The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they cou...

Preventive measures sometimes fail to deflect malicious attacks. In this paper, we adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for co...

In this paper, we introduce malicious Bayesian congestion games as an extension to congestion games where players might act in a malicious way. In such a game each player has two types. Either the player is a rational player seeking to minimize her own delay, or with a certain probability the player is malicious in which case her only goal is to disturb the other players as much as possible. We...

In the last few years we have concentrated our research efforts on new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself? This led...

Recent years have seen a dramatic increase of security incidents on the Internet related to e-mail worms. These particular pieces of malicious code are often developed by mischievous teenagers and are not very skillfully engineered, but still spread globally in a matter of minutes and cause a large amount of economic damage. Conventional anti-virus products nowadays still rely on static pattern...

Malicious cryptology and malicious mathematics is an emerging domain initiated in Filiol & Josse (2007); Filiol & Raynal (2008;b). It draws its inspiration from crypto virology Young & Yung (2004). However this latter domain has a very limited approach of how cryptography can be perverted by malware. Indeed, their authors consider the case of extortion malware in which asymmetric cryptography i...

The primary intent of this paper is detect malicious traffic at the network level. To this end, we apply several machine learning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, Naı̈ve Bayesian, SVM and Boosting algorithms are used to classify malware communications that are generated from dynamic malware analysis framework. The generated traffic log f...

Mobile ad hoc networks (MANETs) are multi-hop wireless networks of mobile nodes constructed dynamically without the use of any fixed network infrastructure. Due to inherent characteristics of these networks, malicious nodes can easily disrupt the routing process. A traditional approach to detect such malicious network activities is to build a profile of the normal network traffic, and then iden...

The security of computers is a function of both their inherent vulnerability and the environment in which they operate. Much as with the public health of human populations, the “public health” of computer populations can be studied in terms of what factors influence their security. Using data collected from Microsoft Windows Malicious Software Removal Tool (MSRT) running on more than one billio...

Computational Grid allows customers to submit tasks to service providers. To maintain the availability, fairness and performance, it is critical to protect Computational Grid systems from malicious participants. Current solutions to this problem assume that the system would contain either malicious consumers only or malicious service provider only. However, in the real world, both consumers and...