China
Africa
Explore chapters and articles related to this topic
Logistics Tracker Using GPS
Published in Anudeep Juluru, Shriram K. Vasudevan, T. S. Murugesh, fied!, 2023
Anudeep Juluru, Shriram K. Vasudevan, T. S. Murugesh
Note: The executable files which were used in Sections 8.5.1 and 8.5.2 are not created by us. These are obtained from some third-party developers, and they may not be associated with the original company. These executable files may contain harmful virus or malware. So, it is completely under your sole discretion to use these executable files. But there is no need to worry too much as these executable files are used by most of the people in the community so there might be very little chance of a virus or malware attack.
D
Published in Phillip A. Laplante, Dictionary of Computer Science, Engineering, and Technology, 2017
disassembler a program which takes an object file and creates the corresponding assembly code that would generate the same object file. The degree to which this is successful depends upon how much symbolic information might be available for the process. The original code need not have been generated by an assembler. Most debuggers have some kind of built-in disassembler, allowing the programmer to view an executable program in terms of human-readable assembly language. See also decompiler.
Cyber-Espionage Malware Attacks Detection and Analysis: A Case Study
Published in Journal of Computer Information Systems, 2022
In,44 the authors proposed static and dynamic analysis methods that can be used in cyber-espionage malware. In this method, they classified the malware using the Portable Executable (PE), byte N-gram, string features, and DLLs features. However, it is controversial that this analytical approach can be easily circumvented by attackers. The method needs more analysis approaches such as Memory forensic, Network analysis to be developed. The authors of45 focus on detecting file infrastructures, capacities, and IP numbers using the Evidence of Advanced Persistent Threat approach in cases of cyber-espionage malware. The proposed approach needs to be improved due to its low success rate by the limited number of analyzes.
Pre-Encryption and Identification (PEI): An Anti-crypto Ransomware Technique
Published in IETE Journal of Research, 2022
Aditya Mantri, Navjot Singh, Krishan Kumar, Sanjay Dahiya
Among our dataset source of ransomware samples, more than 70% of those presented a set of 12 APIs. Initially, NtAllocateVirtualMemory was used for requesting a virtual address in memory for specific operations. The second API, LdrLoadDll, ordered a particular digital library to be loaded. Third, LdrGetProcedureAddress executed Portable Executable (P.E.) files. NtClose was the fourth API; it closed a specific handler. Fifth, NtFreeVirtualMemory allowed for the release of unutilized virtual memory. The sixth API, LdrGetDllHandle, was meant to locate DLLs stored under Windows NT. NtProtectVirtualMemory was the seventh API, which locks process-specific virtual addresses. The eighth API named NtResumeThread enabled open processes to resume. CreateProcessInternal was the ninth API hook for capturing process creations. NtOpenKey, the tenth API, opened an existing registry key. RegCloseKey was the eleventh API, which closed open registry keys. Finally, NtCreateFile was the twelfth API responsible for creating new files. According to the PEI analysis, ransomware is compared to goodware, as shown in Figure 5. These comparisons were done on three different setups that we created. In the comparison, three sets were used: “FULL,” which comprises all known ransomware samples, “P.E.,” composed solely of ransomware that encrypts, and “Good,” consisting exclusively of goodware. Upon constructing an analysis line graph, it became apparent that both sets of ransomware expose identical APIs, while the goodware exposes APIs that differ significantly. This demonstrated that ransomware behaved very differently from goodware, helping distinguish them and authenticating our promoted model.
On the Effectiveness of Image Processing Based Malware Detection Techniques
Published in Cybernetics and Systems, 2022
Rest of the paper is organized as follows. The steps in the process of malware classification using machine learning strategies are discussed in section 2. An overview on Portable Executable files are given in subsection 2.1. The various techniques adopted by the researchers to convert the malware into images is discussed in subsection 2.2. The features derived from the images that could be used to malware classification is described in subsection 2.3. The various classification techniques with machine learning or other algorithms are presented in subsection 2.4. Then the discussions on the limitations, future directions and possibilities in section 3 and finally concluded in section 4.