The first appearance of viruses can date back to the late last century. As an effective form of malware, viruses reside in the permanent storage of target hosts. Before a virus can execute, that must load into memory from the persistent storage included in the associated file. Due to the reliable destructive power of viruses, many mechanisms have been developed to defend computer systems against these hazardous threats. Antivirus software is one of the most famous and popular among these mechanisms. Most antivirus software uses static analysis (signature-based) technology on files stored in permanent storage, such as hard disks or USB flashes, to detect viruses hidden in files. Fileless malware was developed to enhance the survivability of malware by circumventing detection. Fileless malware only exists in the target hosts’ memory, not files. Antivirus software cannot even access the fileless malware code, much less analyze it, since it may be performed in memory directly without needing to load it from a disk. As a result, it is difficult for an antivirus engine to defend a system against fileless malware attacks. This paper proposes a kernel-based solution called Check-on-Execution (CoE) to detect fileless malware on a Linux system. When a program is going to execute a piece of code in a writable and executable memory area of a process, CoE suspends the code execution first. Coe retrieves the code from memory, packs the code with an ELF header to create an ELF file, and uses VirusTotal to check the file to prevent a Linux system from executing fileless malware. Experimental results show that CoE noticeably enhances the ability of a Linux system to defend itself again fileless malware. CoE is also suitable for protecting a system from shell code injection attacks, such as buffer and heap overflow attacks. It is capable of handling even packed malware. But in this paper, we only focus on fileless malware.
Most reversible data hiding (RDH) algorithms for color images directly embed secret information in the luminance channel. As a result, the grayscale version of the color image is usually distorted. Since many color image processing algorithms work on the grayscale version, their performance on marked color images may get seriously impacted. Therefore, RD H with grayscale invariance (RDH-GI) is advanced to eliminate such shortcomings and has received great attention thereafter. However, their performance is still far from satisfactory. This paper presents a novel RDH-GI method by exploiting the pixel clustering technique to segment host pixels into different complexity levels. Data embedding tends to take place in less complex regions, and thus image distortion is reduced while maintaining grayscale invariance. Experiments prove the effectiveness of the proposed work.
We propose the modified residual method based on the unbiased Grey Model (GM(1,1)) combined with the Auto-Regressive Integrated Moving Average (ARIMA) and backpropagation neural network (BPNN). The model adopts BPNN when describing the nonlinear characteristics of the curve, and the GM-ARIMA model, which is widely used in linear time series prediction. Specifically, the BPNN model is used to simulate the curve and extract the nonlinear characteristics. Then, the residuals generated by the nonlinear model contain only linear features. Next, the GM-ARIMA model is applied to fit the residuals to extract the linear features. A Hybrid prediction model based on BPNN and GM-ARIMA models has the predicted values of the BPNN model combined with the predicted values of the residuals that are fitted by the GM-ARIMA model. In this research, the model enhances the local search ability of the genetic algorithm and avoids the neural network training falling into local minima. The results show that the improved GM-ARIMA and GM-BPNN model have strong searchability, improve accuracy, and shorten the training time. Finally, the application of the model and the prediction results are described by example tests.
Rapid restoration of power systems is vitally important following an outage; however, existing optimal objectives and models to start up all the generators may cause problems where by some generators are ramping while others are waiting shown in the calculation results. To address this problem considering the generator regulation characteristics, a variable-constrained maximum-value minimisation model is proposed in this study to describe the practical problem. By introducing the time variable t, the variable-constrained optimisation problem is converted to a constrained optimal power flow problem, which can be solved using common optimisation approaches. Applying the proposed model and method, the optimisation method is discussed considering the characteristics of generators during power system black start. Numerical results show that the algorithm is effective and can significantly reduce the restoration time. The algorithm described here is applied to the Guangdong power grid self-healing decision-making system.
Users are more at risk from ransomware as time goes on. Invading users' computers with ransomware aims to encrypt their data and demand payment. Although anti-virus software may identify ransomware assaults on computers, it cannot prevent them until they are identified. Since many users may have already been hit by ransomware during this viral window period, safeguarding users during this time becomes a priority. We present a way to identify suspected ransomware in real-time. It would integrate into the Windows mini-filter driver to fight against ransomware assaults. This approach makes it challenging for ransomware to evade our detection. Our technology allows consumers to terminate the currently running application or put it on the whitelist once it has been flagged as potentially malicious software. Our solution enables users to edit the software and recovers the altered files when they choose to end the application, lessening their loss.
The bothersome evil twin problem has an active user-side remedy in the form of the Wireless Packet Forwarding Detector (WPFD). The evil twin issue can lead to further security problems, including man-in-the-middle (MITM) attacks. Open public Wi-Fi connections have provided potential answers to this issue, although they often need more data that people either cannot get or are too pricey for regular users. The solution that we created does not require these standards. It allows users’ notebooks to be used to check for evil twins. We have succeeded in developing a user-side detection system that can successfully identify the presence of an evil twin. The packet forwarding behavior generated by the evil twin and the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol are both used by the WPFD. It can identify evil twins without a hitch when we utilize accessible Wi-Fi settings in public spaces or IoT smart homes with unencrypted WLANs (Wireless Local Area Network). However, neither additional data nor a wireless network administrator’s assistance is needed. We compare our work to various publications on popular Rogue Access Points (APs) or IoT (Internet of Things) smart homes. The WPFD does not require any extra setup to install on the host of any end user. According to experimental findings, the WPFD true positive and true negative rates are 100% even when Received Signal Strength Index (RSSI) is 45%.
'/%3e%3cuse xlink:href='%23a' transform='rotate(60)'/%3e%3ccircle r='17' fill='%23000095'/%3e%3ccircle r='15' fill='%23fff'/%3e%3c/svg%3e)
'/%3e%3cuse xlink:href='%23a' transform='rotate(23.036 .093 25.536)'/%3e%3cuse xlink:href='%23a' transform='rotate(45.87 1.273 16.18)'/%3e%3cuse xlink:href='%23a' transform='rotate(69.945 .996 12.078)'/%3e%3cuse xlink:href='%23a' transform='rotate(20.66 -19.689 31.932)'/%3e%3c/svg%3e)