Mgr. Martin Jureček

Publikace

Distance Metric Learning using Particle Swarm Optimization to Improve Static Malware Detection

Rok
2020
Publikováno
Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 725-732. ISSN 2184-4356. ISBN 978-989-758-399-5.
Typ
Stať ve sborníku
Anotace
Distance metric learning is concerned with finding appropriate parameters of distance function with respect to a particular task. In this work, we present a malware detection system based on static analysis. We use k-nearest neighbors (KNN) classifier with weighted heterogeneous distance function that can handle nominal and numeric features extracted from portable executable file format. Our proposed approach attempts to specify the weights of the features using particle swarm optimization algorithm. The experimental results indicate that KNN with the weighted distance function improves classification accuracy significantly.

Automatická detekcia škodlivého kódu

Autoři
Rok
2019
Publikováno
Sborník příspěvků PAD 2019 – elektronická verze. Praha: AMCA spol. s r.o., 2019. p. 35-38. ISBN 978-80-88214-20-5.
Typ
Stať ve sborníku
Anotace
Problém automatickej detekcie malware predstavuje v súčasnosti pre antivírové spoločnosti veľké výzvy. Každý deň sa vygeneruje čoraz väčšie množstvo nových neznámych vzoriek škodlivého kódu, ktoré je potrebné včas detekovať. Pretože manuálna analýza vzoriek z dôvodu ohromného množstva nie je možná, je nutné využiť automatickú detekciu malware. Algoritmy strojového učenia sa ukazujú byť vhodným nástrojom, ktorý je do určitej miery schopný adaptovať sa a detekovať aj nové, doteraz neznáme vzorky.

Side-Channel Attack on the A5/1 Stream Cipher

Rok
2019
Publikováno
Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 633-638. ISBN 978-1-7281-2862-7.
Typ
Stať ve sborníku
Anotace
In this paper we present cryptanalysis of the A5/1 stream cipher used in GSM mobile phones. Our attack is based on power analysis where we assume that the power consumption while clocking 3 LFSRs is different than when clocking 2 LFSRs. We demonstrate a simple power analysis (SPA) attack and discuss existing differential power analysis (DPA). We present the attack for recovering secret key based on the information on clocking bits of LFSRs that was deduced from power analysis. The attack has a 100% success rate, requires minimal storage and it does not requires any single bit of a keystream. An average time complexity of our attack based on SPA is around 233 where the computation unit is a resolution of system of linear equations over the Z2. Recovering the secret key using information from the DPA has a constant complexity.

Malware Detection Using a Heterogeneous Distance Function

Rok
2018
Publikováno
Computing and Informatics. 2018, 37(3), 759-780. ISSN 1335-9150.
Typ
Článek
Anotace
Classication of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual in- vestigation is not possible, automated malware classication is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neigh- bors classier and the statistical scoring technique from. We have extracted the most relevant features from portable executable (PE) le format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental re- sults show that the accuracy of our classier is 98.80%. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.