Journal & Conference Proceeding Publications

With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.

Technology is fast advancing with sophisticated tools and software's to assist in daily operations of various fields of industries. Incident handling is not left out as cyber-attack tools are getting sophisticated as a result of technology advancement. Incident handling response sophistication must be at par with sophisticated attacks. It is critical for Incident handling to adapt to technology by using automated tools for efficient detecting, identifying, eradicating and recovering from incidents in a quick manner rather than using the traditional ways. CERTs must be creative enough in how to enhance their Incident handling by having right tools for the right purpose and at the right time. This paper will share an in-house developed tool, called "MyMetaware" to automate, enhance and optimize Incident handling within MyCERT constituency. The paper will share the output from the tool and how it helps in Incident handling. Besides sharing outputs from the tool, the paper will also share the advantages of having such in- house tools to assist in daily operations and how other CERTs can benefit from our results to optimize efficiency in incident handling.

Not Applicable

Cyberspace is a virtual space that has become as important as real space for businesses, economics, politics and communities. Malaysia’s commitment in using Information and Communication Technology (ICT) as reflected by the investment in the Multimedia Super Corridor (MSC) and its Flagship increases our dependency on cyberspace. However, this dependency places Malaysia in an extremely precarious position because cyberspace is vulnerable to borderless cyber attacks. This paper provides an overview on the concept and fundamental elements of cyber terrorism, as well as the challenges encountered in dealing with cyber terrorism activities. This paper further highlights the initiatives taken by CyberSecurity Malaysia in educating, safeguarding and strengthening cyber security initiatives, including threats from cyber terrorism and the terrorist use of ICT and cyberspace in the country

Not Applicable