no code implementations • 23 May 2024 • Andrea Ponte, Dmitrijs Trizna, Luca Demetrio, Battista Biggio, Fabio Roli
As a result of decades of research, Windows malware detection is approached through a plethora of techniques.
no code implementations • 28 Feb 2024 • Dmitrijs Trizna, Luca Demetrio, Battista Biggio, Fabio Roli
The living-off-the-land (LOTL) offensive methodologies rely on the perpetration of malicious actions through chains of commands executed by legitimate applications, identifiable exclusively by analysis of system logs.
1 code implementation • 19 Sep 2023 • Dmitrijs Trizna, Luca Demetrio, Battista Biggio, Fabio Roli
Dynamic analysis enables detecting Windows malware by executing programs in a controlled environment, and storing their actions in log reports.
1 code implementation • 20 Aug 2022 • Dmitrijs Trizna
The detection heuristic in contemporary machine learning Windows malware classifiers is typically based on the static properties of the sample since dynamic analysis through virtualization is challenging for vast quantities of samples.
1 code implementation • 6 Jul 2021 • Dmitrijs Trizna
In this article, we present a Shell Language Preprocessing (SLP) library, which implements tokenization and encoding directed at parsing Unix and Linux shell commands.