The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an att...

Malicious website attacks, including phishing, malware, and drive-by downloads have become a huge security threat to today’s Internet. Various studies have been conducted to explore approaches to prevent users from being attacked by malicious websites. However, no studies to date exist on the prevalence of and temporal characteristics of such traffic. In this paper, we developed the PhishLive s...

In this paper we explore the problem we call “malicious impostor emails.” Compared with the fairly well-known abuses such as spam and email worms, malicious impostor emails could be much more catastrophic because their payloads may directly target at the victim users’ cryptographic keys (via whatever means) and their content—except the malicious payload as an attachment—could look perfectly lik...

The recent growth in network usage has motivated the creation of new malicious code for various purposes, including economic and other malicious purposes. Currently, dozens of new malicious codes are created every day and this number is expected to increase in the coming years. Today’s signature-based anti-viruses and heuristic-based methods are accurate, but cannot detect new malicious code. R...

Though popularly used for safe web browsing, blacklist-based filters have fundamental limitation in the “window of vulnerability”, the time between malicious website launch and blacklist update. An effective way of seamless protection is to use an add-on filter based on heuristics, but most of prior heuristics have offered the limited scope of protection against new attacks. Moreover, they have...

A Tor network popularly known as an anonymous network provides a way to access internet services anonymously through a series of routers without revealing users identity. A user almost remains unknown in the public networks and makes use of various facilities of his interest. Networks such as “Tor (The Onion Router)”,”Crowds” and “I2P” gained popularity in the past several years, but success of...

Automated filters are commonly used in on line chat to stop users from sending malicious messages such as age-inappropriate language, bullying, and asking users to expose personal information. Rule based filtering systems are the most common way to deal with this problem but people invent increasingly subtle ways to disguise their malicious messages to bypass such filtering systems. Machine lea...

Wireless sensor network is the most commonly used means of wireless communication. Malicious activities in wireless sensor network will degrade its performance. Such as, by decreasing the energy consumption and increasing the bandwidth the overall network performance will decrease. Researchers are focusing on the prevention of malicious nodes and malicious activities in the earlier stages for e...

Static malware analysis is well-suited to endpoint anti-virus systems as it can be conducted quickly by examining the features of an executable piece of code and matching it to previously observed malicious code. However, static code analysis can be vulnerable to code obfuscation techniques. Behavioural data collected during file execution is more difficult to obfuscate, but takes a relatively ...

In a database, the results of one transaction can affect the execution of other future transactions. A single malicious transaction can damage data and in turn make the transactions that use this dirty data, malicious and so on. The complexity of attack recovery is mainly caused by a phenomenon called damage spreading. We have developed the damage assessor and damage repairer modules of an intr...