We present Malicious Email Filter, MEF, a freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server. The system has three capabilities: detection of known and unknown malicious attachments, tracking the propagation of malicious attachments and efficient model update algorithms. The system filters mu...

Abstract— Peer-to-Peer ( P2P ) systems have been the center of attention in recent years due to their advantage . Since each node in such networks can act both as a service provider and as a client , they are subject to different attacks . Therefore it is vital to manage confidence for these vulnerable environments in order to eliminate unsafe peers . This paper investigates the use of genetic ...

Malicious behaviors and cooperation have been well studied separately. However, rare systematic study has been conducted on the combination of them: malicious cooperation. In this paper, a general quantitative utility function of malicious cooperation is firstly formulated in a congestion game framework. Both objective and subjective factors are incorporated (e.g., malicious social networks and...

Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code ...

Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code ...

Fighting against computer malware require a mandatory step of reverse engineering. As soon as the code has been disassemblied/decompiled (including a dynamic analysis step), there is a hope to understand what the malware actually does and to implement a detection mean. This also applies to protection of software whenever one wishes to analyze them. In this paper, we show how to amour code in su...