Mostrando ítems 1-2 de 2

Building malware classificators usable by State security agencies

Useche-Peláez, David Esteban; Díaz-López, Daniel Orlando; Sepúlveda-Alzate, Daniela; Cabuya-Padilla, Diego Edison (Colombia, 2018)

El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar ...
Using Reverse Engineering to Handle Malware

Sánchez Venegas, Carlos Andrés; Aguado Bedoya, Camilo; Díaz López, Daniel Orlando; García Ruíz, Juan Carlos Camilo (EDICIONES UCC PRODUCTSBogotá, 2019)

Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Objetive: Reverse ...

Envíos recientes

Building malware classificators usable by State security agencies
...
Useche-Peláez, David Esteban | 2018

El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle un análisis riguroso de los resultados para determinar la naturaleza de la muestra: goodware o malware. Este artículo propone dos modelos de aprendizaje automáticos capaces de clasificar muestras con base a un análisis de firmas o permisos extraídos por medio de Cuckoo sandbox, Androguard y VirusTotal. En este artículo también se presenta una propuesta de arquitectura de centinela IoT que protege dispositivos IoT, usando uno de los modelos de aprendizaje automáticos desarrollados anteriormente. Finalmente, diferentes enfoques y perspectivas acerca del uso de sandboxing y aprendizaje automático por parte de agencias de seguridad del Estado también son aportados.

LEER
Using Reverse Engineering to Handle Malware
...
Sánchez Venegas, Carlos Andrés | 2019

Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Objetive: Reverse engineering involves deconstructing and extracting knowledge about objects. The use of reverse engineering in malware analysis is extremely useful in understanding the functionalities and purposes of a suspicious sample. Methods: This paper makes use of Radare which is one of the most popular open source tools for reverse engineering, with the aim of dealing with malware. Results: A use case related to hacking of anti-sandbox malware is presented, in such a way that it is possible to analyze the behavior of the sample using a sandbox. Additionally, another use case is presented, where an in-depth analysis of a malicious Android application aimed to the audience of a popular event (FIFA World Cup 2018) is developed, making it possible to demonstrate the relevance of reverse engineering techniques in end-user protection strategies. Conclusions: This paper shows how the results of a reverse engineering process can be integrated with Yara rules, allowing for the detection of malware on the fly, and it also shows an alternative to automatically generating Yara rules through the yarGen generator. Originality: Use of Open Source reversing solutions by Colombian Law Enforcement Agencies has not been discussed previously, making this paper a notable element toward the modernization of the Army. Limitation: Different approaches and perspectives about the limitations in the use of reverse engineering by Law Enforcement Agencies are also shared.

LEER