* update 2024-12-12 06:22:42

arXiv_db/Malware/2024.md

@@ -3794,3 +3794,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-12-10 00:36:20 - An In Depth Analysis of a Cyber Attack: Case Study and Security Insights</summary>
+
+- *Puya Pakshad*
+
+- `2409.19194v2` - [abs](http://arxiv.org/abs/2409.19194v2) - [pdf](http://arxiv.org/pdf/2409.19194v2)
+
+> Nation-sponsored cyberattacks pose a significant threat to national security by targeting critical infrastructure and disrupting essential services. One of the most impactful cyber threats affecting South Korea's banking sector and infrastructure was the DarkSeoul cyberattack, which occurred several years ago. Believed to have been orchestrated by North Korean state-sponsored hackers, the attack employed spear phishing, DNS poisoning, and malware to compromise systems, causing widespread disruption. In this paper, we conduct an in-depth analysis of the DarkSeoul attack, examining the techniques used and providing insights and defense recommendations for the global cybersecurity community. The motivations behind the attack are explored, along with an assessment of South Korea's response and the broader implications for cybersecurity policy. Our analysis highlights the vulnerabilities exploited and underscores the need for more proactive defenses against state-sponsored cyber threats. This paper emphasizes the critical need for stronger national cybersecurity defenses in the face of such threats.
+
+</details>
+
+<details>
+
+<summary>2024-12-10 17:00:23 - Multimodal Instruction Disassembly with Covariate Shift Adaptation and Real-time Implementation</summary>
+
+- *Yunkai Bai, Jungmin Park, Domenic Forte*
+
+- `2412.07671v1` - [abs](http://arxiv.org/abs/2412.07671v1) - [pdf](http://arxiv.org/pdf/2412.07671v1)
+
+> Side-channel based instruction disassembly has been proposed as a low-cost and non-invasive approach for security applications such as IP infringement detection, code flow analysis, malware detection, and reconstructing unknown code from obsolete systems. However, existing approaches to side-channel based disassembly rely on setups to collect and process side-channel traces that make them impractical for real-time applications. In addition, they rely on fixed classifiers that cannot adapt to statistical deviations in side-channels caused by different operating environments. In this article, we advance the state of the art in side-channel based disassembly in multiple ways. First, we introduce a new miniature platform, RASCv3, that can simultaneously collect power and EM measurements from a target device and subsequently process them for instruction disassembly in real time. Second, we devise a new approach to combine and select features from power and EM traces using information theory that improves classification accuracy and avoids the curse of dimensionality. Third, we explore covariate shift adjustment techniques that further improve accuracy over time and in response to statistical changes. The proposed methodology is demonstrated on six benchmarks, and the recognition rates of offline and real-time instruction disassemblers are compared for single- and multi-modal cases with a variety of classifiers and over time. Since the proposed approach is only applied to an 8-bit Arduino UNO, we also discuss challenges of extending to more complex targets.
+
+</details>
+