Browsing by Author "Namanya, Anitta Patience"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item Detection of Malicious Portable Executables using Evidence Combinational Theory with Fuzzy Hashing(IEEE, 2016) Namanya, Anitta Patience; Khan Ali Mirza, Qublai; Al-Mohannadi, Hamad; Awan, Irfan U.; Ferdinand Pagna Disso, JulesFuzzy hashing is a known technique that has been adopted to speed up malware analysis processes. However, Hashing has not been fully implemented for malware detection because it can easily be evaded by applying a simple obfuscation technique such as packing. This challenge has limited the usage of hashing to triaging of the samples based on the percentage of similarity between the known and unknown. In this paper, we explore the different ways fuzzy hashing can be used to detect similarities in a file by investigating particular hashes of interest. Each hashing method produces independent but related interesting results which are presented herein. We further investigate combination techniques that can be used to improve the detection rates in hashing methods. Two such evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. This study focuses on file and section Ssdeep hashing, PeHash and Imphash techniques to calculate the similarity of the Portable Executable files. Our results show that the detection rates are improved when evidence combination techniques are used.Item Malicious Portable Executable Static Scoring method using Evidence Combinational Theory with Fuzzy Hashing(Electrical Engineering and Computer Science, 2017) Namanya, Anitta PatienceMalware detection and prevention systems are bypassed by malicious files in computer networks as malware become more complex and vast in number. This work introduces and investigates how different hashing results can be combined to achieve better detection rates. Two evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. Our results show that the detection rates are improved when evidence combination techniques are applied.Item Performance Modelling and Analysis of the Delay Aware Routing Metric in Cognitive Radio Ad Hoc Networks(IEEE, 2013) Namanya, Anitta Patience; Pagna-Disso, JulesCognitive Radio Networks have been proposed to solve the problem of overcrowded unlicensed spectrum by using the cognitive ability built in software radios to utilise the underutilised licensed channel when the licensed users are not using it. Successful results from the research community have led to its application to wireless technologies like Ad Hoc networks due to their extensive advantages. Cognitive Radio Ad Hoc networks are a novel technology that will provide a solution to many communication challenges. This paper investigates the end-to-end performance modelling of a link using quality of service parameters; delay vs. link capacity while considering the factors of spectrum management and node mobility of two nodes in tandem representing a hop in Cognitive Radio Ad Hoc networks. We modelled spectrum management and node mobility using the pre-emptive resume priority M/G/1 queuing model and the gated node model respectively. We considered delay aware routing schemes; shortest queue and random probability routing and compared them with the analytical link-capacity for analysis. The study shows that already existing mathematical models can be used as close approximations to analyse the queuing models proposed for Cognitive Radio Ad Hoc Networks.Item Performance Security Trade-off of Network Intrusion Detection and Prevention Systems(UK Performance Engineering Workshop and Cyber Security Workshop, 2016) Munir, Rashid; Ahmed, Botan; Al-Mohannadi, Hamad; Mufti, M. Rafiq; Namanya, Anitta Patience; Awan, IrfanSecurity cyber threats are increasing with most companies being overwhelm by the complexity attached to prevention against attacks. Network Intrusion detection and prevention systems (NIDPS) are now a stable in any enterprise network with the purpose of filtering through the network traffic and sniffing for malicious traffic. Given the amount of traffic generated on enterprise networks nowadays, any NIDPS is sure to go through a big number of packets that a need arises for a performance- security trade-off. On any given day, based on the rules used in the NIDPS, the number of alerts it generates are in thousands. This can be quite overwhelming to security analysts who analyse them to understand the cyber threat landscape. Although it is true the more alerts, the higher the probability of detecting malicious traffic, it is also true that alerts require the traffic to go through many rules which can be quite a performance hindrance. This is the paradox plagued by the cyber security community currently. In this paper, we examine 2 scenarios to evaluate the performance security trade-off for the purpose of propose ways of improving the performance while minimising the impact on the security purpose for the NIDPS.Item Similarity hash based scoring of portable executable files for efficient malware detection in IoT(Future Generation Computer Systems, 2020) Namanya, Anitta Patience; Awan, Irfan U.; Pagna Disso, Jules; Younas, MuhammadThe current rise in malicious attacks shows that existing security systems are bypassed by malicious files. Similarity hashing has been adopted for sample triaging in malware analysis and detection. File similarity is used to cluster malware into families such that their common signature can be designed. This paper explores four hash types currently used in malware analysis for portable executable (PE) files. Although each hashing technique produces interesting results, when applied independently, they have high false detection rates. This paper investigates into a central issue of how different hashing techniques can be combined to provide a quantitative malware score and to achieve better detection rates. We design and develop a novel approach for malware scoring based on the hashes results. The proposed approach is evaluated through a number of experiments. Evaluation clearly demonstrates a significant improvement (> 90%) in true detection rates of malware.Item Towards a fast off-line static malware analysis framework(IEEE, 2018) Chikapa, Macdonald; Namanya, Anitta PatienceThe profitability in cybercrime activity has resulted into an exponential growth of malware numbers and complexity. This has led to both industry and academic research building malware research labs to allow for deeper malware analysis so that for more efficient detection techniques can be proposed. Extended malware study could lead to development of more advanced malware signatures, potentially resulting into designing of secure systems thus a resilient cyberspace. Malware classification and clustering based on malware families and traits is an important step in malware analysis. This paper presents a comparative study of file format hashes that are used in the industry is conducted in an effort towards suggesting an approach for faster and easier offline malware classification framework.Item The World of Malware: An Overview(IEEE, 2018) Namanya, Anitta Patience; Cullen, Andrea; Awan, Irfan U.; Pagna Disso, JulesMalware, short for malicious software is a program code that is hostile and often used to corrupt or misuse a system. Introducing malware into a computer network environment has different effects depending on the design intent of the malware and the network layout. Malware detection and prevention systems are bypassed by malicious files in computer systems as malware become more complex and large in numbers. This paper presents an overview of the world of malware with the intent of providing the underlying information for the intended study into developing malware detection approaches.