Umakant Mishra

DOI: https://doi.org/10.48550/arXiv.1307.6354

2013-07-24

Cryptography and Security

Abstract:During a fight between viruses and anti-viruses it is not always predictable that the anti-virus is going to win. There are many malicious viruses which target to attack and paralyze the anti-viruses. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware. The anti-virus may follow thorough testing and auditing procedures to fix all its bugs before releasing the software in the market. Besides the anti-virus may use all the obfuscation techniques like polymorphism that the viruses generally use to hide their codes. This article also shows how to use TRIZ Inventive Standards to solve the harmful effects of the viruses on the anti-virus.

Hong CHEN,Weiwei YANG,Jiankun SHI,Weiqiang LIN

DOI: https://doi.org/10.16400/j.cnki.kjdkz.2015.07.086

2015-01-01

Abstract:In order to reduce the harm of the computer virus, the proposal is presented to cut off the computer virus' lifecycle based on the working principles of the computer virus. The effective strategy is to implement the defense mechanism during the design stage, the propagation phase and the operation phase with the safety education, which demonstrates it is effective to reduce the average probability of poisoning about 23%and the percentage of working hours is improved 25%in lab of uni-versities and colleges.

Tianhao Shen,Di Gao,Yiyu Shi,Cheng Zhuo

DOI: https://doi.org/10.1109/islped.2019.8824993

2019-01-01

Abstract:Various hardware attacks have recently emerged to fail chips in critical civil and military infrastructures. However, most of them jeopardize the circuit functionality through additional hardware, where several countermeasures have been developed. In this paper, we present a very interesting yet powerful virus that can cause chip failure. Instead of directly injecting hardware sub-circuits that require layout modification or split manufacturing, we use resonant noise in power delivery system as the weapon. We show that, with simple but particular manipulations at software layer, repetitive excitations can be created. As the period gets closer to the resonance of the power delivery system, caused by on-chip capacitance and package inductance, significant voltage overshoot and undershoot can occur, preventing the regular operations of phase-locked-loops and other sensitive components. In short, the virus can hide deep within the software programs, but is easy to activate and impose severe impacts. Experimental results show that the proposed resonant virus may result in noise up to 33-53% of the nominal supply level, which doubles the noise generated by PARSEC3 workload. Moreover, the virus brings 8-19% more performance degradation than the regular workload.

Umakant Mishra

DOI: https://doi.org/10.48550/arXiv.1307.5420

2013-07-20

Cryptography and Security

Abstract:As the anti-viruses run in a trusted kernel level any loophole in the anti-virus program can enable attackers to take full control over the computer system and steal data or do serious damages. Hence the anti-virus engines must be developed with proper security in mind. The ant-virus should be able to any type of specially created executable files, compression packages or documents that are intentionally created to exploit the anti-virus weakness. Viruses are present in almost every system even though there are anti-viruses installed. This is because every anti-virus, however good it may be, leads to some extent of false positives and false negatives. Our faith on the anti-virus system often makes us more careless about hygienic habits which increases the possibility of infection. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware.

Babak Bashari Rad,Maslin Masrom

DOI: https://doi.org/10.48550/arXiv.1104.3229

2011-04-16

Cryptography and Security

Abstract:Metamorphic viruses engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to present an idea that for a number of special obfuscation approaches the presented solution can be used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus.

Vaishnavi Bhagwat Savant,Rupali D. Kasar

DOI: https://doi.org/10.52711/2231-3915.2021.00011

2021-12-31

International Journal of Technology

Abstract:Computer use is becoming part of our lives every other day however there have been considerable threats of computer viruses in the recent past. Viruses have had adverse effects on data and programs ranging from formatting hard disks, damaging information infrastructure etc. The purpose of the review is to discover the impact of computer virus attack and provide procedures on how individuals can protect their personal computer (PC) against virus attacks. It is important to address the virus attacks and its protective mechanisms among the personal computer users in this electronic world. After identification of typical aspects which leads to computer virus attacks the possible solutions are put forwarded to personal computer users to overcome this virus attacks and their future improvement in computer usage. This paper defines a virus and explain its related terms like phases of viruses, types of viruses worms. It describes the general symptoms of virus attacks and the solutions apart from using anti-virus software, there are other procedures which can help protect against viruses which are also mentioned, the future of computer viruses and the conclusion that the Internet is serving its purpose of interconnecting computer and hence encouraging scattering of viruses then makes some recommendations on viruses.

Nikolai Gladychev

DOI: https://doi.org/10.48550/arXiv.1912.06510

2019-12-13

Abstract:Identifying new viral threats, and developing long term defences against current and future computer viruses, requires an understanding of their behaviour, structure and capabilities. This paper aims to advance this understanding by further developing the abstract theory of computer viruses. A method of providing abstract definitions for classes of viruses is presented in this paper, which addresses inadequacies of previous techniques. Formal definitions for some classes of viruses are then provided, which correspond to existing informal definitions. To relate the abstract theory to the real world, the connection between the abstract definitions and concrete virus implementations is examined. The use of the proposed method in studying the fundamental properties of computer viruses is discussed.

Cryptography and Security

陈顼颢,王志英,任江春,郑重,黄訸

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.06.098

2010-01-01

Abstract:Based on virus behavior analysis and pattern recognition technology, this paper proposed an active defense strategy with user behavior patterns as the core, which could identify the user’s normal behavior, and could find that the system was attacked by malware when abnormal behavior was detected. This strategy was independent of the proliferation of malware which made defense technology not be subject to malicious programs. It implemented this defense strategy, and did experiments in a virtual execution environment. The results show that this strategy has a high rate in recognition of the unknown virus.

Babak Bashari Rad,Maslin Masrom

DOI: https://doi.org/10.48550/arXiv.1104.3228

2011-04-16

Abstract:In order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus software, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or partly different and contain dissimilar sequences of string, but their behavior and function remain unchanged. This obfuscation process allows them to stay away from the string based signature detection. In this research, we use a statistical technique to compare the similarity between two files infected by two morphed versions of a given metamorphic virus. Our proposed solution based on static analysis and it uses the histogram of machine instructions frequency in various offspring of obfuscated viruses. We use Euclidean histogram distance metric to compare a pair of portable executable (PE) files. The aim of this study is to show that for some particular obfuscation methods, the presented solution can be exploited to detect morphed varieties of a file. Hence, it can be utilized by non-string based signature scanning to identify whether a file is a version of a metamorphic virus or not.

Cryptography and Security

Lin Sun,Cai Fu,Ming Fu,Deliang Xu,Lansheng Han,Deqing Zou

DOI: https://doi.org/10.1109/cc.2016.7489983

2016-01-01

China Communications

Abstract:Network structures and human behaviors are considered as two important factors in virus defense currently. However, due to ignorance of network security, normal users usually take simple activities, such as reinstalling computer system, or using the computer recovery system to clear virus. How system recovery influences virus spreading is not taken into consideration currently. In this paper, a new virus propagation model considering the system recovery is proposed first, and then in its steady-state analysis, the virus propagation steady time and steady states are deduced. Experiment results show that models considering system recovery can effectively restrain virus propagation. Furthermore, algorithm with system recovery in BA scale-free network is proposed. Simulation result turns out that target immunization strategy with system recovery works better than traditional ones in BA network.

Moustafa Saleh

DOI: https://doi.org/10.48550/arXiv.1206.5871

2013-12-15

Abstract:Metamorphic viruses are considered the most dangerous of all computer viruses. Unlike other computer viruses that can be detected statically using static signature technique or dynamically using emulators, metamorphic viruses change their code to avoid such detection techniques. This makes metamorphic viruses a real challenge for computer security researchers. In this thesis, we investigate the techniques used by metamorphic viruses to alter their code, such as trivial code insertion, instructions substitution, subroutines permutation and register renaming. An in-depth survey of the current techniques used for detection of this kind of viruses is presented. We discuss techniques that are used by commercial antivirus products, and those introduced in scientific researches. Moreover, a novel approach is then introduced for metamorphic virus recognition based on unsupervised machine learning generally and Eigenfaces technique specifically which is widely used for face recognition. We analyze the performance of the proposed technique and show the experimental results compared to results of well-known antivirus engines. Finally, we discuss the future and potential enhancements of the proposed approach to detect more and other target viruses.

Cryptography and Security

Heinz Riener,Rüdiger Ehlers,Görschwin Fey

DOI: https://doi.org/10.4204/EPTCS.178.3

2015-03-17

Abstract:We propose a path-based approach to program repair for imperative programs. Our repair framework takes as input a faulty program, a logic specification that is refuted, and a hint where the fault may be located. An iterative abstraction refinement loop is then used to repair the program: in each iteration, the faulty program part is re-synthesized considering a symbolic counterexample, where the control-flow is kept concrete but the data-flow is symbolic. The appeal of the idea is two-fold: 1) the approach lazily considers candidate repairs and 2) the repairs are directly derived from the logic specification. In contrast to prior work, our approach is complete for programs with finitely many control-flow paths, i.e., the program is repaired if and only if it can be repaired at the specified fault location. Initial results for small programs indicate that the approach is useful for debugging programs in practice.

Programming Languages,Software Engineering

GUAN Xin,ZHU Bing,CHEN Zhen,PENG Xue-hai

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.04.003

2013-01-01

Abstract:As the computing technology flourishes recently,the computing world is also in the peril of viruses.Network transferred viruses,such as worms,which threat millions of hosts in Internet.As countermeasure of such attacks,the research work for Anti-Virus is urgent affairs and a big problem.This paper describes an implementation of Anti-Virus engine.It focuses on technologies for scanning viruses by the use of virus signatures based on Hex Sig and MD5 Sig.The author implements two Hex-Sig-based scanning algorithms by using binary tree and hash table,and compares the performances of the two algorithms.Some conceived experiments are conducted,and results show that the hash-table-based algorithm achieves better performance in terms of the scanning speed.The author also investigates into a MD5-Sig-based scanning algorithm,and evaluates its performance.Finally,future work is planned and prospected.

Penghui Liu,Yingzhou Bi,Jiangtao Huang,Xinxin Jiang,Lianmei Wang

2024-11-08

Abstract:Software vulnerabilities are flaws in computer software systems that pose significant threats to the integrity, security, and reliability of modern software and its application data. These vulnerabilities can lead to substantial economic losses across various industries. Manual vulnerability repair is not only time-consuming but also prone to errors. To address the challenges of vulnerability repair, researchers have proposed various solutions, with learning-based automatic vulnerability repair techniques gaining widespread attention. However, existing methods often focus on learning more vulnerability data to improve repair outcomes, while neglecting the diverse characteristics of vulnerable code, and suffer from imprecise vulnerability <a class="link-external link-http" href="http://localization.To" rel="external noopener nofollow">this http URL</a> address these shortcomings, this paper proposes CRepair, a CVAE-based automatic vulnerability repair technology aimed at fixing security vulnerabilities in system code. We first preprocess the vulnerability data using a prompt-based method to serve as input to the model. Then, we apply causal inference techniques to map the vulnerability feature data to probability distributions. By employing multi-sample feature fusion, we capture diverse vulnerability feature information. Finally, conditional control is used to guide the model in repairing the <a class="link-external link-http" href="http://vulnerabilities.Experimental" rel="external noopener nofollow">this http URL</a> results demonstrate that the proposed method significantly outperforms other benchmark models, achieving a perfect repair rate of 52%. The effectiveness of the approach is validated from multiple perspectives, advancing AI-driven code vulnerability repair and showing promising applications.

Software Engineering,Artificial Intelligence

Eli Belkind,Ran Dubin,Amit Dvir

2023-07-26

Abstract:With the advance in malware technology, attackers create new ways to hide their malicious code from antivirus services. One way to obfuscate an attack is to use common files as cover to hide the malicious scripts, so the malware will look like a legitimate file. Although cutting-edge Artificial Intelligence and content signature exist, evasive malware successfully bypasses next-generation malware detection using advanced methods like steganography. Some of the files commonly used to hide malware are image files (e.g., JPEG). In addition, some malware use steganography to hide malicious scripts or sensitive data in images. Steganography in images is difficult to detect even with specialized tools. Image-based attacks try to attack the user's device using malicious payloads or utilize image steganography to hide sensitive data inside legitimate images and leak it outside the user's device. Therefore in this paper, we present a novel Image Content Disarm and Reconstruction (ICDR). Our ICDR system removes potential malware, with a zero trust approach, while maintaining high image quality and file usability. By extracting the image data, removing it from the rest of the file, and manipulating the image pixels, it is possible to disable or remove the hidden malware inside the file.

Cryptography and Security,Artificial Intelligence

Reemah M. Alhebshi,Nauman Ahmed,Dumitru Baleanu,Umbreen Fatima,Fazal Dayan,Muhammad Rafiq,Ali Raza,Muhammad Ozair Ahmad,Emad E. Mahmoud

DOI: https://doi.org/10.32604/cmc.2023.033319

2023-01-01

Abstract:Typically, a computer has infectivity as soon as it is infected. It is a reality that no antivirus programming can identify and eliminate all kinds of viruses, suggesting that infections would persevere on the Internet. To understand the dynamics of the virus propagation in a better way, a computer virus spread model with fuzzy parameters is presented in this work. It is assumed that all infected computers do not have the same contribution to the virus transmission process and each computer has a different degree of infectivity, which depends on the quantity of virus. Considering this, the parameters β and γ being functions of the computer virus load, are considered fuzzy numbers. Using fuzzy theory helps us understand the spread of computer viruses more realistically as these parameters have fixed values in classical models. The essential features of the model, like reproduction number and equilibrium analysis, are discussed in fuzzy senses. Moreover, with fuzziness, two numerical methods, the forward Euler technique, and a nonstandard finite difference (NSFD) scheme, respectively, are developed and analyzed. In the evidence of the numerical simulations, the proposed NSFD method preserves the main features of the dynamic system. It can be considered a reliable tool to predict such types of solutions.

computer science, information systems,materials science, multidisciplinary

Jichao Bi,Lu-Xing Yang,Xiaofan Yang,Yingbo Wu,Yuan Yan Tang

DOI: https://doi.org/10.48550/arXiv.1706.02035

2017-06-07

Abstract:This paper addressed the issue of estimating the damage caused by a computer virus. First, an individual-level delayed SIR model capturing the spreading process of a digital virus is derived. Second, the damage inflicted by the virus is modeled as the sum of the economic losses and the cost for developing the antivirus. Next, the impact of different factors, including the delay and the network structure, on the damage is explored by means of computer simulations. Thereby some measures of reducing the damage of a virus are recommended. To our knowledge, this is the first time the antivirus-developing cost is taken into account when estimating the damage of a virus.

Social and Information Networks,Physics and Society

Fauzi Adi Rafrastara,Faizal M. A

DOI: https://doi.org/10.48550/arXiv.2009.06630

2020-09-14

Cryptography and Security

Abstract:This research proposed an architecture and a system which able to monitor the virus behavior and classify them as a traditional or polymorphic virus. Preliminary research was conducted to get the current virus behavior and to find the certain parameters which usually used by virus to attack the computer target. Finally, test bed environment is used to test our system by releasing the virus in a real environment, and try to capture their behavior, and followed by generating the conclusion that the tested or monitored virus is classified as a traditional or polymorphic virus.

Jagdev Singh,Jitendra Kumar,Devendra kumar,Dumitru Baleanu

DOI: https://doi.org/10.3934/math.2024155

2024-01-01

AIMS Mathematics

Abstract:A computer network can detect potential viruses through the use of kill signals, thereby minimizing the risk of virus propagation. In the realm of computer security and defensive strategies, computer viruses play a significant role. Understanding of their spread and extension is a crucial component. To address this issue of computer virus spread, we employ a fractional epidemiological SIRA model by utilizing the Caputo derivative. To solve the fractional-order computer virus model, we employ a computational technique known as the Jacobi collocation operational matrix method. This operational matrix transforms the problem of arbitrary order into a system of nonlinear algebraic equations. To analyze this system of arbitrary order, we derive an approximate solution for the fractional computer virus model, also considering the Vieta Lucas polynomials. Numerical simulations are performed and graphical representations are provided to illustrate the impact of order of the fractional derivative on different profiles.

mathematics, applied

Mohan Anand Putrevu,Hrushikesh Chunduri,Venkata Sai Charan Putrevu,Sandeep K Shukla

2024-09-13

Abstract:The use of multi-threading and file prioritization methods has accelerated the speed at which ransomware encrypts files. To minimize file loss during the ransomware attack, detecting file modifications at the earliest execution stage is considered very important. To achieve this, selecting files as traps and monitoring changes to them is a practical way to deal with modern ransomware variants. This approach minimizes overhead on the endpoint, facilitating early identification of ransomware. This paper evaluates various machine learning-based trap selection methods for reducing file loss, detection delay, and endpoint overhead. We specifically examine non-parametric clustering methods such as Affinity Propagation, Gaussian Mixture Models, Mean Shift, and Optics to assess their effectiveness in trap selection for ransomware detection. These methods select M files from a directory with N files (M<N) and use them as traps. In order to address the shortcomings of existing machine learning-based trap selection methods, we propose APFO (Affinity Propagation with File Order). This method is an improvement upon existing non-parametric clustering-based trap selection methods, and it helps to reduce the amount of file loss and detection delay encountered. APFO demonstrates a minimal file loss percentage of 0.32% and a detection delay of 1.03 seconds across 18 contemporary ransomware variants, including rapid encryption variants of lock-bit, AvosLocker, and Babuk.

Cryptography and Security