A Novel Framework for Windows Malware Detection Using a Deep Learning Approach

Malicious software (malware) is one of the main cyber threats that organizations and Internet users are currently facing. Malware is a software code developed by cybercriminals for damage purposes, such as corrupting the system and data as well as stealing sensitive data. The damage caused by malware is substantially increasing every day. There is a need to detect malware efficiently and automatically and remove threats quickly from the systems. Although there are various approaches to tackle malware problems, their prevalence and stealthiness necessitate an effective method for the detection and prevention of malware attacks. The deep learning-based approach is recently gaining attention as a suitable method that effectively detects malware. In this paper, a novel approach based on deep learning for detecting malware proposed. Furthermore, the proposed approach deploys novel feature selection, feature co-relation, and feature representations to significantly reduce the feature space. The proposed approach has been evaluated using a Microsoft prediction dataset with samples of 21,736 malware composed of 9 malware families. It achieved 96.01% accuracy and outperformed the existing techniques of malware detection.     

An Immunization Scheme for Ransomware

In recent years, as the popularity of anonymous currencies such as Bitcoin has made the tracking of ransomware attackers more difficult, the amount of ransomware attacks against personal computers and enterprise production servers is increasing rapidly. The ransomware has a wide range of influence and spreads all over the world. It is affecting many industries including internet, education, medical care, traditional industry, etc. This paper uses the idea of virus immunity to design an immunization solution for ransomware viruses to solve the problems of traditional ransomware defense methods (such as anti-virus software, firewalls, etc.), which cannot meet the requirements of rapid detection and immediate prevention of new outbreaks attacks. Our scheme includes two parts: server and client. The server provides an immune configuration file and configuration file management functions, including a configuration file module, a cryptography algorithm module, and a display module. The client obtains the immunization configuration file from server in real time, and performs the corresponding operations according to the configuration file to make the computer have an immune function for a specific ransomware, including an update module, a configuration file module, a cryptography algorithm module, a control module, and a log module. This scheme controls mutexes, services, files and registries respectively, to destroy the triggering conditions of the virus and finally achieve the purpose of immunizing a computer from a specific ransomware.     

Analysis of Feature Importance and Interpretation for Malware Classification

This study was conducted to enable prompt classification of malware, which was becoming increasingly sophisticated. To do this, we analyzed the important features of malware and the relative importance of selected features according to a learning model to assess how those important features were identified. Initially, the analysis features were extracted using Cuckoo Sandbox, an open-source malware analysis tool, then thefeatures were divided into five categories using the extracted information. The 804 extracted features were reduced by 70% after selecting only the most suitable ones for malware classification using a learning model-based feature selection method called the recursive feature elimination. Next, these important features were analyzed. The level of contribution from each one was assessed by the Random Forest classifier method. The results showed that System call features were mostly allocated. At the end, it was possible to accurately identify the malware type using only 36 to 76 features for each of the four types of malware with the most analysis samples available. These were the Trojan, Adware, Downloader, and Backdoor malware.     

Understanding Research Trends in Android Malware Research Using Information Modelling Techniques

Android has been dominating the smartphone market for more than a decade and has managed to capture 87.8% of the market share. Such popularity of Android has drawn the attention of cybercriminals and malware developers. The malicious applications can steal sensitive information like contacts, read personal messages, record calls, send messages to premium-rate numbers, cause financial loss, gain access to the gallery and can access the user’s geographic location. Numerous surveys on Android security have primarily focused on types of malware attack, their propagation, and techniques to mitigate them. To the best of our knowledge, Android malware literature has never been explored using information modelling techniques. Further, promulgation of contemporary research trends in Android malware research has never been done from semantic point of view. This paper intends to identify intellectual core from Android malware literature using Latent Semantic Analysis (LSA). An extensive corpus of 843 articles on Android malware and security, published during 2009–2019, were processed using LSA. Subsequently, the truncated singular Value Decomposition (SVD) technique was used for dimensionality reduction. Later, machine learning methods were deployed to effectively segregate prominent topic solutions with minimal bias. Apropos to observed term and document loading matrix values, this five core research areas and twenty research trends were identified. Further, potential future research directions have been detailed to offer a quick reference for information scientists. The study concludes to the fact that Android security is crucial for pervasive Android devices. Static analysis is the most widely investigated core area within Android security research and is expected to remain in trend in near future. Research trends indicate the need for a faster yet effective model to detect Android applications causing obfuscation, financial attacks and stealing user information.     

Malware Detection Using Decision Tree Based SVM Classifier for IoT

The development in Information and Communication Technology has led to the evolution of new computing and communication environment. Technological revolution with Internet of Things (IoTs) has developed various applications in almost all domains from health care, education to entertainment with sensors and smart devices. One of the subsets of IoT is Internet of Medical things (IoMT) which connects medical devices, hardware and software applications through internet. IoMT enables secure wireless communication over the Internet to allow efficient analysis of medical data. With these smart advancements and exploitation of smart IoT devices in health care technology there increases threat and malware attacks during transmission of highly confidential medical data. This work proposes a scheme by integrating machine learning approach and block chain technology to detect malware during data transmission in IoMT. The proposed Machine Learning based Block Chain Technology malware detection scheme (MLBCT-Mdetect) is implemented in three steps namely: feature extraction, Classification and blockchain. Feature extraction is performed by calculating the weight of each feature and reduces the features with less weight. Support Vector Machine classifier is employed in the second step to classify the malware and benign nodes. Furthermore, third step uses blockchain to store details of the selected features which eventually improves the detection of malware with significant improvement in speed and accuracy. ML-BCT-Mdetect achieves higher accuracy with low false positive rate and higher True positive rate.     

An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

     

A rough TOPSIS Approach for Failure Mode and Effects Analysis in Uncertain Environments

This study aims at improving the effectiveness of failure mode and effect analysis (FMEA) technique. FMEA is a widely used technique for identifying and eliminating known or potential failures from system, design, and process. However, in conventional FMEA, risk factors of Severity (S), Occurrence (O), and Detection difficulty (D) are simply multiplied to obtain a crisp risk priority number without considering the subjectivity and vagueness in decision makers’ judgments. Besides, the weights for risk factors S, O, and D are also ignored. As a result, the effectiveness and accuracy of the FMEA are affected. To solve this problem, a novel FMEA approach for obtaining a more rational rank of failure modes is proposed. Basically, two stages of evaluation process are described: the determination of risk factors’ weights and ranking the risk for the failure modes. A rough group ‘Technique for Order Performance by Similarity to Ideal Solution’ (TOPSIS) method is used to evaluate the risk of failure mode. The novel approach integrates the strength of rough set theory in handling vagueness and the merit of TOPSIS in modeling multi‐criteria decision making. Finally, an application in steam valve system is provided to demonstrate the potential of the methodology under vague and subjective environment. Copyright © 2013 John Wiley & Sons, Ltd.     

Reliability Analysis Method on Repairable System with Standby Structure Based on Goal Oriented Methodology

This paper presents a reliability analysis method on repairable system with standby structure based on goal oriented (GO) methodology. Firstly, a new combination of GO operator, which is composed of a new logical GO operator named Type 18A operator and a new auxiliary GO operator named Type 20 operator, is created to represent standby mode. The availability formula of standby equipment with translation exception is deduced based on Markov process theory. Then, the application method of combination of GO operator for standby mode and the analysis process of repairable system with standby structure based on GO method are proposed. Thirdly, this new combination of GO operator is applied in availability analysis of the hydraulic oil supply system of power‐shift steering transmission. Finally, the results obtained by the new GO method are compared with the results of fault tree analysis, Monte Carlo simulation, GO methods using Type 2 operator and Type 18 operator to represent the standby mode, respectively. And the comparison results show that this new GO method is applicable and reasonable for reliability analysis of repairable system with standby structure. All in all, this paper provides guidance for reliability analysis of repairable systems with standby structure. Copyright © 2015 John Wiley & Sons, Ltd.     

PC/104下嵌入式Linux操作系统的优化方案

针对 PC/104 嵌入式计算机处理器主频较低,存储空间较小以及功能简单等特点,借鉴已有的嵌入式系统的成功经验,提出了优化 Linux 操作系统的方案。该方案从编译环境的构建、内核的修改和配置、启动步骤的建立、运行环境的配置、文件系统的选择等方面着手,在 PC/104 下实现了小型化、快速化和稳定化嵌入式 Linux 操作系统。     

牛胴体品质检测系统中基于嵌入式Linux的终端设计

设计基于嵌入式微处理器OMAP3530和操作系统Linux的牛胴体品质检测终端。采用CCD工业相机作为图像采集设备,运用Linux下应用编程接口（API）V4L2实现视频实时显示、图像捕获和保存;采用Wi-Fi技术实现终端与PC服务器之间图像以及数据的交互;应用程序基于Qt/Embedded开发实现。实验表明,该终端能在现场条件下稳定运行。     

Digital Imaging Methodology for Measuring Early Shrinkage Cracking in Concrete

The measurement of early shrinkage cracking in concrete is important to prevent aesthetic issues and avoid surface cracking that could lead to reinforcement corrosion and reduce the durability, long‐term service life and integrity of a structure. Moreover, the lack of standards and subjectivity of the very few methodologies proposed so far complicate its estimation. This research presents a new imaging methodology for evaluating and quantifying early shrinkage cracking patterns. The methodology was developed testing highly restrained square concrete slabs subjected to severe conditions of restraint and moisture loss. Its quantification consisted of photographing, processing the pictures and highlighting the cracks. For the first time, early shrinkage cracking in concrete can be measured through an experimental technique and quantified by means of geometric figures. In this way, more precise and automatic results are achieved, as flat figures adapt to the shape of cracks and store their properties. Therefore, parameters such as the total cracked area, total crack length, maximum crack width or average crack width were easily calculated. The results demonstrated the suitability of the wind tunnel test to produce significant cracking patterns, as well as the great capacity of the imaging methodology to identify and characterize the cracking pattern.     

响应面优化法研究果糖间苯二酚树脂胶粘剂的合成

以高果糖浆代替甲醛,在碱性条件下合成了一种绿色环保型果糖间苯二酚树脂胶粘剂。用响应面优化法对果糖间苯二酚树脂的合成条件进行了优化,以树脂黏度为考察指标,根据Box-Benhnken的中心组合实验设计原理,对实验进行设计并对结果进行了分析。研究了温度、时间和催化剂用量对反应的综合影响,得出最佳工艺条件为:反应温度61.97℃、反应时间5.24h、催化剂质量分数6.21%。在此条件下,树脂的黏度为285.523 mPa.s,测得所研制的胶粘剂的拉伸强度达到33.1 MPa。     

基于支持向量机的小样本响应曲面法研究

当影响因素和响应输出的关系较为复杂时,应用传统响应曲面法(RSM)、非参数响应曲面法(NPRSM)和人工神经网络(ANN)难以拟合真实的响应曲面,不仅需要大的样本量,而且泛化风险大,不易达到全局最优.将RSM归结为可有限制地主动获取样本的小样本机器学习问题,提出了一种基于支持向量机(SVM)的RSM.以大间隔网格取样,利用SVM拟合过程,对拟合方程寻优确定极值大致区域,再逐步缩小间隔求精.算例研究表明,该方法的拟合与泛化性能优于NPRSM和基于ANN的RSM,能在小样本条件下建立全局性数值模型,寻优可以得到多个极值.     

Linux操作系统下并行光互连链路驱动软件的研究

介绍了基于Linux操作系统,以光互边链路接口卡为网络硬件接口编制并行计算环境的物理层链路驱动软件的设计方法和程序结构等。利用此驱动程序已实现了运行RedHat Linux PC机之间的互连     

弹性力学求解体系的研究与进展 第十三届全国结构工程学术会议特邀报告

本文介绍弹性力学对偶求解体系的近期研究和进展:(1)提出一种新的正交关系。不用辛几何的概念,直接导出对偶微分方程组;(2)基于新正交关系,建立二维弹性力学特征函数展开直接解法,求得含可对角化边界条件下的显式封闭解:(3)将对偶求解体系推广到多坐标方向,建立多坐标方向的对偶微分方程和求解体系。(4)采用偏微分方程的算子解法,建立了板状弹性体的弯曲理论,把它的解分解为弯曲齐次解、特解、和衰减解:(5)将对偶求解体系推广应用于厚板和薄板问题,建立了有关的对偶微分方程,正交关系和变分原理。     

A new reliability analysis method for repairable systems with multifunction modes based on goal‐oriented methodology

This paper proposes a new systematic reliability analysis method for repairable systems with multifunction modes based on the goal‐oriented (GO) method. First, we create a new function GO operator, a new logical GO operator, and a new auxiliary GO operator, deduce their GO operation formulas, and propose some new rules of the GO operation and an exact algorithm with shared signal of the GO method for such systems. Then, we formulate the analysis process of repairable systems with multifunction modes based on the new GO method. Finally, we apply this new GO methodology to reliability analysis of the control system for a heavy vehicle. To verify the feasibility, advantage, and reasonableness of the new GO methodology, we compare its analysis results with those of fault tree analysis and Monte Carlo simulation. We show that the proposed GO method has clear advantages in system reliability modeling and analysis. All in all, this study not only improves the theory of the GO method and widens its application but also provides a new approach for conducting reliability analysis of complex systems quickly and efficiently.     

串口AD嵌入式Linux驱动实现

介绍了串行外设接口(SPI)在高速串行模数转换器TLC2543与ARM微处理器S3C2440的接口中的应用方案,针对ARM微处理器S3C2440和嵌入式Linux操作系统构建的开发平台,给出了S3C2440和TLC2543的详细硬件连接图和Linux下嵌入式驱动的实现方法及动态模块加载过程。方法同样适用于其他具有SPI接口的串行A/D转换器和微处理之间的接口与编程。TLC2543和S3C2440基于SPI的串行通信为高速数据采集的嵌入式设备提供了一种解决方案。     

A Collaborative Learning Methodology for Enhanced Comprehension using TEAMThink®

This paper discusses a teaching methodology to improve the retention of lecture material through peer collaboration among students. The methods introduced also help measure a student's comprehension of class material. In addition, the techniques allow the instructor to obtain continuous feedback on areas that students have difficulty grasping. The instructor can also observe students interpretation of concepts and their written communication skills. The entire process was conducted through the Internet using Athenium's TEAMThink® software. The TEAMThink® software is a professional product developed by Athenium and was developed primarily as a training tool for corporations. This is the first time an educational institution has used it as part of the curriculum. The experiences presented here were conducted on an Operating Systems course at Tufts University's Department of Electrical Engineering and Computer Science consisting of 36 seniors and 4 graduate students and a second year Introduction to Digital Logic Circuits course consisting of 100 undergraduate students. The TEAMThink® learning process features a quiz making and quiz taking game, where students collaborate in teams to create multiple‐choice quiz questions which challenge the learning of other students. The experiences reported in this paper discuss the benefits of this approach from the student and the instructor perspectives. The unexpected outcomes such as the feedback provided to the developers of the TEAMThink® software are also discussed .     

基于响应面法优化无子刺梨总皂苷提取条件

目的 优化超声辅助提取无子刺梨总皂苷的条件,以提高总皂苷的提取效率.方法 通过单因素试验评估乙醇体积分数、超声时间、料液比和提取次数对总皂苷得率的影响,结合响应面法的中心组合实验设计,确定其最佳提取条件.结果 在超声时间为40 min、乙醇体积分数为60％、料液比(g/mL)为1:30、提取4次的条件下,总皂苷的得率为9.15％,与模型预测值9.18％较为接近,表明了响应面法优化无子刺梨总皂苷的超声辅助提取方法的可行性.结论 此研究为无子刺梨资源在食品贮藏、医药等方面的进一步开发利用提供参考依据.     

嵌入式Linux在液压系统的状态监测与故障诊断中的应用

针对国产地下无轨采矿设备液压系统故障率高,而其检测和故障诊断手段落后的背景,本文提出了一种基于嵌入式Linux的多传感器信息的液压系统状态监测与故障诊断的设计方案,通过该系统能实时地、可靠地跟踪地下无轨采矿设备液压系统的工作状态,并能将设备运行状态发展趋势、故障信息通过友好的人机界面反映出来。