Research report of the analysis and synthesis of current cyber security violation issue (Malware)

QUESTION: Write a quality research report of the analysis and synthesis indicated in the Final Annotated Bibliography.

The following Bibliography is based on – Current cyber security violation issue (MALWARE) that face a world with different cultural standards.

1.

Lévesque, F., Chiasson, S., Somayaji, A., & Fernandez, J. (2018). Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach. ACM Transactions on Privacy and Security, 21(4), 1–30.

https://doi.org/10.1145/3210311

The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented because of user actions. Although there has been significant research on the technical aspects of malware attacks and defense, there has been much less research on how users interact with both malware and current malware defenses. This article describes a field study designed to examine the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. In a fashion like medical studies that evaluate the efficacy of a particular treatment, our experiment aimed to assess the performance of AV software and the human risk factors of malware attacks. AV performance was found to be lower under real-life conditions compared to tests conducted in controlled conditions. Moreover, computer expertise, volume of network usage, and peer-to-peer activity were found to be significant correlates of malware attacks.

2.

Rakotondravony, N., Taubmann, B., Mandarawi, W., Weishäupl, E., Xu, P., Kolosnjaji, B., Protsenko, M., de Meer, H., & Reiser, H. (2017). Classifying malware attacks in IaaS cloud environments. Journal of Cloud Computing : Advances, Systems and Applications, 6(1), 1–12.

https://doi.org/10.1186/s13677-017-0098-8

In the last few years, research has been motivated to provide a categorization and classification of security concerns accompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by the risks, threats and vulnerabilities imposed by the components within the environment and have provided general classifications of related attacks, as well as the respective detection and mitigation mechanisms. Virtual Machine Introspection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized environments. In this paper, we classify attacks in IaaS cloud that can be investigated using VMI-based mechanisms. This infers a special focus on attacks that directly involve Virtual Machines (VMs) deployed in an IaaS cloud. Our classification methodology takes into consideration the source, target, and direction of the attacks. As each actor in a cloud environment can be both source and target of attacks, the classification provides any cloud actor the necessary knowledge of the different attacks by which it can threaten or be threatened, and consequently deploy adapted VMI-based monitoring architectures. To highlight the relevance of attacks, we provide a statistical analysis of the reported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.

3.

Ming, J., Xin, Z., Lan, P., Wu, D., Liu, P., & Mao, B. (2017). Impeding behavior-based malware analysis via replacement attacks to malware specifications. Journal of Computer Virology and Hacking Techniques, 13(3), 193–20

7.

https://doi.org/10.1007/s11416-016-0281-3

As the underground market of malware flourishes, there is an exponential increase in the number and diversity of malware. A crucial question in malware analysis research is how to define malware specifications or signatures that faithfully describe similar malicious intent and also clearly stand out from other programs. Although the traditional malware specifications based on syntactic signatures are efficient, they can be easily defeated by various obfuscation techniques. Since the malicious behavior is often stable across similar malware instances, behavior-based specifications which capture real malicious characteristics during run time, have become more prevalent in anti-malware tasks, such as malware detection and malware clustering. This kind of specification is typically extracted from the system call dependence graph that a malware sample invokes. In this paper, we present replacement attacks to camouflage similar behaviors by poisoning behavior-based specifications. The key method of our attacks is to replace a system call dependence graph to its semantically equivalent variants so that the similar malware samples within one family turn out to be different. As a result, malware analysts have to put more efforts into reexamining the similar samples which may have been investigated before. We distil general attacking strategies by mining more than 5200 malware samples’ behavior specifications and implement a compiler-level prototype to automate replacement attacks. Experiments on 960 real malware samples demonstrate the effectiveness of our approach to impede various behavior-based malware analysis tasks, such as similarity comparison and malware clustering. In the end, we also discuss possible countermeasures in order to strengthen existing malware defense.

4.

Reddy, G., & Lakshmi, S. (2021). Exploring adversarial attacks against malware classifiers in the backdoor poisoning attack. IOP Conference Series. Materials Science and Engineering, 1022(1).

https://doi.org/10.1088/1757-899X/1022/1/012037

Machine learning is becoming the latest trend by making growing use of it in various fields of application. Along with that, the invasions designed to evade these systems has also evolved apparently. The adversarial attacks are becoming the major threats for developing threats to these models. Current training pipelines for the classification of malware based on machine learning (ML) depend on crowdsourced threat feeds which expose a normal point of injection. We research the vulnerability of ML malware classifications to backdoor poisoning attack for the first time, concentrating explicitly on stimulating “clean label” attacks where attackers donate monitor the mechanism of sample classification. In this paper, we reviewed various attacks based on machine learning models and their working strategies. We also discussed the threat models and backdoor attacks on malware classifiers.

5.

Broucek, V., & Turner, P. (2013). Technical, legal and ethical dilemmas: distinguishing risks arising from malware and cyber-attack tools in the “cloud”—a forensic computing perspective. Journal of Computer Virology and Hacking Techniques, 9(1), 27–33.

https://doi.org/10.1007/s11416-012-0173-0

These vulnerabilities generate a range of questions relating to the capacity of organizations relying on cloud solutions to effectively manage risk. This has become particularly the case as the threats faced by organizations have moved increasingly away from indiscriminate malware to more targeted cyber-attack tools. From forensic computing perspective it has also been recognized that ‘cloud solutions’ pose additional challenges for forensic computing specialists including discoverability and chain of evidence (Ruan et al. in Adv Digital Forensics VII:35–46, 2011; Reilly et al. in Int J Multimedia Image Process 1:26–34, 2011). However, to date there has been little consideration of how the differences between indiscriminate malware and targeted cyber-attack tools further problematize the capacity of organizations to manage risk. This paper also considers these risks and differentiates between technical, legal, and ethical dilemmas posed. The paper also highlights the need for organizations to be aware of these issues when deciding to move to cloud solutions.

6.

Alaeiyan, M., Dehghantanha, A., Dargahi, T., Conti, M., & Parsa, S. (2020). A Multilabel Fuzzy Relevance Clustering System for Malware Attack Attribution in the Edge Layer of Cyber-Physical Networks. ACM Transactions on Cyber-Physical Systems, 4(3), 1–22.

https://doi.org/10.1145/3351881

The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical Systems (CPSs), where a malware attack may cause significant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS devices, most of the efforts for protecting CPS networks are focused on the edge layer, where the majority of security mechanisms are deployed. Since the majority of advanced and sophisticated malware programs are combining features from different families, these malicious programs are not similar enough to any existing malware family and easily evade binary classifier detection. Therefore, in this article, we propose a novel multilabel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide insight into applicable malware threats to the CPS network. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multilabel classifier does not classify a part of samples. We named this problem the instance coverage problem. To overcome this problem, we developed an ensemble-based multilabel fuzzy classification method to suggest the relevance of a malware instance to the stricken families.

7.

Maiorca, D., Biggio, B., & Giacinto, G. (2019). Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks. ACM Computing Surveys, 52(4), 1–36.

https://doi.org/10.1145/3332184

Malware still constitutes a major threat in the cybersecurity landscape, also due to the widespread use of infection vectors such as documents. These infection vectors hide embedded malicious code to the victim users, facilitating the use of social engineering techniques to infect their machines. Research showed that machine-learning algorithms provide effective detection mechanisms against such threats, but the existence of an arms race in adversarial settings has recently challenged such systems. In this work, we focus on malware embedded in PDF files as a representative case of such an arms race. We start by providing a comprehensive taxonomy of the different approaches used to generate PDF malware and of the corresponding learning-based detection systems. We then categorize threats specifically targeted against learning-based PDF malware detectors using a well-established framework in the field of adversarial machine learning. This framework allows us to categorize known vulnerabilities of learning-based PDF malware detectors and to identify novel attacks that may threaten such systems, along with the potential defense mechanisms that can mitigate the impact of such threats. We conclude the article by discussing how such findings highlight promising research directions towards tackling the more general challenge of designing robust malware detectors in adversarial settings.