Hiran V Nath

Malware analysis forms a critical component of cyber defense mechanism. In the last decade, lot of research has been done, using machine learning methods on both static as well as dynamic analysis. Since the aim and objective of malware developers have changed from just for fame to political espionage or financial gain, the malware is also getting evolved in its form, and infection methods. One of the latest form of malware is known as targeted malware, on which not much research has happened. Targeted malware, which is a superset of Advanced Persistent Threat (APT), is growing in its volume and complexity in recent years. Targeted Cyber attack (through targeted malware) plays an increasingly malicious role in disrupting the online social and financial systems. APTs are designed to steal corporate / national secrets and/or harm national/corporate interests. It is difficult to recognize targeted malware by antivirus, IDS, IPS and custom malware detection tools. Attackers leverage compelling social engineering techniques along with one or more zero day vulnerabilities for deploying APTs. Along with these, the recent introduction of Crypto locker and Ransom ware pose serious threats to organizations/nations as well as individuals. In this paper, we compare various machine-learning techniques used for analyzing malwares, focusing on static analysis.

The objective of steganalysis is to detect messages hidden in a cover images, such as digital images. The ultimate goal of a steganalyst is to extract and decipher the secret message. In this paper, we present a powerful new blind steganalytic scheme that can reliably detect hidden data with a relatively small embedding rate in JPEG images as well as using a technique known as calibration. This would increase the success rate of steganalysis by detecting data in transform domain. This scheme is feature based in the sense that features that are sensitive to embedding changes are being employed as means of steganalysis. The features are extracted in DCT domain. DCT domain features have extended DCT features and Markovian features merged together in calibration technique to eliminate the drawbacks of both(inter and intra block dependency) respectively. For the lesser embedding rate, the features are considered separately to evolve a better classification rate. The blind steganalytic technique has a broad spectrum of analyzing different embedding techniques The feature set contains 274 features by merging both DCT features and Markovian features. The extracted features are being fed to a classifier which helps to distinguish between a cover and stego image. Support Vector Machine is used as classifier here.

The embodiments herein disclose a system and method for detecting a ransomware and preventing data breach. The method identifies whether a process for file access is initiated and executed by a user or by a malware program. The method uses keystrokes, mouse events along with OCR output extracted from recorded background screen image for checking if user has initiated the process. If a new process or file replication request is initiated automatically without any pattern in Key Strokes, Mouse Strokes and background screen, then the process is identified as a ransomware or data breach.

The various embodiments herein disclose a system and method for detecting zero-day privilege escalation malware at host level. The method identifies whether a privileged escalation state is initiated and executed by a user or by a malware program. The method uses keystrokes, Mouse events along with OCR output extracted from recorded background screen image for checking if user has initiated the privilege escalation. If a new process starts automatically without any pattern in Key Strokes, Mouse Strokes and background screen, then the process is identified as zero-day privilege escalation malware.