* update 2023-12-12 06:17:05

arXiv_db/Malware/2023.md

@@ -3434,3 +3434,27 @@
 
 </details>
 
+<details>
+
+<summary>2023-12-06 12:04:28 - Feature Analysis of Encrypted Malicious Traffic</summary>
+
+- *Anish Singh Shekhawat, Fabio Di Troia, Mark Stamp*
+
+- `2312.04596v1` - [abs](http://arxiv.org/abs/2312.04596v1) - [pdf](http://arxiv.org/pdf/2312.04596v1)
+
+> In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation or communication. Antivirus software and firewalls typically will not have access to encryption keys, and therefore direct detection of malicious encrypted data is unlikely to succeed. However, previous work has shown that traffic analysis can provide indications of malicious intent, even in cases where the underlying data remains encrypted. In this paper, we apply three machine learning techniques to the problem of distinguishing malicious encrypted HTTP traffic from benign encrypted traffic and obtain results comparable to previous work. We then consider the problem of feature analysis in some detail. Previous work has often relied on human expertise to determine the most useful and informative features in this problem domain. We demonstrate that such feature-related information can be obtained directly from machine learning models themselves. We argue that such a machine learning based approach to feature analysis is preferable, as it is more reliable, and we can, for example, uncover relatively unintuitive interactions between features.
+
+</details>
+
+<details>
+
+<summary>2023-12-08 07:30:42 - MalDicom: A Memory Forensic Framework for Detecting Malicious Payload in DICOM Files</summary>
+
+- *Ayushi Mishra, Priyanka Bagade*
+
+- `2312.00483v2` - [abs](http://arxiv.org/abs/2312.00483v2) - [pdf](http://arxiv.org/pdf/2312.00483v2)
+
+> Digital Imaging and Communication System (DICOM) is widely used throughout the public health sector for portability in medical imaging. However, these DICOM files have vulnerabilities present in the preamble section. Successful exploitation of these vulnerabilities can allow attackers to embed executable codes in the 128-Byte preamble of DICOM files. Embedding the malicious executable will not interfere with the readability or functionality of DICOM imagery. However, it will affect the underline system silently upon viewing these files. This paper shows the infiltration of Windows malware executables into DICOM files. On viewing the files, the malicious DICOM will get executed and eventually infect the entire hospital network through the radiologist's workstation. The code injection process of executing malware in DICOM files affects the hospital networks and workstations' memory. Memory forensics for the infected radiologist's workstation is crucial as it can detect which malware disrupts the hospital environment, and future detection methods can be deployed. In this paper, we consider the machine learning (ML) algorithms to conduct memory forensics on three memory dump categories: Trojan, Spyware, and Ransomware, taken from the CIC-MalMem-2022 dataset. We obtain the highest accuracy of 75% with the Random Forest model. For estimating the feature importance for ML model prediction, we leveraged the concept of Shapley values.
+
+</details>
+