Evolvable Malware Sadia Noreen, Sahafq Murtaza, M. Zubair Shafiq, Muddassar Farooq National University of Computer and Emerging Sciences (FAST-NUCES) Next.

Slides:

Advertisements

Similar presentations

Smita Thaker 1 Polymorphic & Metamorphic Viruses Presented By : Smita Thaker Dated : Nov 18, 2003.

Advertisements

11 Human Competitive Results of Evolutionary Computation Presenter: Mati Bot Course: Advance Seminar in Algorithms (Prof. Yefim Dinitz)

Forensic Identification by Craniofacial Superimposition using Soft Computing Oscar Ibáñez, Oscar Cordón, Sergio Damas, Jose Santamaría THE 7th ANNUAL (2010)

Impeding Malware Analysis Using Conditional Code Obfuscation Paper by: Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee Conference: Network.

1 Evolvable Malware Sadia Noreen, Sahafq Murtaza, M. Zubair Shafiq, Muddassar Farooq National University of Computer and Emerging Sciences (FAST-NUCES)

Genetic Algorithms1 COMP305. Part II. Genetic Algorithms.

Intro to AI Genetic Algorithm Ruth Bergman Fall 2004.

Applying Multi-Criteria Optimisation to Develop Cognitive Models Peter Lane University of Hertfordshire Fernand Gobet Brunel University.

Genetic Programming.

Slides are based on Negnevitsky, Pearson Education, Lecture 10 Evolutionary Computation: Evolution strategies and genetic programming n Evolution.

Data Mining Techniques

Muhammad Shahzad 1, Saira Zahid 1, Syed Ali Khayam 1,2, Muddassar Farooq 1 1 Next Generation Intelligent Networks Research Center National University of.

Welcome to Scopus Training by : Arash Nikyar June 2014

Layered Approach using Conditional Random Fields For Intrusion Detection.

© Negnevitsky, Pearson Education, Lecture 10 Evolutionary Computation: Evolution strategies and genetic programming Evolution strategies Evolution.

Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Decision Support Systems Chapter 10.

What is Genetic Programming? Genetic programming is a model of programming which uses the ideas (and some of the terminology) of biological evolution to.

1 Formal Verification of Candidate Solutions for Evolutionary Circuit Design (Entry 04) Zdeněk Vašíček and Lukáš Sekanina Faculty of Information Technology.

Software Acquisition and Project Management Lesson I: Introduction.

Hong Zhu Dept of Computing and Communication Technologies Oxford Brookes University Oxford, OX33 1HX, UK TOWARDS.

Immune-inspired Network Intrusion Detection System (i-NIDS) 1 Next Generation Intelligent Networks Research Center National University of Computer & Emerging.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )

An Evolutionary Algorithm for Neural Network Learning using Direct Encoding Paul Batchis Department of Computer Science Rutgers University.

Avast Mail Scanner When we talk about antivirus, Avast has never disappointed us. With the inclusions of latest features all the time, it is able to.

Brief Analyzed Review of AVG Antivirus Avast software has recently launch a newly developed AVG antivirus 2017 that offers extreme protection against.

KS3 COMPUTING E-Safety Lesson 1 Malware KS3 Computing E-Safety.

Security Issues in Information Technology

Jaume Bacardit, Michael Stout, Jonathan D

What they are and how to protect against them

Genetic Algorithm in TDR System

An Evolutionary Approach

On Routine Evolution of Complex Cellular Automata

Immune-inspired Network Intrusion Detection System (i-NIDS)

Enterprise Botnet Detection and Mitigation System

Evolution strategies and genetic programming

Cryptographic Hash Function

VIRUS HOAX + BOTS. VIRUS HOAX + BOTS Group Members Aneeqa Ikram Fatima Ishaque Tufail Rana Anwar Amjad.

CS 1010– Introduction to Computer Science

Network security threats

School of Computer Science & Engineering

Computer Virus and Antivirus

Section 2: Science as a Process

Techniques, Tools, and Research Issues

Zdeněk Vašíček and Lukáš Sekanina

MultiRefactor: Automated Refactoring To Improve Software Quality

International Research and Development Institute Uyo

How to Troubleshoot Error with Norton Internet Security?

Representation and Evolution of Lego-based Assemblies

With so many major corporations and people falling victim to cybercrimes and with viruses and malware infecting several computers and networks around.

Contact Norton Antivirus | Norton Antivirus Support UK

Computer Viruses.

Authors: Khaled Abdelsalam Mohamed Amr Kamel

Chap 10 Malicious Software.

CSc4730/6730 Scientific Visualization

Behavior based User Authentication on Smart Phones

Viruses and Virus Protection

Faculty of Science IT Department By Raz Dara MA.

Software Verification, Validation, and Acceptance Testing

Dr. Unnikrishnan P.C. Professor, EEE

Chap 10 Malicious Software.

Malware and how to defend against it

Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions

Artificial Intelligence CIS 342

Malicious Program and Protection

Hosted Security.

An overview over Botnets

Presentation transcript:

Evolvable Malware Sadia Noreen, Sahafq Murtaza, M. Zubair Shafiq, Muddassar Farooq National University of Computer and Emerging Sciences (FAST-NUCES) Next Generation Intelligent Networks Research Center (nexGIN RC) Islamabad, 44000, Pakistan

Citations Sadia Noreen, Shafaq Murtaza, M. Zubair Shafiq, Muddassar Farooq. 1. Evolvable Malware. In Proceedings of the Genetic and Evolutionary Computation Conference(GECCO), ACM Press, 2009. 2. Using Formal Grammar and Genetic Operators to Evolve Malware. In Recent Advances in Intrusion Detection (RAID), Springer LNCS, 2009.

Relevance of Computer Malware to ALife ALife: Studies the logic of living systems in artificial environment Evolution: Property of ALife Malware, if considered to be alive, must possess the fundamental property of ALife – evolution.

Objectives To provide an abstract representation that maps all the features of malware— Bagle To evolve the malware – evolution in its true sense. To test the evolved malware using anti-virus software.

Finally Virus Created!!! RATHER HUMAN WHOMPING!!!

Evolvable Malware Framework

Abstract Representation Feature Description Date The date checked by Bagle to (de)activate its process. Application The application used to conceal Bagle Port Number Port opened by Bagle to send or receive commands Attachment Name of the attachment used by the Bagle Websites Bagle contact the websites to inform about the infection Domain Bagle ignores to email itself to the domains specified Email Body Contains the email body of Bagle Email Subject Specifies the subject of the email Registry Variable Contains the name of the registry variable used by the Bagle Virus Name Name of the Bagle shown in the task manager File Extension File extensions to be searched in fixed directories Process Terminated Process terminated by Bagle Attachment Extension Specifies the extension of the attachment P2P Propagation Names used by Bagle to copy itself to peer computers

Experimental Setup (2) GA Parameters: Population Size=500 Crossover Rate=0.75 Mutation Rate=0.005 # of Generations=500

Experimental Results

Criteria Satisfied GECCO 2009 – Anonymous Reviewer Comments “The paper is very interesting and well written overall and definitely worth to be published.” “I found the paper quite interesting. Further research is most welcomed.” D: The result is publishable in its own right as a new scientific result independent of the fact that the result was mechanically created.

Criteria Satisfied Polymorphic Engine Metamorphic Engines Our Engine Virus Code Virus Code Virus Code Genetic Operators Encryption Routine Virus Code . NOP Decryption Routine Virus Code E: The result is equal to or better than the most recent human-created solution to a long-standing problem for which there has been a succession of increasingly better human-created solutions.

Criteria Satisfied Result is better than the result that was considered as an achievement so far… Polymorphic and metamorphic engines produce viruses that belong to the same class i.e. the evolved viruses are the variants of the same class e.g. Bagle.a, Bagle.b etc. The viruses produced by our engine do not belong to just one class i.e. the evolved viruses may belong to the different classes of malware e.g. Bagle class, W32.Sality etc. F: The result is equal to or better than a result that was considered an achievement in its field at the time it was first discovered.

Criteria Satisfied Reverse Engineering of a class of malware Analyzing the disassembled code of a class of malware and extracting the features of our interest was a challenging task. There has always been a talk about malware evolution by applying genetic operators but there was no comprehensive achievement since the difficulty level of the problem domain was very high. G: The result solves a problem of indisputable difficulty in its field.

Human Competitive? Evolve malware without human intervention Produces new variants of malware within NO TIME as compared to virus writer

Impact The result is of great importance in security research Antivirus product – Testing against zero day attacks Evolving software