Sharif Digital Repository

Advances in computing and networking areas lead to advent of malwares with new and sophisticated features. One of these type of malwares are environment sensitive malwares which behave differently when finding out specific signs in the execution environment. They first was considered and defined in the context of malware analysis systems; meaning that these types of malwares stop their malicious behavior when detecting analysis machine as their execution environment. In this way they could challenge and evade analysis process. Afterwards, the domain of environment sensitive malwares went beyond the analysis systems and covered all environmental sensitivities which hinder the progress of... 

Widespread growth in popularity of Android apps stimulates malware authors to consider Android-based devices as an atractive target platform. To defend against this severe increase of Android malwares and help users make a beter evaluation of apps, several approaches have been proposed. However, most of them suffer from some shortcomings such as being computationally expensive, not being general, or not being robust enough.According to obfuscation, encryption, and transformation techniques used in malwares, the static detection techniques are not efficient. Another approach is to use dynamic detection techniques, but existing dynamic techniques suffer from lack of atention to semantic... 

During recent decade huge number of new malware samples and their complexity have caused challenges to malware detection procedure. additionally the use of kernel level rootkit has been grew up. while rootkits usually defeat current security products which are cheifly relied on Operating system for gathering information and also running, existing nti-rootkit solutions can not cover all kinds of rootkits.In this work we have studied the problem of kernel-level rootkits in Windows operating system. we believe that focusing on kernel drivers features, will result in an overall view needs for monitoring kernel activity of the rootkits. Thus with regards to proves for lower volume of obfuscation... 

Web applications and services have been developed and deployed with unprecedented speed, providing various important functionalities to the end user such as office applications, social networking, content sharing, education, and entertainment. Given its popularity and ubiquity, the Web also attracts the attention of malicious entities. Indeed, the Web and its global user community have observed various forms of attack in the past. Among these attacks, using the Web as a channel to distribute malware has become a prominent issue. This type of attack called drive by download attack. This issue has generated a great deal of attention from the security research community . Existing systems to... 

Obfuscation transformations complicate a software and make it incomprehensible via syntactical changes. This provides high incentive for malware authors to employ different obfuscation techniques. The practical nature of this problem and lack of common definitions in this area have limited the encountering fronts. Whenever a new obfuscation method becomes known in the wild, ad-hoc deobfuscation solutions follow it, trying to recognize it in details and reverse it step by step. As more obfuscation transformations become readily available for malware developers, this approach becomes more costly and impractical. This rises the perceived need for automated deobfuscation. For example, the... 

Today, smart devices have become an integral part of everyday life. The Android operating system is also the most popular operating system of these devices, and as a result, various malwares are produced and distributed for this operating system every day. This makes it especially important to investigate these malwares. This includes finding people involved in the development and distribution of malware, as well as discovering other malwares created by them. Discovering other involved entities, such as social media accounts, websites, Android store accounts, and taking steps to prevent malware from being distributed by them is another aspect of this story. In order to deal with organized... 

The widespread use of the Android operating system has made it an attractive target for attackers. In the field of malware identification and mitigation, the use of machine learning methods has seen significant advancements due to their ability to identify unknown malware. One of these methods is graph-based techniques in constructing malware detection systems, which have achieved high success rates in identifying malware. However, machine learning methods suffer from the vulnerability of being misled by adversarial examples. One important aspect in both malware detection systems and adversarial attacks is the limitations imposed on software modification. Any changes made to the application...