Yilin Zhao,Le Cheng

DOI: https://doi.org/10.1515/ijld-2024-2001

2024-01-01

International Journal of Legal Discourse

Abstract:As digital technology prevails in crimes, academic insights have expanded to diverse issues related to cybercrimes both in China and abroad. Various jurisdictions have made efforts to get cybercrime under control, in particular, fighting against the misuse of emerging technologies in cybercrimes. In the context of cross-border cybercrime, putting one region's criminal growth down could not live without cross-border or cross-sector cooperation. With such understanding, this paper aims to conduct a comparative study of cross-border cybercrime publications to see the research trends from the divergence and convergence of academic studies inside and outside China. Specifically, using CiteSpace (6.2.R6), this study presents an extensive bibliometric analysis of cross-border cybercrime research published during the past three decades in Web of Science Core Collections and China National Knowledge Infrastructure (CNKI). The findings indicate the typical features of publications in different phases. Among others, the keywords analysis including cluster mapping and strongest burst reveals the research trend, which indicates that cross-border cybercrime is featured as possessing a complete industrial chain of online black market, with increasing application of high-tech tools and more connection with illicit financial flow. This study also examines barriers and touches upon the implications in the efficient fight against cross-border cybercrime, as well as the existing approaches like public-private partnership, mutual legal assistance and police cooperation, and global pathways to reducing conflicts among jurisdictions.

Bo Yun Zhang,Xi Ai Yan,De Quan Tang

DOI: https://doi.org/10.1088/1742-6596/1087/6/062026

2018-09-01

Journal of Physics: Conference Series

Abstract:This paper describes the research status and progress of malicious code intelligent detection techniques. It introduced the research background of the malicious code detection. Then the classified and analyzed research work from the theoretical research on malicious code detection, malicious code static detection and dynamic detection, integrated detection and based on biological immune detection techniques are described in detail. The contrastive analysis of different detection methods principle and further study on the future directions are discussed.

Tao Zhao,Xiaoyu Ji,Wenyuan Xu,Aidong Xu,Yixin Jiang,Yang Cao

DOI: https://doi.org/10.1109/ei247390.2019.9061849

2019-01-01

Abstract:With the increase of power terminal devices and IoT devices which are accessed to the power grid, their security issues are becoming more and more important. While the microgrid controllers are served as the central core of the entire microgrid, the attacks on microgrid controllers and other power end devices have been launched in recent years. It's obvious that the current safety protection measures for power end devices are insufficient. However, microgrid controllers cannot be protected by traditional intrusion detection systems or anti-virus software. Motivated by these concerns, this paper proposes a non-intrusive malicious code security monitoring scheme based on a power side channel. The core idea is to measure the power consumption data of the microgrid controller, to extract the power consumption feature, and to identify the abnormality sample through CWRNN neural network to determine whether the microgrid controller is attacked or not. The advantage of this method is that it can effectively detect unknown attacks without modifying the original software system. What's more, the method is evaluated in the experimental test, and the detection accuracy can reach to 92%.

Wenbo Guo,Zhengzi Xu,Chengwei Liu,Cheng Huang,Yong Fang,Yang Liu

2023-09-20

Abstract:PyPI provides a convenient and accessible package management platform to developers, enabling them to quickly implement specific functions and improve work efficiency. However, the rapid development of the PyPI ecosystem has led to a severe problem of malicious package propagation. Malicious developers disguise malicious packages as normal, posing a significant security risk to end-users. To this end, we conducted an empirical study to understand the characteristics and current state of the malicious code lifecycle in the PyPI ecosystem. We first built an automated data collection framework and collated a multi-source malicious code dataset containing 4,669 malicious package files. We preliminarily classified these malicious code into five categories based on malicious behaviour characteristics. Our research found that over 50% of malicious code exhibits multiple malicious behaviours, with information stealing and command execution being particularly prevalent. In addition, we observed several novel attack vectors and anti-detection techniques. Our analysis revealed that 74.81% of all malicious packages successfully entered end-user projects through source code installation, thereby increasing security risks. A real-world investigation showed that many reported malicious packages persist in PyPI mirror servers globally, with over 72% remaining for an extended period after being discovered. Finally, we sketched a portrait of the malicious code lifecycle in the PyPI ecosystem, effectively reflecting the characteristics of malicious code at different stages. We also present some suggested mitigations to improve the security of the Python open-source ecosystem.

Software Engineering

Jia-xi HU,Yi-jun WANG,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.12.028

2017-01-01

Abstract:Malicious code under the new situation is more focused on specific scenarios, such as banks, enterprise intranets, Internet of things, etc. Malicious code in different scenarios needs, as a common thing, to bypass anti-virus software and other defense systems. Via study and analysis on the working principle of anti-virus software and a large number of malicious code samples, some anti-anti-virus technology involving white list, code obfuscation, sandbox bypassing and other antivirus-bypassing software tricks is proposed. Based on the above anti-anti-virus technology, the malicious code samples are packaged for a second time, and the tests of their anti-anti-virus killing rates also done on VirusTotal platform. The test results indicate that the anti-anti-virus technology makes the killing rate of malicious code sample significantly reduced, and that the reliance only on anti-virus software for preventing malicious code is not very reliable.

Zhimin Yin,Xiangzhan Yu,Linhua Niu

DOI: https://doi.org/10.2991/icaise.2013.45

2013-01-01

Abstract:The malicious code on the network is increasingly rampant that the traditional detection method of characteristic code has been difficult to deal with malicious code, with features of various variants, deformations and other problems. In this paper we present a new static analysis model based on software fingerprint to distinguish malicious codes. Through obtaining the software call graph by disassembling the binary file and mapping it as an image, shape moments can be obtained as the software fingerprint based on the retrieval theory of content image, combined with moment theory and the image's color, texture and shape features. The idea of pattern matching is used to measure the extracted software fingerprint similarity to determine whether it is malicious code or not. Then, we analyze the collected program samples. Test and verify whether the program has good performance in uniqueness, invariability and sensibility.

Sun Haoliang,Wang Dawei,Zhang Ying

DOI: https://doi.org/10.1109/iccsn.2019.8905286

2019-01-01

Abstract:Nowadays, a major challenge to network security is malicious codes. However, manual extraction of features is one of the characteristics of traditional detection techniques, which is inefficient. On the other hand, the features of the content and behavior of the malicious codes are easy to change, resulting in more inefficiency of the traditional techniques. In this paper, a K-Means Clustering Analysis is proposed based on Adaptive Weights (AW-MMKM). Identifying malicious codes in the proposed method is based on four types of network behavior that can be extracted from network traffic, including active, fault, network scanning, and page behaviors. The experimental results indicate that the AW-MMKM can detect malicious codes efficiently with higher accuracy.

Pascal Maniriho,Abdun Naser Mahmood,Mohammad Jabed Morshed Chowdhury

DOI: https://doi.org/10.1016/j.future.2021.11.030

IF: 7.307

2022-05-01

Future Generation Computer Systems

Abstract:There has been an increasing trend of malware release, which raises the alarm for security professionals worldwide. It is often challenging to stay on top of different types of malware and their detection techniques, which are essential, particularly for researchers and the security community. Analysing malware to get insights into what it intends to perform on the victim’s system is one of the crucial steps towards malware detection. Malware analysis can be performed through static analysis, code analysis, dynamic analysis, memory analysis and hybrid analysis techniques. The next step to malware analysis is the detection model’s design using malware’s extracted patterns from the analysis. Machine learning and deep learning methods have drawn attention to researchers, owing to their ability to implement sophisticated malware detection models that can deal with known and unknown malicious activities. Therefore, this survey presents a comprehensive study and analysis of current malware and detection techniques using the snowball approach. It presents a comprehensive study on malware analysis testbeds, dynamic malware analysis and memory analysis, the taxonomy of malware behaviour analysis tools, datasets repositories, feature selection, machine learning and deep learning techniques. Moreover, comparisons of behaviour-based malware detection techniques have been grouped by categories of machine learning and deep learning techniques. This study also looks at various performance evaluation metrics, current research challenges in this area and possible future direction of research.

Qian-feng CHU,Xin-yu ZHU,Gong-shen LIU

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.07.028

2017-01-01

Abstract:The proliferation of malicious code threatens the information and property security of the people at all times. The facts indicate that many new types of malicious code are variants of the existing code, and by using the deformation, packing, polymorphism, code disruption and other technologies to modify these existing malicious codes, the scanning from traditional detection technologies could be avoided. For this reason, and based on static mode, dynamic and combination of both modes, the homology judgment technologies of malicious codes are summarized and classified, and their basic principles, implement details, features, strengths and limitations also discussed, expecting to effectively solve the detection and processing of newly-emerging malicious codes. Finally, the development direction of homology judgment technologies is forecasted, thus to promote the further research.

Ling Wu,Qiong Peng,Michael Lembke,,,

DOI: https://doi.org/10.52306/ozmb2721

2023-03-31

International Journal of Cybersecurity Intelligence and Cybercrime

Abstract:Studies on cybercrime and cybersecurity have expanded in both scope and breadth in recent years. This study offers a bibliometric review of research trends in cybercrime and cybersecurity over the past 26 years (1995-2021) based on Web of Science core collection database. Specifically, we examine the growth of scholarship and the expanded scope of subject categories and relevant journals. We also analyze the research collaboration network based on authors’ affiliated institutions and countries. Finally, we identify major topics within the fields, how each topic relates to – and diverges from – one another, and their evolution over time. Overall, we illustrate the scientific landscape of cybercrime and cybersecurity scholarship by quantitatively synthesizing major components of existing literature. This study offers actionable insights to help researchers identify key research resources, establish/expand collaboration networks, and investigate emerging research topics in this increasingly important domain in criminology and criminal justice.

Wen Wei-ping,Qing Si-han

DOI: https://doi.org/10.1007/bf02828623

2005-01-01

Abstract:With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. Theremaining problems and emerging trends in this area are also addressed in the paper.

Jianguo Ding,Jian Jin,Pascal Bouvry,Yongtao Hu,Haibing Guan

DOI: https://doi.org/10.1109/ICIMP.2009.20

2009-01-01

Abstract:With the rising popularity of the Internet, the resulting increase in the number of available vulnerable machines, and the elevated sophistication of the malicious code itself, the detection and prevention of unknown malicious codes meet great challenges. Traditional anti-virus scanner employs static features to detect malicious executable codes and is hard to detect the unknown malicious codes effectively. We propose behavior-based dynamic heuristic analysis approach for proactive detection of unknown malicious codes. The behavior of malicious codes is identified by system calling through virtual emulation and the changes in system resources. A statistical detection model and mixture of expert (MoE) model are designed to analyze the behavior of malicious codes. The experiment results demonstrate the behavior-based proactive detection is efficient in detecting unknown malicious executable codes.

Zhihua Cui,Lei Du,Penghong Wang,Xingjuan Cai,Wensheng Zhang

DOI: https://doi.org/10.1016/j.jpdc.2019.03.010

IF: 4.542

2019-01-01

Journal of Parallel and Distributed Computing

Abstract:An increasing amount of malicious code causes harm on the internet by threatening user privacy as one of the primary sources of network security vulnerabilities. The detection of malicious code is becoming increasingly crucial, and current methods of detection require much improvement. This paper proposes a method to advance the detection of malicious code using convolutional neural networks (CNNs) and intelligence algorithm. The CNNs are used to identify and classify grayscale images converted from executable files of malicious code. Non-dominated Sorting Genetic Algorithm II (NSGA-II) is then employed to deal with the data imbalance of malware families. A series of experiments are designed for malware image data from Vision Research Lab. The experimental results demonstrate that the proposed method is effective, maintaining higher accuracy and less loss.

WU Bing,YUN Xiao-chun,GAO Qi

DOI: https://doi.org/10.3321/j.issn:1000-436x.2007.11.014

2007-01-01

Abstract:Following the analysis for traditional distributed IDS,disadvantages that applying structure of multiple engine and small rules set to detect network-level malcode were pointed out,which is based on detailed protocol decoding.Detection model and anti-malcode markup language of network-level malcode were designed for single engine and big rules set.The characteristics of network data flow were analyzed.By optimization of patterns,frequent collisions between suffix with data flow and unbalanced branched of chained list were avoided.The efficiency by using WM algorithm to detect malcode on network level can be remarkably increased.

Xin-yu ZHU,Qian-feng CHU,Gong-shen LIU

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.08.031

2017-01-01

Abstract:In recent years, the packing technology develop rapidly, and this gives malicious code a new way to escape the detection. The continuous development of packing technology brings a great challenge to the detection of malicious code. How to achieve malicious code shelling and restore the original content of the program now becomes one of the important areas of computer security research. Based on analysis of the shelling principle, and from two aspects of static and dynamic, the current malicious code shelling technology is summarized, and the principles, features and limits of various detecting methods also expounded. Meanwhile, different kinds of shelling tools are sorted out and described. Finally, the development trend of shelling technology is forecasted.

Huijuan Wang,Boyan Cui,Quanbo Yuan,Ruonan Shi,Mengying Huang

DOI: https://doi.org/10.1016/j.neucom.2024.128010

IF: 6

2024-06-16

Neurocomputing

Abstract:With the popularization of computer technology, the number of malware has increased dramatically in recent years. Some malware can threaten the network security of users by downloading and installing, and even spreading widely on the Internet, causing consequences such as private data leakage in the operating system, extortion, and network paralysis. In order to deal with these threats, researchers analyze malicious samples through various analysis techniques, which are usually divided into static and dynamic analysis based on the principle of whether the code needs to be executed or not. This paper analyzes in detail several classical methods of feature extraction in malware detection techniques. With the technological development of artificial intelligence, deep learning is gradually being introduced into malware detection, which does not require the identification of professional security personnel and greatly improves the generalization ability of detection. In the paper, text-based detection methods, image visualization-based detection, and graph structure-based detection techniques are reviewed according to different feature extraction methods. In addition, the paper compares 26 datasets that have been commonly used in recent years applied in the research field and explains the main contents and specifications of the datasets. Finally, a summary and outlook of the malware research field is given.

computer science, artificial intelligence

Zhang Xiaojun,Li Yingcai,Zhang Fuqiang,Zhang Qian,Han Li

DOI: https://doi.org/10.1145/3469213.3471388

2021-05-28

Abstract:With the continuous development of network technology, global informatization has become a reality. While the openness and interconnection of IP network protocols bring convenience to data communication, it also provides space for network intruders to enter the void. In particular, the terminal system design is fragile, the software running on the terminal is becoming more and more complicated, and its various components are interdependent, and vulnerabilities are prone to occur in the process of development and maintenance. 0day vulnerabilities emerge endlessly, and static protection methods have exposed deficiencies.

Ningke Li,Shenao Wang,Mingxi Feng,Kailong Wang,Meizhen Wang,Haoyu Wang

DOI: https://doi.org/10.1109/ase56229.2023.00073

2024-01-01

Abstract:In the face of increased threats within software registries and management systems, we address the critical need for effective malicious code detection. In this paper, we propose an innovative approach that integrates source code slicing, inter-procedural analysis, and cross-file inter-procedural analysis, thereby enhancing the detection precision and reducing false positives. This approach has been encapsulated within a multi-analysis-based framework for automatic detection of malicious code in real-world software packages. In its application to major third-party software registries like PyPI and NPM, our framework has proven effective, identifying 130 malicious packages from a total of 169,640 monitored over a continuous period of five weeks. This work advances the current state-of-the-art solution to malicious code detection, demonstrating significant practical impact in strengthening the software supply chain defense.

Sharfah Ratibah Tuan Mat,Mohd Faizal Ab Razak,Mohd Nizam Mohmad Kahar,Juliza Mohamad Arif,Salwana Mohamad,Ahmad Firdaus

DOI: https://doi.org/10.1007/s11192-020-03834-6

IF: 3.801

Scientometrics

Abstract:Malware is a blanket term for Trojan, viruses, spyware, worms, and other files that are purposely created to harm computers, mobile devices, or computer networks. Malware commonly steals, encrypts, damages, and causes a mess in these devices. The growth of malware attacks has a consequence on the growth and attractiveness of mobile features in mobile devices. Most malware research aims to probe the different methods of preventing, analysing, and detecting malware attacks. This paper aims to demonstrate an exhaustive knowledge map of the Android malware by collecting a ten (10) year dataset from the Web of Science database. A bibliometric analysis was employed for analysing articles published between 2010 and 2019. Using the keyword "malware", 5622 articles were retrieved. After scrutinising with the keywords of "Android malware", 1278 articles were then collected. This study provides an overview of the articles, productivity, research area, the Web of Science categories, authors, high-cited articles, institutions, and impact journals examining malware. Research activities are continued by placing terms in the classification of malware detection systems that outline important areas in malware research. From the analysis, it can be concluded that the highest number of publications focusing on malware studies came from the continent of Asia. Additionally, this study discusses the challenges of malware studies in the recent research studies as well as the future direction.

Meng Li,Xiaoqi Jia,Rui Wang,Dongdai Lin

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.08.063

2015-01-01

Abstract:In malicious code analysis and detection, the static analysis techniques are not effective to detect metamorphic/polymorphic ma-licious codes.Aiming at this problem, this paper proposes an approach for extracting the dynamic features of malicious code semantics.The method extracts the dynamic features of malicious codes in virtual environment so as to achieve the purpose of protecting physical machine. The primitive features extracted are then further sifted and processed to obtain API calling sequence information in regard to various code sam-ples.In order to make the features more effective, the traditional n-gram model is improved and the n-gram frequency information and the de-pendencies between APIs are added, the improved n-gram model is built as well.The analysis part in experimental result uses the machine learning methods, the decision trees, k-nearest neighbour, support vector machine and Bayesian networks are employed separately to perform a 10-fold crossover validation on the selected sample features.Experimental results show that this feature selection has best detection effect using decision tree J48, it can effectively detect the malicious codes using confusion and polymorphism technologies.