samples.

АГРЕССИЯ ВЕДЬМ И КОЛДУНОВ В ПРЕДАНИЯХ СЕВЕРНОЙ ГЕРМАНИИ XIX В.

The article focuses on the malicious functions of male and female witches in the North German legends of the 19th century. The research is based on the “Die Volkssagen von Pommern und Rügen” compiled by J.D.H. Temme (1840), the first volume of the “Sagen, Märchen und Gebräuche aus Meklenburg” by K. Bartsch (1879), “Norddeutsche Sagen, Märchen und Gebräuche aus Meklenburg, Pommern, der Mark, Sachsen, Thüringen, Braunschweig” by A. Kuhn and W. Schwartz (1848) and some other folklore collections. The author highlights possible perceived motivations, i.e. reasons for the aggression of male and female witches towards other people. It is noticed that some functions and motivations that are frequently attributed to the female witches – for example, bewitching a cow in the first case, the desire to enrich themselves and the desire for revenge in the second case – can be attributed to the male characters. Nevertheless, the behavior of female characters can often be described as less demonstrative than the behavior of male characters. It can be assumed, that this state of affairs is related to women’s desire to protect their reputation as good members of society

Function-Level Code Obfuscation Detection Through Self-Attention-Guided Multi-Representation Fusion

Malware developers often employ code obfuscation techniques to conceal their malicious functionality, making it challenging to detect and analyze such software. While various de-obfuscation techniques exist, the majority of them require prior knowledge of the obfuscation tools and techniques in use. Identifying the specific obfuscation tools or algorithms applied to the obfuscated code is thus of vital importance, which, however, typically demands in-depth expert knowledge and substantial efforts. Therefore, this paper presents DeObA, a deep learning (DL) driven approach for the precise and efficient detection of obfuscation algorithms on the fine-grained function-level code snippets. To comprehensively capture unique patterns or features of different obfuscation algorithms from code, DeObA works on multiple distinct code views, encompassing token sequences, abstract syntax trees (AST) and program dependency graphs (PDG), which will reflect the code’s lexical morphology, syntactic and structural aspects. After individually collecting obfuscation-indicative features with well-matched DL encoder from each code view, a self-attention-based fusion strategy is performed on these features to produce an integrated, dense, yet feature-rich vector. This vector is then fed into a softmax classification layer for prediction. Due to the lack of a moderately sized dataset, a large obfuscation corpus is curated with 7 different obfuscation tools and a total of 12 obfuscation algorithms on 39,070 C/C[Formula: see text] functions. The experimental evaluations conducted on the dataset exhibit a distinguished detection performance of DeObA, which achieve accuracy rates of 99.90% and 99.19% on the obfuscation tool detection and obfuscation algorithm detection tasks, respectively. The ablation study also confirms the active role of considering multiple distinct code views and the effectiveness of the designed self-attention-based fusion strategy.

Backdoor attacks and defenses in federated learning: Survey, challenges and future research directions

Federated learning (FL) is an approach within the realm of machine learning (ML) that allows the use of distributed data without compromising personal privacy. In FL, it becomes evident that the training data among participants frequently exhibit heterogeneous distribution characteristics. This inherent heterogeneity poses a substantial challenge for the orchestration server as it strives to assess the reliability of each local model update. Due to this challenge, FL becomes susceptible to various potential risks, with the ominous backdoor attack standing out as one of the most menacing threats. Backdoor attacks involve the insertion of malicious functionality into a targeted model through poisoned updates from malicious clients. These attacks can cause the global model to misbehave on specific inputs while appearing normal in other instances. Although the backdoor attacks received significant attention for their potential impact on practical deep learning applications, their exploration within the realm of FL remains limited. This survey seeks to address this gap by offering an all-encompassing examination of prevailing backdoor attack tactics and defenses in the context of FL. We include an exhaustive analysis of diverse approaches to provide a comprehensive understanding of this intricate landscape. Furthermore, we also discuss the challenges and potential future directions for attacks and defenses in the context of FL.

Analysis of Various Malicious Payload Deployment Cables

Cybercriminals and hackers are always thinking of clever, new ways to exploit your devices and you must be perpetually vigilant. A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions. The worst malicious cables take control of a user’s cell phone, laptop, or desktop. Usernames and passwords are the first bits to go. Next, the connected device’s storage is emptied. Attacks through various computer ports such as Ethernet Port, if the targeted network contains faulty Ethernet (networking) cables on the attacker's path to their victim. This project gives a broad overview and a comparative study of the list of vulnerabilities in the hardware ports of a computer that can be exploited by the attackers using various malicious cables and payloads. Keywords— malicious, payloads, data infiltration, USB cables, ethernet cables, HDMI cables

HLock+: A Robust and Low-Overhead Logic Locking at the High-Level Language

With the emergence of the horizontal business model in the semiconductor industry, numerous hardware security concerns have been emerged, including intellectual property (IP) theft, malicious functionality insertion, and IC overproduction. To combat these threats, logic locking has been introduced as one of the most prominent countermeasures, and advances in logic locking have led the most recent techniques towards higher levels of abstractions, i.e. register transfer language (RTL) or highlevel languages (C/C++). In this paper, we propose HLock+, a robust logic locking framework at the high-level design language. HLock+ consists of two main parts to achieve multiple goals: (I) Locking in HLock+ is based on a formal analysis over design specifications, assets, and critical operations to determine locking points in the design to provide the best solution in terms of desired attack resiliency (e.g., SAT attacks), and locking key size; (II) We integrate the formal analysis with a point function locking technique, in which the locking candidates have been chosen by an optimization algorithm helping us to boost the efficiency of the approach with the given area, power, and performance constraints. Furthermore, the proposed framework ensures a dynamic/automatic locking solution based on a set of specifications, and it is well suited for large-scale designs. Apart from having lesser development/verification efforts, HLock+ at highlevel language will be followed by high-level synthesis (HLS) and RTL synthesis, which provides superior uniform distribution and optimum output corruptibility. We show that HLock+ provides potent robustness against de-obfuscation attacks, e.g. SAT and machine-learning-based attacks, while the overhead is kept low.

Malicious source code detection using a translation model

Modern software development often relies on open-source code sharing. Open-source code reuse, however, allows hackers to access wide developer communities, thereby potentially affecting many products. An increasing number of such "supply chain attacks" have occurred in recent years, taking advantage of open-source software development practices. Here, we introduce the Malicious Source code Detection using a Translation model (MSDT) algorithm. MSDT is a novel deep-learning-based analysis method that detects real-world code injections into source code packages. We have tested MSDT by embedding examples from a dataset of over 600,000 different functions and then applying a clustering algorithm to the resulting embedding vectors to identify malicious functions by detecting outliers. We evaluated MSDT's performance with extensive experiments and demonstrated that MSDT could detect malicious code injections with precision@k values of up to 0.909.

Universal backdoor attack on deep neural networks for malware detection

Backdoor attacks targeting the deep neural network are flourishing recently and are more stealthy than existing adversarial attacks. A deep understanding of the backdoor attacks targeting malware detection models is still missing. We design a highly transferable backdoor attack targeting three benchmark convolutional neural networks (CNNs) for malware detection. The designed backdoor attack involves two steps: trigger generation and trigger insertion. Firstly, based on the computation of the most significant byte sub-sequence from samples of a chosen target label, the trigger patterns are generated by training a class activation mapping-based deep neural network (CAM-DNN). Then, the byte sequence with the maximum class activation mapping score is chosen as the candidate trigger pattern. The computed trigger pattern is then inserted into an index-based place that satisfies the minimum distance between a predefined feature space to the target label. Through detailed experiments, the CAM-DNN-based backdoor considers many influential factors, including the number of backdoor triggers, the degree of perturbations applied on a single trigger pattern, the length of the inserted trigger, etc. The experiments demonstrate that the CAM-DNN-based backdoor attack achieves an 89.58% success rate on average at the cost of a 2.25% accuracy drop on clean inputs. More importantly, the poisoned malware ensures high integrity because the original malicious functions are preserved to a large extent.

Malware API Calls Detection Using Hybrid Logistic Regression and RNN Model

Behavioral malware analysis is a powerful technique used against zero-day and obfuscated malware. Additionally referred to as dynamic malware analysis, this approach employs various methods to achieve enhanced detection. One such method involves using machine learning and deep learning algorithms to learn from the behavior of malware. However, the task of weight initialization in neural networks remains an active area of research. In this paper, we present a novel hybrid model that utilizes both machine learning and deep learning algorithms to detect malware across various categories. The proposed model achieves this by recognizing the malicious functions performed by the malware, which can be inferred from its API call sequences. Failure to detect these malware instances can result in severe cyberattacks, which pose a significant threat to the confidentiality, privacy, and availability of systems. We rely on a secondary dataset containing API call sequences, and we apply logistic regression to obtain the initial weight that serves as input to the neural network. By utilizing this hybrid approach, our research aims to address the challenges associated with traditional weight initialization techniques and to improve the accuracy and efficiency of malware detection based on API calls. The integration of both machine learning and deep learning algorithms allows the proposed model to capitalize on the strengths of each approach, potentially leading to a more robust and versatile solution to malware detection. Moreover, our research contributes to the ongoing efforts in the field of neural networks, by offering a novel perspective on weight initialization techniques and their impact on the performance of neural networks in the context of behavioral malware analysis. Experimental results using a balanced dataset showed 83% accuracy and a 0.44 loss, which outperformed the baseline model in terms of the minimum loss. The imbalanced dataset’s accuracy was 98%, and the loss was 0.10, which exceeded the state-of-the-art model’s accuracy. This demonstrates how well the suggested model can handle malware classification.

M3F: A novel multi-session and multi-protocol based malware traffic fingerprinting

In recent years, cyber attacks have become increasingly frequent, which has had a tremendous negative impact on public life and social order. Accurately and quickly finding malware traffic from massive network traffic is one of the keys to defending against network attacks. Traditional detection methods, whether signature-based or machine learning-based, use a packet or a session as the smallest detection unit. Usually, malware creates more than one session while executing malicious functions. Detecting these sessions alone without contextual information is prone to false negatives and false positives.To address these problems, we propose M3F, a Multi-session and Multi-protocol based Malware traffic Fingerprinting that uses multiple related sessions with different protocols as the smallest classification unit. We associate multiple sessions of different protocols together to form several session sequences. For each session in a session sequence, we represent it with a state with three features so that a session sequence can be transformed into a state sequence. For a malware family, we learn a first-order homogeneous Markov chain using its state sequences as its traffic fingerprint (aka M3F). M3Fs reflect the dynamics of malware communication traffic. Meanwhile, the approximate matching technique is used to deal with the evolution of malware, which can improve the recall rate. Armed with M3F, we can locate malware traffic in massive network traffic. We use a large amount of malicious traffic to verify M3F. The experimental results show that M3F has 99.41% precision and 99.54% recall, both outperforming the baseline methods. It does not mark normal traffic as malicious traffic. Additionally, M3F is well interpretable and is the network-level representation of the malware’s behavior.

Securing Network Information System Design: An Efficient Tool for DSP Undocumented Instruction Mining

As recently studied, the undocumented instructions in embedded processors that may cause catastrophic results for devices have become one of the main threats to system security. To tackle this issue, in this paper, we propose an undocumented instruction mining tool for digital signal processors named DSPUIM that can find out the undocumented instructions from the frequently used Digital Signal Processors (DSP) in network information systems. First, we analyzed the characteristics of the DSP instruction format to compress the instruction search space and improve the instruction search speed. Second, according to the public instruction set of DSPs, we built an instruction disassembly framework that helped us to identify all the undefined instructions. Finally, by testing the executability of undefined instructions automatically, we obtained the undocumented instructions for target DSPs. To demonstrate the effectiveness of our tool, we applied it on ten DSP processors of Texas Instruments (TI) and mined 335 undocumented instructions from them within 5 min. Some undocumented instructions have malicious functions, such as changing registers and denial of service, posing a security threat to the network devices using DSPs.

Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems

Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. These attacks take advantage of ML algorithms’ inherent vulnerability. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems. The majority of this research demonstrates that it is possible to fool a model using features extracted from a raw data source, but it does not take into account the real implementation of such attacks, i.e., the reverse transformation from theory to practice. The real implementation of these adversarial attacks would be influenced by various constraints that would make their execution more difficult. As a result, the purpose of this study was to investigate the actual feasibility of adversarial attacks, specifically evasion attacks, against network-based intrusion detection systems (NIDS), demonstrating that it is entirely possible to fool these ML-based IDSs using our proposed adversarial algorithm while assuming as many constraints as possible in a black-box setting. In addition, since it is critical to design defense mechanisms to protect ML-based IDSs against such attacks, a defensive scheme is presented. Realistic botnet traffic traces are used to assess this work. Our goal is to create adversarial botnet traffic that can avoid detection while still performing all of its intended malicious functionality.

A protocol to establish trust on biometric authentication devices

AbstractOne of the most extensively utilized mechanisms for person authentication is a system built using biometric‐based authentication. However, many applications use biometric authentication devices that do not support any device authentication mechanisms. As a result, a counterfeit scanning device may be substituted for the genuine one. Non‐authentic biometric authentication devices may perform some additive / subtractive or malicious functions. This paper proposes a technique for establishing trust in biometric authentication devices. The device authentication procedure is essential to build trust in biometric authentication devices such that non‐genuine biometric authentication devices are not used, which may compromise the loss of authentication factor and its replay when the genuine user is not getting authenticated. The protocol uses strong cryptographic mechanisms to authenticate the biometric authentication device with the application server and includes mechanisms for protection against the tampering of biometric templates and to prevent replay attacks. We also perform a formal verification using BAN logic to demonstrate that the proposed protocol meets the defined objectives. The proposed protocol can be used with any biometric authentication device to achieve the same objectives.

Learning Malicious Circuits in FPGA Bitstreams

Computing platforms are integrating field-programmable gate arrays (FPGAs) to support domain-specific customization. Multiple tenants can share these FPGAs by configuring them at runtime. However, attackers can abuse this capability by programming the FPGAs with malicious functions. A malicious configuration bitstream can launch denial of service, overheat the FPGA, leak sensitive information via side channels, enable remote monitoring, and launch voltage and timing attacks. We consider time-based multitenancy, where multiple tenants use the FPGA at different time intervals and not at the same time. We propose a defense based on machine learning (ML) algorithms to detect bitstreams of malicious circuits and malicious circuits mixed with legitimate circuits by analyzing the static features extracted from FPGA bitstreams. The proposed approach can help detect malicious bitstreams without the need for reverse engineering of the bitstream or having access to the design netlist. Our results on Xilinx FPGAs indicate that supervised classifiers may identify malicious bitstreams representing ring-oscillator circuits with a true-positive rate (TPR) of 100% and a false-positive rate (FPR) of only 4%. In addition, for the extremely difficult problem of detecting malicious bitstreams embedded in legitimate bitstreams, a pipeline of a random forest and a support vector machine classifiers trained on subarrays of bitstreams can help detect bitstreams of malicious circuits embedded in legitimate designs with TPR of 95.5% and FPR of 30.4%.

Improving the robustness of adversarial attacks using an affine-invariant gradient estimator

As designers of artificial intelligence try to outwit hackers, both sides continue to hone in on AI’s inherent vulnerabilities. Designed and trained from certain statistical distributions of data, deep neural networks (DNNs) remain vulnerable to deceptive inputs that violate a DNN’s statistical, predictive assumptions. Before being fed into a neural network, however, most existing adversarial examples cannot maintain malicious functionality when applied to an affine transformation. For practical purposes, maintaining that malicious functionality serves as an important measure of the robustness of adversarial attacks. To help DNNs learn to defend themselves more thoroughly against attacks, we propose an affine-invariant adversarial attack, which can consistently produce more robust adversarial examples over affine transformations. For efficiency, we propose to disentangle current affine-transformation strategies from the Euclidean geometry coordinate plane with its geometric translations, rotations and dilations; we reformulate the latter two in polar coordinates. Afterwards, we construct an affine-invariant gradient estimator by convolving the gradient at the original image with derived kernels, which can be integrated with any gradient-based attack methods. Extensive experiments on ImageNet, including some experiments under physical condition, demonstrate that our method can significantly improve the affine invariance of adversarial examples and, as a byproduct, improve the transferability of adversarial examples, compared with alternative state-of-the-art methods.

Reinforcement learning based adversarial malware example generation against black-box detectors

Recent advances in machine learning offer attractive tools for sophisticated adversaries. An attacker could transform malware into its adversarial version but retain its malicious functionality by employing a dedicated perturbation method. These adversarial malware examples have demonstrated the effectiveness to bypass antivirus engines. However, recent works only leverage a single perturbation method to generate adversarial examples, which cannot defeat advanced detectors. In this paper, we propose a reinforcement learning-based framework called MalInfo, which could generate powerful adversarial malware examples to evade the third-party detectors via an adaptive selection of a perturbation path for each malware in our collected dataset with 1000 diverse malware. To cope with limited computation, MalInfo applies either dynamic programming or temporal difference learning to choose the optimal perturbation path where each path is formed by the combination of Obfusmal, Stealmal, and Hollowmal. We provide a proof-of-concept implementation and extensive evaluation of our framework. Both the detection rate and evasive rate have substantially been improved compared with the state-of-art research MalFox Zhong et al. (2021). To be specific, The average detection rates for dynamic programming and temporal difference learning are 23.2% (21.9% lower than MalFox) and 27.5% (7.4% lower than MalFox), respectively, and the average evasive rates are 65.8% (17.1% higher than MalFox) and 59.4% (5.7% higher than MalFox), respectively.

Improving the Robustness of Adversarial Attacks Using an Affine-Invariant Gradient Estimator

As designers of artificial intelligence try to outwit hackers, both sides continue to hone in on AI's inherent vulnerabilities. Designed and trained from certain statistical distributions of data, AI's deep neural networks (DNNs) remain vulnerable to deceptive inputs that violate a DNN's statistical, predictive assumptions. Before being fed into a neural network, however, most existing adversarial examples cannot maintain malicious functionality when applied to an affine transformation. For practical purposes, maintaining that malicious functionality serves as an important measure of the robustness of adversarial attacks. To help DNNs learn to defend themselves more thoroughly against attacks, we propose an affine-invariant adversarial attack, which can consistently produce more robust adversarial examples over affine transformations. For efficiency, we propose to disentangle current affine-transformation strategies from the Euclidean geometry coordinate plane with its geometric translations, rotations and dilations; we reformulate the latter two in polar coordinates. Afterwards, we construct an affine-invariant gradient estimator by convolving the gradient at the original image with derived kernels, which can be integrated with any gradient-based attack methods. Extensive experiments on ImageNet, including some experiments under physical condition, demonstrate that our method can significantly improve the affine invariance of adversarial examples and, as a byproduct, improve the transferability of adversarial examples, compared with alternative state-of-the-art methods.

Generating adversarial examples via enhancing latent spatial features of benign traffic and preserving malicious functions

Well-crafted adversarial examples can easily deceive neural network models into producing misclassified results while contributing to evaluating and improving the performance and robustness of the classification model. However, most adversarial examples generation methods still have the following drawbacks: (1) the original samples ignore the distribution regularity of benign samples and directly add noise, so the generated adversarial examples have significant differences in latent spatial distribution with benign samples, which makes them difficult to escape detection; (2) the discriminant features of the adversarial examples are directly modified, which causes their malicious patterns to change or malicious functions to be unattainable. In this paper, a novel malicious traffic adversarial examples generation method, NIDSFM, is proposed. Through NIDSFM, the feature space of the traffic samples is reconstructed to avoid interference with the malicious functions of the generated adversarial examples by isolating the discriminant features. By using the ability of the flow-based model to represent the latent space distribution, the distribution of adversarial examples is modeled around the benign samples, then fine-tuned based on generative adversarial networks (GAN) with additional latent spatial noise so that the distribution of generated adversarial examples is similar to benign samples. Extensive experiments were conducted on multiple datasets (NSL-KDD, UNSW-NB15, CIC-DDoS2019) and compared with various adversarial examples generation methods. The experimental results show that the proposed method leads to a significant reduction in the detection rate of multiple NIDSs and is competitive in escaping NIDS detection.

Cardio-ML: Detection of malicious clinical programmings aimed at cardiac implantable electronic devices based on machine learning and a missing values resemblance framework

Patients with life-threatening arrhythmias are often treated with cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs). Recent advancements in CIEDs have enabled advanced functionality and connectivity that make such devices (particularly ICDs) vulnerable to cyber-attacks. One of the most dangerous attacks on CIED ecosystems is a data manipulation attack from a compromised programmer device that sends malicious clinical programmings to the CIED. Such attacks can affect the CIED functioning and impact patient's survival and quality of life. In this paper, we propose Cardio-ML – an automated system for the detection of malicious clinical programmings that is based on machine learning algorithms and a novel missing values resemblance framework. Our system is designed to detect new variants of existing attacks and, more importantly, new unknown (zero-day) attacks, aimed at ICDs. We collected 1651 legitimate clinical programmings from 514 patients, over a four-year period, from programmer devices at two medical centers. Our collection also includes 28 core malicious functionalities created by cardiac electrophysiology experts that were later used to create different variants of malicious programmings. Cardio-ML was evaluated extensively in three comprehensive experiments and showed high detection capabilities in most attack scenarios. We achieved perfect classification results for detecting newly created variants of existing core malicious functionalities, with an AUC of 100%; for completely new unknown (zero-day) malicious clinical programmings, an AUC of 80% was obtained, which is 14% better than the state-of-the-art method. We were able to further improve our detection results by identifying the best combination of legitimate and zero-day malicious programmings in the dataset, achieving an AUC of 87%. CIED clinical programmings have many parameters without values for a large number of samples (programmings). To cope with the extreme amount of missing values in our dataset, we developed a novel missing values-based resemblance framework and evaluated it using three dataset-creation approaches: a standard expert-driven approach, our novel data-driven approach, and a combined approach incorporating both approaches. The results showed that our novel framework handles missing values in the data better than the expert-driven approach which yields an empty dataset. In particular, the combined approach showed a 40% improvement in data utilization compared to the data-driven approach.