My talk at Federal University of Minas Gerais (UFMG) to present some aspects of modern malware research and some of my contributions to the field (derived from my PhD defense). I cover all steps of a detection pipelines: threat hunting, malware triage, sandbox execution, threat intelligence, and endpoint protection.
How do we detect malware? A step-by-step guideMarcus Botacin
Slides from my talk at Texas A&M University (TAMU) seminar series (2002), where I present a landscape of the malware detection pipeline currently used by the industry and how academia can contribute to that. I present new solutions ranging from the use of ML, sandbox solutions, and hardware support for the development of more performance-efficient Antivirus.
On the Malware Detection Problem: Challenges & Novel ApproachesMarcus Botacin
Marcus Botacin's PhD Defense at Federal University of Paraná (UFPR).
Advisor: Dr André Grégio
Co-Advisor: Paulo de Geus
Evaluation Committee:
Dr Leigh Metcalf, Dr Leyla Bilge, Daniel Alfonso Oliveira
On the Security of Application Installers & Online Software RepositoriesMarcus Botacin
My presentation for the DIMVA 2020 conference about the security of application installers. I show the operation dynamics of the repositories and reverse engineer some application installers to show their vulnerabilities, such as to man-in-the-middle attacks.
ER Publication,
IJETR, IJMCTR,
Journals,
International Journals,
High Impact Journals,
Monthly Journal,
Good quality Journals,
Research,
Research Papers,
Research Article,
Free Journals, Open access Journals,
erpublication.org,
Engineering Journal,
Science Journals,
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasures.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Presentation in the "Whole genome sequencing for clinical microbiology:Translation into routine applications" Symposium , Basel , Switzerland, 2 Sep 2017
How do we detect malware? A step-by-step guideMarcus Botacin
Slides from my talk at Texas A&M University (TAMU) seminar series (2002), where I present a landscape of the malware detection pipeline currently used by the industry and how academia can contribute to that. I present new solutions ranging from the use of ML, sandbox solutions, and hardware support for the development of more performance-efficient Antivirus.
On the Malware Detection Problem: Challenges & Novel ApproachesMarcus Botacin
Marcus Botacin's PhD Defense at Federal University of Paraná (UFPR).
Advisor: Dr André Grégio
Co-Advisor: Paulo de Geus
Evaluation Committee:
Dr Leigh Metcalf, Dr Leyla Bilge, Daniel Alfonso Oliveira
On the Security of Application Installers & Online Software RepositoriesMarcus Botacin
My presentation for the DIMVA 2020 conference about the security of application installers. I show the operation dynamics of the repositories and reverse engineer some application installers to show their vulnerabilities, such as to man-in-the-middle attacks.
ER Publication,
IJETR, IJMCTR,
Journals,
International Journals,
High Impact Journals,
Monthly Journal,
Good quality Journals,
Research,
Research Papers,
Research Article,
Free Journals, Open access Journals,
erpublication.org,
Engineering Journal,
Science Journals,
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasures.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Presentation in the "Whole genome sequencing for clinical microbiology:Translation into routine applications" Symposium , Basel , Switzerland, 2 Sep 2017
Cyber-security is a critical part of all distributed applications. By understanding and implementing proper security measures, you guard your own resources against malicious attackers as well as provide a secure environment for all relevant parties.
This presentation is a gentle introduction to it.
Proceedings of the 50th Hawaii International Conference on System Sciences | 2017
Discovering Malware with Time Series Shapelets
Om P. Patri
University of Southern California
Los Angeles, CA 90089
patri@usc.edu
Abstract: The exponential growth of the internet and new technology lead today's world in a hectic situation both positive as well as the negative module. Cybercriminals gamble in the dark net using numerous techniques. This leads to cybercrime. Cyber threats like Malware attempt to infiltrate the computer or mobile device offline or internet, chat(online), and anyone can be a potential target. Malware is also known as malicious software is often used by cybercriminals to achieve their goal by tracking internet activity, capturing sensitive information, or blocking computer access. Reverse engineering is one of the best ways to prevent and is a powerful tool to keep the fight against cyber attacks. Most people in the cyber world see it as a black hat—It is said as being used to steal data and intellectual property. But when it is in the hands of cybersecurity experts, reverse engineering dons the white hat of the hero. Looking at the program from the outside in –often by a third party that had no hand in writing the code. It allows those who practice it to understand how a given program or system works when no source code is available. Reverse engineering accomplishing several tasks related to cybersecurity: finding system vulnerabilities, researching malware &analyzing the complexity of restoring core software algorithms that can further protect against theft. It is hard to hack certain software.
Keywords: Malware, threat, vulnerablity, detection, reverse engineering, analysis.
Title: Malware analysis and detection using reverse Engineering
Author: B.Rashmitha, J. Alwina Beauty Angelin, E.R. Ramesh
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Vol. 10, Issue 2, Month: April 2022 - June 2022
Page: (1-4)
Published Date: 01-April-2022
Research Publish Journals
Available at: www.researchpublish.com
You can Direct download full research paper at given below link:
https://www.researchpublish.com/papers/malware-analysis-and-detection-using-reverse-engineering
Academia Link: https://www.academia.edu/76069664/Malware_analysis_and_detection_using_reverse_Engineering_Available_at_www_researchpublish_com_journal_name_International_Journal_of_Computer_Science_and_Information_Technology_Research
Symbolic Execution of Malicious Software: Countering Sandbox Evasion TechniquesFabio Rosato
Slides for the thesis defense for the M.Sc. in Engineering in Computer Science at the Sapienza University of Rome (a.y. 2016-17).
Related project repo: https://github.com/fabros/angr-antievasion
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
As Malware evolves into targeted Advance Persistent Threat the response has to be layered, proactive response, and highly visible
Automated Prevention- Block Malware and exploits prevent future attacks
Automated Detection- Targeted and Zero-day attacks are block in real time without signature files.
Automated Forensic- Forensic information for in-dept analysis of every attempted attack
Automated remediation- Automated malware removal to reduce burden on administrator.
All made possible by big data analytic and collective intelligence
Software Preservation: challenges and opportunities for reproductibility (Sci...Roberto Di Cosmo
Reprodicibility of scientific experiments, now mostly based on software tools, is in a sore state. We investigate here some of the causes and propose long term Software Preservation as one of the essential elements needed to bring our Science more in line with the Scientific Method.
"Keynote - Preserving Software: Challenges and Opportunities for Reproducibility of Science and Technology"
By Roberto Di Cosmo, Irill for ScilabTEC 2015
Often information is spread among
several data sources, such as hospital databases, lab databases,
spreadsheets, etc. Moreover, the complexity of each of these data sources
might make it difficult for end-users to access them, and even
more, to query all of them at the same time.
A new solution that has been proposed to this problem is
ontology-based data access (OBDA).
OBDA is a popular paradigm, developed since the mid 2000s, to query
various types of data sources
using a common vocabulary familiar to the end-users. In a nutshell
OBDA separates the user
from the data sources (relational databases, CVS files, etc.) by means
of an ontology, which is a common terminology that provides the user with a
convenient query vocabulary, hides the structure of the data sources,
and can enrich incomplete data with background knowledge. About a
dozen OBDA systems have been implemented in both academia and
industry.
In this tutorial we will give an overview of OBDA, and our system -ontop-
which is currently being used in the context of the European project
Optique. We will discuss how to use -ontop- for data integration,
in particular concentrating on:
– How to create an ontology (common vocabulary) for a life science domain.
– How to map available data sources to this ontology.
– How to query the database using the terms in the ontology.
– How to check consistency of the data sources w.r.t. the ontology
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Pluribus One
Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies. Feature selection has been widely used in machine learning for security applications to improve generalization and computational efficiency, although it is not clear whether its use may be beneficial or even counterproductive when training data are poisoned by intelligent attackers. In this work, we shed light on this issue by providing a framework to investigate the robustness of popular feature selection methods, including LASSO, ridge regression and the elastic net. Our results on malware detection show that feature selection methods can be significantly compromised under attack (we can reduce LASSO to almost random choices of feature sets by careful insertion of less than 5% poisoned training samples), highlighting the need for specific countermeasures.
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
Presentation of paper "TriggerScope: Towards Detecting Logic Bombs in Android Applications" for the course of Advanced Topics in Computer Security of prof. Stefano Zanero.
Source and further information: https://github.com/pietrodn/triggerscope
Near-memory & In-Memory Detection of Fileless MalwareMarcus Botacin
My keynote at the Brazilian Security Symposium (SBSeg), as part of the Computer Forensics Workshop (WFC), talking about fileless malware, the challenges for antivirus detection, and new detection strategies. I present the prototype of a hardware AV with integrated signature matching to decrease the performance penalty imposed by software-only AVs.
More Related Content
Similar to Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Cyber-security is a critical part of all distributed applications. By understanding and implementing proper security measures, you guard your own resources against malicious attackers as well as provide a secure environment for all relevant parties.
This presentation is a gentle introduction to it.
Proceedings of the 50th Hawaii International Conference on System Sciences | 2017
Discovering Malware with Time Series Shapelets
Om P. Patri
University of Southern California
Los Angeles, CA 90089
patri@usc.edu
Abstract: The exponential growth of the internet and new technology lead today's world in a hectic situation both positive as well as the negative module. Cybercriminals gamble in the dark net using numerous techniques. This leads to cybercrime. Cyber threats like Malware attempt to infiltrate the computer or mobile device offline or internet, chat(online), and anyone can be a potential target. Malware is also known as malicious software is often used by cybercriminals to achieve their goal by tracking internet activity, capturing sensitive information, or blocking computer access. Reverse engineering is one of the best ways to prevent and is a powerful tool to keep the fight against cyber attacks. Most people in the cyber world see it as a black hat—It is said as being used to steal data and intellectual property. But when it is in the hands of cybersecurity experts, reverse engineering dons the white hat of the hero. Looking at the program from the outside in –often by a third party that had no hand in writing the code. It allows those who practice it to understand how a given program or system works when no source code is available. Reverse engineering accomplishing several tasks related to cybersecurity: finding system vulnerabilities, researching malware &analyzing the complexity of restoring core software algorithms that can further protect against theft. It is hard to hack certain software.
Keywords: Malware, threat, vulnerablity, detection, reverse engineering, analysis.
Title: Malware analysis and detection using reverse Engineering
Author: B.Rashmitha, J. Alwina Beauty Angelin, E.R. Ramesh
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Vol. 10, Issue 2, Month: April 2022 - June 2022
Page: (1-4)
Published Date: 01-April-2022
Research Publish Journals
Available at: www.researchpublish.com
You can Direct download full research paper at given below link:
https://www.researchpublish.com/papers/malware-analysis-and-detection-using-reverse-engineering
Academia Link: https://www.academia.edu/76069664/Malware_analysis_and_detection_using_reverse_Engineering_Available_at_www_researchpublish_com_journal_name_International_Journal_of_Computer_Science_and_Information_Technology_Research
Symbolic Execution of Malicious Software: Countering Sandbox Evasion TechniquesFabio Rosato
Slides for the thesis defense for the M.Sc. in Engineering in Computer Science at the Sapienza University of Rome (a.y. 2016-17).
Related project repo: https://github.com/fabros/angr-antievasion
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
As Malware evolves into targeted Advance Persistent Threat the response has to be layered, proactive response, and highly visible
Automated Prevention- Block Malware and exploits prevent future attacks
Automated Detection- Targeted and Zero-day attacks are block in real time without signature files.
Automated Forensic- Forensic information for in-dept analysis of every attempted attack
Automated remediation- Automated malware removal to reduce burden on administrator.
All made possible by big data analytic and collective intelligence
Software Preservation: challenges and opportunities for reproductibility (Sci...Roberto Di Cosmo
Reprodicibility of scientific experiments, now mostly based on software tools, is in a sore state. We investigate here some of the causes and propose long term Software Preservation as one of the essential elements needed to bring our Science more in line with the Scientific Method.
"Keynote - Preserving Software: Challenges and Opportunities for Reproducibility of Science and Technology"
By Roberto Di Cosmo, Irill for ScilabTEC 2015
Often information is spread among
several data sources, such as hospital databases, lab databases,
spreadsheets, etc. Moreover, the complexity of each of these data sources
might make it difficult for end-users to access them, and even
more, to query all of them at the same time.
A new solution that has been proposed to this problem is
ontology-based data access (OBDA).
OBDA is a popular paradigm, developed since the mid 2000s, to query
various types of data sources
using a common vocabulary familiar to the end-users. In a nutshell
OBDA separates the user
from the data sources (relational databases, CVS files, etc.) by means
of an ontology, which is a common terminology that provides the user with a
convenient query vocabulary, hides the structure of the data sources,
and can enrich incomplete data with background knowledge. About a
dozen OBDA systems have been implemented in both academia and
industry.
In this tutorial we will give an overview of OBDA, and our system -ontop-
which is currently being used in the context of the European project
Optique. We will discuss how to use -ontop- for data integration,
in particular concentrating on:
– How to create an ontology (common vocabulary) for a life science domain.
– How to map available data sources to this ontology.
– How to query the database using the terms in the ontology.
– How to check consistency of the data sources w.r.t. the ontology
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Pluribus One
Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies. Feature selection has been widely used in machine learning for security applications to improve generalization and computational efficiency, although it is not clear whether its use may be beneficial or even counterproductive when training data are poisoned by intelligent attackers. In this work, we shed light on this issue by providing a framework to investigate the robustness of popular feature selection methods, including LASSO, ridge regression and the elastic net. Our results on malware detection show that feature selection methods can be significantly compromised under attack (we can reduce LASSO to almost random choices of feature sets by careful insertion of less than 5% poisoned training samples), highlighting the need for specific countermeasures.
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
Presentation of paper "TriggerScope: Towards Detecting Logic Bombs in Android Applications" for the course of Advanced Topics in Computer Security of prof. Stefano Zanero.
Source and further information: https://github.com/pietrodn/triggerscope
Similar to Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022 (20)
Near-memory & In-Memory Detection of Fileless MalwareMarcus Botacin
My keynote at the Brazilian Security Symposium (SBSeg), as part of the Computer Forensics Workshop (WFC), talking about fileless malware, the challenges for antivirus detection, and new detection strategies. I present the prototype of a hardware AV with integrated signature matching to decrease the performance penalty imposed by software-only AVs.
GPThreats-3: Is Automated Malware Generation a Threat?Marcus Botacin
My talk about generating malware automatically using GPT-3, the differences for ChatGPT, limits, and possibilities. Multiple malware variants are generated and submitted to Antivirus (AV) scans. We also present a defense perspective on how defenders can use aritificial intelligence to deobfuscate malware samples.
[HackInTheBOx] All You Always Wanted to Know About AntivirusesMarcus Botacin
My talk at the HackInTheBox security conference Amsterdam 2023 about the reverse engineering of AV engines, covering signatures, whitelists, blocklists, kernel drivers, hooking, and much more.
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!Marcus Botacin
My talk at the USENIX Enigma 2023 discussing challenges and pitfalls in malware research. I discuss 5 aspects to change, from diversity of research work to reproducibility crisis.
In this talk, I cover the basic idea of hardware-assisted, two-level architectures for security monitoring and its applications to the malware detection problem. I propose detection triggers involving branch predictor, MMU, memory controller, co-processors, and FPGAs.
Talk presented at the Real Time systems group seminar series at the University of York.
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...Marcus Botacin
Describing our experience in the MLSec competition for the seminar series of the University of Waikato. Presenteed by Fabricio Ceschin and Marcus Botacin from the Federal University of Paraná.
Near-memory & In-Memory Detection of Fileless MalwareMarcus Botacin
Proposal of a hardware-based AV embedded within the memory controller to mitigate the performance penalty when searching for fileless malware samples. Presented at 2020 MEMSYS.
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Marcus Botacin
My talk at USENIX ENIGMA 2021 about Brazilian Financial Malware. It encompasses desktop and mobile environments, analyzed both statically and dynamically.
Towards Malware Decompilation and ReassemblyMarcus Botacin
I present RevEngE, the Reverse Engineering Engine, a PoC for the debug-based decompilation approach. Presentation given at Reverse Engineering (ROOTS) confence in Vienna, Austria, 20219.
Malware Variants Identification in PracticeMarcus Botacin
Research project discussin how to identify malware variants in actual scenarios. We discuss same-behavior function replacement and the relevance of similarity and continence metrics.
Machine Learning for Malware Detection: Beyond Accuracy RatesMarcus Botacin
Research work of my student Lucas Galante, presented at SBSEG2019. We discuss the implications of adopting distinct machine learning models for malware detection.
The AV says: Your Hardware Definitions were Updated!Marcus Botacin
Presentation @ RECOSOC2019. Proposal of a reconfigurable Antivirus implemented on FPGA. The solution captures performance counters data via shared memory bus and classifies it as outlier or not using machine learning classifiers, such as SVM, Random Forest and MLP.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
1. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Among Viruses, Trojans, and Backdoors
Fighting Malware in 2022
Marcus Botacin
1mfbotacin@inf.ufpr.br
mfbotacin@gmail.com
marcusbotacin.github.io
Among Viruses, Trojans, and Backdoors 1 / 47 UFMG
2. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Who Am I?
PhD. in Computer Science (2021) - Federal University of Paraná (UFPR), Brazil
Thesis: “On the Malware Detection Problem: Challenges and new Approaches”
MSc. in Computer Science (2017) - University of Campinas (UNICAMP), Brazil
Dissertation: “Hardware-Assisted Malware Analysis”
Computer Engineer (2015) - University of Campinas (UNICAMP), Brazil
Final Project: “Malware detection via syscall patterns identification”
Among Viruses, Trojans, and Backdoors 2 / 47 UFMG
3. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Malware Detection
How have we been doing?
Among Viruses, Trojans, and Backdoors 3 / 47 UFMG
4. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
How have we been doing? (Malware Specifics)
The good side
Figure: Source:
https://apnews.com/article/europe-ma
lware-netherlands-coronavirus-pandem
ic-7de5f74120a968bd0a5bee3c57899fed
The bad side
Figure: Source:
https://thehackernews.com/2021/06/dr
oidmorph-shows-popular-android.html
Among Viruses, Trojans, and Backdoors 4 / 47 UFMG
5. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Malware Detection:
What have we been doing?
Among Viruses, Trojans, and Backdoors 5 / 47 UFMG
6. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
The State-of-the-art in Malware Detection & Prevention
Steps
1 Collection
2 Triage
3 Sandbox Analysis
4 Threat Intelligence
5 Endpoint Protection
Distributed Processing
Collection
Cloud Processing
Analysis and Intelligence steps
Limited Processing
Endpoint
Among Viruses, Trojans, and Backdoors 6 / 47 UFMG
7. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Collection
How to find new malware samples?
Searching “dark web” forums.
Crawling software repositories.
Leveraging honeypots.
Checking spam traps.
Downloading Malware repositories.
Scrapping blocklists.
The result
Figure: Source:
https://www.forbes.com/sites/thomasb
rewster/2021/09/29/google-play-warni
ng-200-android-apps-stole-millions
-from-10-million-phones/
Among Viruses, Trojans, and Backdoors 7 / 47 UFMG
8. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Triage
Why how many new malware samples?
Variations from the same source
code.
Implications
Increase processing costs and
response time.
How to solve this problem?
Identify and cluster similar samples.
The Statistics
Figure: Source:
https://www.kaspersky.com/about/pres
s-releases/2020 the-number-of-new-m
alicious-files-detected-every-day-
increases-by-52-to-360000-in-2020
Among Viruses, Trojans, and Backdoors 8 / 47 UFMG
10. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Threat Intelligence
Goal
Identify trends and predict attacks.
How?
Data analytics over analyzed
samples.
Challenges
Look to a representative dataset.
We should look to:
Figure: Source:
https://www.computerweekly.com/news/
252504676/Ransomware-attacks-increas
e-dramatically-during-2021
Among Viruses, Trojans, and Backdoors 10 / 47 UFMG
11. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Malware Detection
Endpoint Protection
Goal
Protect customers in their machines.
How?
Moving the viable analyses to the
endpoint.
Challenges
Performance and usability
constraints.
Is there a “best”?
Figure: Source: https://www.av-test.or
g/en/antivirus/home-windows/
Among Viruses, Trojans, and Backdoors 11 / 47 UFMG
12. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Enhancing Malware Tracing
Among Viruses, Trojans, and Backdoors 12 / 47 UFMG
13. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Publication
Figure: Link: https://link.springer.com/article/10.1007/s11416-017-0292-8
Among Viruses, Trojans, and Backdoors 13 / 47 UFMG
14. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Software-based Sandbox
Figure: System Architecture. Analysis VMs.
Among Viruses, Trojans, and Backdoors 14 / 47 UFMG
15. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Publication
Figure: Link: https://dl.acm.org/doi/10.1145/3152162
Among Viruses, Trojans, and Backdoors 15 / 47 UFMG
16. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Hardware-based Sandbox
Monitoring Steps
1 Software executes a branch.
2 Processor stores branch address in
memory page.
3 Processor raises an interrupt.
4 Kernel handles interrupt.
5 Kernel sends data to userland.
6 Userland introspects into this data.
Figure: System Architecture.
Among Viruses, Trojans, and Backdoors 16 / 47 UFMG
17. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Sandboxing
Key Insight: Branches define basic blocks
Figure: Identified branches and basic
blocks.
Figure: CFG Reconstruction.
Among Viruses, Trojans, and Backdoors 17 / 47 UFMG
18. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Threat Intelligence
From Tracing to Threat Intelligence
Among Viruses, Trojans, and Backdoors 18 / 47 UFMG
19. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Threat Intelligence
Publications
Figure: Link: https:
//dl.acm.org/doi/10.1145/3429741
Figure: Link: https://dl.acm.org/doi/1
0.1145/3339252.3340103
Among Viruses, Trojans, and Backdoors 19 / 47 UFMG
20. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Threat Intelligence
Brazilian Financial Malware on Desktop
Figure: Passive Banker Malware for
Santander bank waiting for user’s
credential input.
Figure: Passive Banker Malware for Itaú
bank waiting for user’s credential input.
Among Viruses, Trojans, and Backdoors 20 / 47 UFMG
21. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Threat Intelligence
Brazilian Financial Malware on Mobile
Figure: BB’s Whatsapp chatbot. Figure: Bradesco’s Whatsapp chatbot.
Among Viruses, Trojans, and Backdoors 21 / 47 UFMG
22. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Threat Intelligence
More about Brazilian Malware
Figure: Link:
https://www.usenix.org/conference/enigma2021/presentation/botacin
Among Viruses, Trojans, and Backdoors 22 / 47 UFMG
23. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
From Threat Intelligence to Endpoint
Protection
Among Viruses, Trojans, and Backdoors 23 / 47 UFMG
24. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
Publication
Figure: Link:
https://www.sciencedirect.com/science/article/pii/S0167404821003242
Among Viruses, Trojans, and Backdoors 24 / 47 UFMG
25. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
Drawback: Real-time monitoring performance penalty
0
50
100
150
200
250
Perl Xalanc Gobmk H264 Namd Mcf
Time
(s)
Benchmark
AV’s Monitoring Performance
Filter AV SSDT AV No AV
Figure: AV Monitoring Performance.
0
50
100
150
200
250
300
perl namd Bzip milc mfc
Execution
Time
(s)
Benchmark
AV scanning overhead
Scan
Baseline
Figure: In-memory AV scans worst-case
and best-case performance penalties.
Among Viruses, Trojans, and Backdoors 25 / 47 UFMG
26. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
Publication
Figure: Link: https://ieeexplore.ieee.org/document/9034972
Among Viruses, Trojans, and Backdoors 26 / 47 UFMG
27. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
SMC-Aware Processor
Figure: Sample Profiling. Figure: System Overview.
Among Viruses, Trojans, and Backdoors 27 / 47 UFMG
28. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
Publication
Figure: Link: https://link.springer.com/article/10.1007/s11416-020-00348-w
Among Viruses, Trojans, and Backdoors 28 / 47 UFMG
29. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
SMC-Aware Processor
Figure: Modified Cache. Figure: Modified MMU.
Among Viruses, Trojans, and Backdoors 29 / 47 UFMG
30. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
Publication
Figure: Link:
https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882
Among Viruses, Trojans, and Backdoors 30 / 47 UFMG
31. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Endpoint Protection
A first idea: Hardware features as signatures
Figure: Two-level branch predictor. A
sequence window of taken (1) and not-taken
(0) branches is stored in the Global History
Register (GHR).
0
10
20
30
40
50
60
70
80
90
100
8 16 24 32 40
Percentage
of
signature
collision
in
the
k−bit
space
Branch pattern length (in k bits)
Percentage of signature collision per branch−pattern length (in bits)
Patterns
Figure: Branch patterns coverage.
Among Viruses, Trojans, and Backdoors 31 / 47 UFMG
32. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Solutions Availability
Solutions Availability
Among Viruses, Trojans, and Backdoors 32 / 47 UFMG
33. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Solutions Availability
Code: The BranchMonitoring Project
Figure: Link: https://github.com/marcusbotacin/BranchMonitoringProject
Among Viruses, Trojans, and Backdoors 33 / 47 UFMG
34. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Solutions Availability
Service: Corvus Platform
Figure: Link: corvus.inf.ufpr.br Figure: Corvus’ Threat Intelligence.
Among Viruses, Trojans, and Backdoors 34 / 47 UFMG
35. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Current Projects
Current Research:
Malware Decompilation
Among Viruses, Trojans, and Backdoors 35 / 47 UFMG
36. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Current Projects
Publication
Figure: Link: https://dl.acm.org/doi/10.1145/3375894.3375895
Among Viruses, Trojans, and Backdoors 36 / 47 UFMG
37. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Current Projects
Decompilation Execution Example 1
Data Extraction
Debugging with GDB.
Decompilation
Lifting with Python.
Recompilation
Using GCC.
Among Viruses, Trojans, and Backdoors 37 / 47 UFMG
38. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Current Projects
Publication
Figure: Link: https://arxiv.org/abs/2109.06127
Among Viruses, Trojans, and Backdoors 38 / 47 UFMG
39. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Current Projects
Decompilation Execution Example 1
Figure: Malware Source-Code. Figure: Generated Patch.
Among Viruses, Trojans, and Backdoors 39 / 47 UFMG
40. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Machine Learning:
The Latest Trend
Among Viruses, Trojans, and Backdoors 40 / 47 UFMG
41. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Malware Evasion Competition
Figure: Source: mlsec.io
Figure: Source: https:
//www.microsoft.com/security/blog/20
21/07/29/attack-ai-systems-in-machin
e-learning-evasion-competition/
Among Viruses, Trojans, and Backdoors 41 / 47 UFMG
42. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Adversarial Machine Learning
Figure: Source: https://github.com/marcusbotacin/Talks/tree/master/Waikato
Among Viruses, Trojans, and Backdoors 42 / 47 UFMG
43. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Adversarial Malware
Figure: Dropper Strategy. Figure: Data Appendix Result.
Among Viruses, Trojans, and Backdoors 43 / 47 UFMG
44. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Challenge Results
Figure: Defenders Challenge.
Among Viruses, Trojans, and Backdoors 44 / 47 UFMG
45. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
Challenge Results
Figure: Attackers Challenge.
Among Viruses, Trojans, and Backdoors 45 / 47 UFMG
46. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Machine Learning
What’s Next?
Among Viruses, Trojans, and Backdoors 46 / 47 UFMG
47. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions
Recap & Remarks
Thanks!
Questions? Comments?
@MarcusBotacin
mfbotacin@inf.ufpr.br
mfbotacin@gmail.com
marcusbotacin.github.io
corvus.inf.ufpr.br
Among Viruses, Trojans, and Backdoors 47 / 47 UFMG