Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Computer viruses

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    Leveraging virtual machine introspection with memory forensics to detect and characterize unknown malware using machine learning techniques at hypervisor
    (Elsevier Ltd, 2017) M.a, M.A.; Jaidhar, C.D.
    The Virtual Machine Introspection (VMI) has emerged as a fine-grained, out-of-VM security solution that detects malware by introspecting and reconstructing the volatile memory state of the live guest Operating System (OS). Specifically, it functions by the Virtual Machine Monitor (VMM), or hypervisor. The reconstructed semantic details obtained by the VMI are available in a combination of benign and malicious states at the hypervisor. In order to distinguish between these two states, the existing out-of-VM security solutions require extensive manual analysis. In this paper, we propose an advanced VMM-based, guest-assisted Automated Internal-and-External (A-IntExt) introspection system by leveraging VMI, Memory Forensics Analysis (MFA), and machine learning techniques at the hypervisor. Further, we use the VMI-based technique to introspect digital artifacts of the live guest OS to obtain a semantic view of the processes details. We implemented an Intelligent Cross View Analyzer (ICVA) and implanted it into our proposed A-IntExt system, which examines the data supplied by the VMI to detect hidden, dead, and dubious processes, while also predicting early symptoms of malware execution on the introspected guest OS in a timely manner. Machine learning techniques are used to analyze the executables that are mined and extracted using MFA-based techniques and ascertain the malicious executables. The practicality of the A-IntExt system is evaluated by executing large real-world malware and benign executables onto the live guest OSs. The evaluation results achieved 99.55% accuracy and 0.004 False Positive Rate (FPR) on the 10-fold cross-validation to detect unknown malware on the generated dataset. Additionally, the proposed system was validated against other benchmarked malware datasets and the A-IntExt system outperforms the detection of real-world malware at the VMM with performance exceeding 6.3%. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    Automated multi-level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM
    (Elsevier B.V., 2018) M.a, A.K.; Jaidhar, C.D.
    In order to fulfill the requirements like stringent timing restraints and demand on resources, Cyber–Physical System (CPS) must deploy on the virtualized environment such as cloud computing. To protect Virtual Machines (VMs) in which CPSs are functioning against malware-based attacks, malware detection and mitigation technique is emerging as a highly crucial concern. The traditional VM-based anti-malware software themselves a potential target for malware-based attack since they are easily subverted by sophisticated malware. Thus, a reliable and robust malware monitoring and detection systems are needed to detect and mitigate rapidly the malware based cyber-attacks in real time particularly for virtualized environment. The Virtual Machine Introspection (VMI) has emerged as a fine-grained out-of-VM security solution to detect malware by introspecting and reconstructing the volatile memory state of the live guest Operating System (OS) by functioning at the Virtual Machine Monitor (VMM) or hypervisor. However, the reconstructed semantic details by the VMI are available in a combination of benign and malicious states at the hypervisor. In order to distinguish between these two states, extensive manual analysis is required by the existing out-of-VM security solutions. To address the foremost issue, in this paper, we propose an advanced VMM-based guest-assisted Automated Multilevel Malware Detection System (AMMDS) that leverages both VMI and Memory Forensic Analysis (MFA) techniques to predict early symptoms of malware execution by detecting stealthy hidden processes on a live guest OS. More specifically, the AMMDS system detects and classifies the actual running malicious executables from the semantically reconstructed process view of the guest OS. The two sub-components of the AMMDS are: Online Malware Detector (OMD) and Offline Malware Classifier (OFMC). The OMD recognizes whether the running processes are benign or malicious using its Local Malware Signature Database (LMSD) and online malware scanner and the OFMC classify unknown malware by adopting machine learning techniques at the hypervisor. The AMMDS has been evaluated by executing large real-world malware and benign executables on to the live guest OSs. The evaluation results achieved 100% of accuracy and zero False Positive Rate (FPR) on the 10-fold cross-validation in classifying unknown malware with maximum performance overhead of 5.8%. © 2017 Elsevier B.V.
  • No Thumbnail Available
    Item
    A holistic approach to influence maximization in social networks: STORIE
    (Elsevier Ltd, 2018) Sumith, N.; Annappa, B.; Bhattacharya, S.
    Crowd sourcing techniques are used in social networks to propagate information at a faster pace through campaigns. One of the challenges of crowd sourcing system is to recruit right users to be a part of successful campaigns. Fetching this right group of people, who influence a vast population to adopt information, is termed as influence maximization. Concerns of scalability and effectiveness need an effective and a viable solution. This paper proposes the solution in three stages. At the first stage, the large social network is pruned based on the nodal properties to make the solution scalable. At the second stage, Outdegree Rank (OR), is proposed and at the third stage, Influence Estimation (IE) approach estimates user influence. This work amalgamates aspects of structure, heuristic and user influence, to form STORIE. The proposed approach is compared to standard heuristics, on various experimental setups such as RNNDp, RNUDp and TVM. The spread of information is observed for HEP, PHY, Twitter, Infectious and YouTube data, under Independent Cascade model and STORIE gives optimal results, with an increase up to 50%. Although the paper discusses influence maximization, the proposed approach is also applicable to understand the spread of epidemics, computer virus, and rumor spreading in the real world and can also be extended to detect anomalies in web and social networks. © 2017 Elsevier B.V.
  • No Thumbnail Available
    Item
    GSI: An Influential Node Detection Approach in Heterogeneous Network Using Covid-19 as Use Case
    (Institute of Electrical and Electronics Engineers Inc., 2023) Shetty, R.D.; Bhattacharjee, S.; Dutta, A.; Namtirtha, A.
    The growth of COVID-19, caused by the SARS-CoV-2 virus, has turned into an unprecedented pandemic in the last century. It is crucial to identify superspreading nodes to prevent the pandemic's progress. Most available superspreader identification techniques consider only a single or few network metrics related to the complex network's topological structure. Furthermore, it is more challenging to determine influential spreaders from heterogeneous structures of networks. In a disease transmission network, the degree of heterogeneity is essential to locate the path of the infection spread. Therefore, it is required to have an extended degree of centrality to collect information from various neighborhood levels. This article presents an approach, namely, global structure influence (GSI), which considers network nodes' local and global influence. This method can gather information from multiple levels of the neighborhood. Evaluation of our proposed method is done by considering different types of networks, i.e., social networks, highly heterogeneous human contact networks, and epidemiological networks, and also by using the benchmark susceptible-infected-recovered (SIR) epidemic model. The GSI technique provides real-spreading dynamics across various network structures and has outperformed the baseline techniques with an average Kendall's τ improvement range from 0.017 to 0.278. This study will help to identify the superspeaders in real applications, where pathogens spread quickly because of close contact, such as the recently witnessed COVID-19 pandemic. © 2014 IEEE.