Measuring and modeling the label dynamics of online {Anti-Malware} engines
VirusTotal provides malware labels from a large set of anti-malware engines, and is heavily
used by researchers for malware annotation and system evaluation. Since different engines …
used by researchers for malware annotation and system evaluation. Since different engines …
Chainsmith: Automatically learning the semantics of malicious campaigns by mining threat intelligence reports
Z Zhu, T Dumitras - … IEEE European symposium on security and …, 2018 - ieeexplore.ieee.org
Modern cyber attacks consist of a series of steps and are generally part of larger campaigns.
Large-scale field data provides a quantitative measurement of these campaigns. On the …
Large-scale field data provides a quantitative measurement of these campaigns. On the …
Read between the lines: An empirical measurement of sensitive applications of voice personal assistant systems
Voice Personal Assistant (VPA) systems such as Amazon Alexa and Google Home have
been used by tens of millions of households. Recent work demonstrated proof-of-concept …
been used by tens of millions of households. Recent work demonstrated proof-of-concept …
[HTML][HTML] Getting to the root of the problem: A detailed comparison of kernel and user level data for dynamic malware analysis
Dynamic malware analysis is fast gaining popularity over static analysis since it is not easily
defeated by evasion tactics such as obfuscation and polymorphism. During dynamic …
defeated by evasion tactics such as obfuscation and polymorphism. During dynamic …
Re-measuring the label dynamics of online anti-malware engines from millions of samples
VirusTotal is the most widely used online scanning service in both academia and industry.
However, it is known that the results returned by antivirus engines are often inconsistent and …
However, it is known that the results returned by antivirus engines are often inconsistent and …
Malmax: Multi-aspect execution for automated dynamic web server malware analysis
This paper presents MalMax, a novel system to detect server-side malware that routinely
employ sophisticated polymorphic evasive runtime code generation techniques. When …
employ sophisticated polymorphic evasive runtime code generation techniques. When …
Understanding and mitigating label bias in malware classification: An empirical study
Machine learning techniques are promising for malware classification, but there is a
neglected problem of label bias in the annotation process which decreases the performance …
neglected problem of label bias in the annotation process which decreases the performance …
TKPERM: cross-platform permission knowledge transfer to detect overprivileged third-party applications
Permission-based access control enables users to manage and control their sensitive data
for third-party applications. In an ideal scenario, third-party application includes enough …
for third-party applications. In an ideal scenario, third-party application includes enough …
Cubismo: Decloaking server-side malware via cubist program analysis
Malware written in dynamic languages such as PHP routinely employ anti-analysis
techniques such as obfuscation schemes and evasive tricks to avoid detection. On top of …
techniques such as obfuscation schemes and evasive tricks to avoid detection. On top of …
Characterizing and Detecting Online Deception via Data-Driven Methods
H Hu - 2020 - vtechworks.lib.vt.edu
In recent years, online deception has become a major threat to information security. Online
deception that caused significant consequences is usually spear phishing. Spear-phishing …
deception that caused significant consequences is usually spear phishing. Spear-phishing …