The SSL/TLS protocol is widely used in data encryption transmission. Aiming at the problem of detecting SSL/TLS-encrypted malicious traffic with small-scale and unbalanced training data, a deep-forest-based detection method called DF-IDS proposed this paper. According to characteristics SSL/TSL protocol, network was split into sessions according 5-tuple information. Each session then transforme...

In any defense mechanism, malicious code detection is a crucial component. To subvert malicious code detectors, e.g anti-virus software, malicious code writers try to subvert these detectors by obfuscating the malicious code. As testing results surprisingly showed, commercial virus scanners were not able to detect infected binaries which were transformed by applying simple obfuscation technique...

The defense of computer systems from malicious software attacks, such as viruses and worms, is a key aspect of computer security. The analogy between malicious software and biological infections suggested us to use the κcalculus, a formalism originally developed for the analysis of biological systems, for the formalization and analysis of malicious software. By modeling the different actors inv...

Web applications are most widely used technique for providing an access to online services. At the same time web applications are easiest way for vulnerable acts. When a security mechanism is failed then the user may download malicious code from a trusted web site. In this case, the malicious script is contracted to full access with all assets belonging to that legitimate web site. These types ...

WSN is a distributed network exposed to an open environment, which is vulnerable to malicious nodes. To find out malicious nodes among a WSN with mass sensor nodes, this paper presents a malicious detection method based on maximum entropy model. Given the types of a few sensor nodes, it extracts sensor nodes’ preferences related with the known types of malicious node, establishes the maximum en...

Detecting malicious peers is a challenging task in peer-to-peer networks due to their decentralized structure and lack of central authority. Trust models can help identify malicious peers by maintaining information about peer relations and interactions. Keeping information about trust relations helps to reduce risks when providing or using services. This paper introduces two consistency concept...

In the escalating arms race between malicious code and security tools designed to analyze it, detect it or mitigate its impact, malicious code running inside the operating system kernel provides an extremely powerful tool. Kernel-level code can introduce hard to detect backdoors, provide stealth by hiding files, processes or other resources and in general tamper with operating system code and d...

Today computer field has gained a lot of importance in our day to day life to deal with many aspects like education, entertainment purpose etc. System security is warned by weapons named as malicious software to fulfill malicious intention of its authors. Malicious software known as malware is one of the common problem faced by the internet today. The key to detect these threats are also availa...