Time filter

Source Type

Bilbao, Spain

Devesa J.,S3 Laboratory | Santos I.,S3 Laboratory | Cantero X.,S3 Laboratory | Penya Y.K.,S3 Laboratory | Bringas P.G.,S3 Laboratory
ICEIS 2010 - Proceedings of the 12th International Conference on Enterprise Information Systems | Year: 2010

Malware is any kind of program explicitly designed to harm, such as viruses, trojan horses or worms. Since the amount of malware is growing exponentially, it already poses a serious security threat. Therefore, every incoming code must be analysed in order to classify it as malware or benign software. These tests commonly combine static and dynamic analysis techniques in order to extract the major amount of information from distrustful files. Moreover, the increment of the number of attacks hinders manually testing the thousands of suspicious archives that every day reach antivirus laboratories. Against this background, we address here an automatised system for malware behaviour analysis based on emulation and simulation techniques. Hence, creating a secure and reliable sandbox environment allows us to test the suspicious code retrieved without risk. In this way, we can also generate evidences and classify the samples with several machine-learning algorithms. We have developed the proposed solution, testing it with real malware. Finally, we have evaluated it in terms of reliability and time performance, two of the main aspects for such a system to work.

Ugarte-Pedrero X.,S3 Laboratory | Ugarte-Pedrero X.,University of Deusto | Santos I.,S3 Laboratory | Santos I.,University of Deusto | And 6 more authors.
Computer Systems Science and Engineering | Year: 2013

Malware writers employ packing techniques (i.e., encrypt the real payload) to hide the actual code of their creations. Generic unpacking techniques execute the binary within an isolated environment (namely 'sandbox') to gather the real code of the packed executable. However, this approach can be very time consuming. A common approach is to apply a filtering step to avoid the execution of not packed binaries. To this end, supervised machine learning models trained with static features from the exécutables have been proposed. Notwithstanding, these methods need the identification and labelling of a high number of packed and not packed executables. In this paper, we propose a new method for packed executable detection that adopts collective learning approaches (a kind of semi-supervised learning) to reduce the labelling requirements of completely supervised approaches. We performed an empirical validation demonstrating that the system maintains a high accuracy rate when the number of labelled instances in the dataset is lower. © 2013 CRL Publishing Ltd.

Salazar M.,S3 Laboratory | Gallego D.,S3 Laboratory | Penya Y.K.,S3 Laboratory | Santos I.,S3 Laboratory | Bringas P.G.,S3 Laboratory
IEEE International Conference on Industrial Informatics (INDIN) | Year: 2010

High-precision foundry production is subjected to rigorous quality controls in order to ensure a proper result. Such exams, however, are extremely expensive and only achieve good results in a posteriori fashion. In previous works, we presented a defect prediction system that achieved a 99% success rate. Still, this approach did not take into account sufficiently the geometry of the casting part models, resulting in higher raw material requirements to guarantee an appropriate outcome. In this paper, we present here a fault-tolerant software solution for casting defect prediction that is able to detect possible defects directly in the design phase by analysing the volume of three-dimensional models. To this end, we propose advanced algorithms to recreate the topology of each foundry part, analyze its volume and simulate the casting procedure, all of them specifically designed for an robust implementation over the latest graphic hardware that ensures an interactive design process. © 2010 IEEE.

Discover hidden collaborations