Ly Vu Duc

The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.

ESRs Publications

MAL2IMAGE: Hybrid Image Transformation for Malware Classification
Description:

Poster

Existing image transformation approaches (e.g. Nataraj et al. [1], Liu 2016 [2]) for malware detection only perform simple transformation methods that have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers.

Aims of the research: We propose a new approach to encode and arrange bytes from a binary file into images. These developed images contain statistical (e.g., entropy) and syntactic artifacts (e.g., strings) and their pixels are filled up using Hilbert curves.

Towards Explainable Machine Learning in Intrusion Detection Systems
Description:

Poster

The lacking of semantics or reasonable explanations for machine learning predictions is one of the main reasons for its adoption barrier in the field of intrusion detection. In fact, without explanations, one machine learning approach fails to gain users’ trust in its predictions, especially after having wasted their effort for examining false-positives. Therefore, we are motivated to study a novel approach of applying machine learning such that it not only efficiently detects intrusions but also provides explanations for those decisions.

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
Links:
Springer
Description:

With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.