Examinando por Autor "Yuste, Javier"

Mostrando 1 - 5 de 5

An efficient heuristic algorithm for software module clustering optimization
(Elsevier, 2022-08) Yuste, Javier; Duarte, Abraham; Pardo, Eduardo G.
In the lifecycle of software projects, maintenance tasks usually entail 75% of the total costs, where most efforts are spent in understanding the program. To improve the maintainability of software projects, the code is often divided into components, which are then grouped in different modules following good design principles, lowering coupling and increasing cohesion. The Software Module Clustering Problem (SMCP) is an optimization problem that looks for maximizing the modularity of software projects in the context of Search-Based Software Engineering. In the SMCP, projects are often modeled as graphs. Therefore, the SMCP can be interpreted as a graph partitioning problem, which is proved to be NP-hard. In this work, we propose a new heuristic algorithm for software modularization, based on a Greedy Randomized Adaptive Search Procedure with Variable Neighborhood Descent. We present a three-fold categorization of neighborhoods for the SMCP and leverage domain-specific information to filter unpromising solutions. Our proposal has been successfully tested over a dataset of real software projects, outperforming the previous state-of-the-art approach in terms of Modularization Quality in very short computing times. Therefore, it could be integrated in software development tools to improve the quality of software projects in real time.
Avaddon ransomware: An in-depth analysis and decryption of infected systems
(Elsevier, 2021-07-07) Yuste, Javier; Pastrana, Sergio
Malware is an emerging and popular threat flourishing in the underground economy. The commoditization of Malware-as-a-Service (MaaS) allows criminals to obtain financial benefits at a low risk and with little technical background. One such popular product is ransomware, which is a popular type of malware traded in the underground economy. In ransomware attacks, data from infected systems is held hostage (encrypted) until a ransom is paid to the criminals. In addition, a recent blackmailing strategy adopted by criminals is to leak data online from the infected systems if the ransom is not paid before a given time, producing further economic and reputational damage. In this work, we perform an in-depth analysis of Avaddon, a ransomware offered in the underground economy as an affiliate program business. This threat has been linked to various cyberattacks and has infected and leaked data from at least 62 organizations. Additionally, it also runs Distributed Denial-of-Service (DDoS) attacks against victims that do not pay the ransom. We first provide an analysis of the criminal business model in the underground economy. Then, we identify and describe its technical capabilities, dissecting details of its inner structure. As a result, we provide tools to assist analysis, decrypting and labeling obfuscated strings observed in the ransomware binary. Additionally, we provide empirical evidence of links between this variant and a previous family, suggesting that the same group was behind the development and, possibly, the operation of both campaigns. Finally, we develop a procedure to recover files encrypted by Avaddon. We successfully tested the proposed procedure against different versions of Avaddon. The proposed method is released as an open-source tool so it can be incorporated in existing Antivirus engines and extended to decrypt other ransomware families that implement a similar encryption approach.
General Variable Neighborhood Search for the optimization of software quality
(Elsevier, 2024-05) Yuste, Javier; Pardo, Eduardo G.; Duarte, Abraham
In the area of Search-Based Software Engineering, software engineering issues are formulated and tackled as optimization problems. Among the problems within this area, the Software Module Clustering Problem (SMCP) consists of finding an organization of a software project that minimizes coupling and maximizes cohesion. Since modular code is easier to understand, the objective of this problem is to increase the quality of software projects, thus increasing their maintainability and reducing the associated costs. In this work we study a recently proposed objective function named Function of Complexity Balance (FCB). Since this problem has been demonstrated to be -hard, we propose a new heuristic algorithm based on the General Variable Neighborhood Search (GVNS) schema to tackle the problem. For the GVNS, we propose six different neighborhood structures and categorize them into three different groups. Then, we analyze their contribution to the results obtained by the algorithm. In order to improve the efficiency of the proposed approach, we leverage domain-specific information to perform incremental evaluations of the objective function and to explore only areas of interest in the search space. The proposed algorithm has been tested over a set of real world software repositories, achieving better results than the previous state-of-the-art method, a Hybrid Genetic Algorithm, in terms of both quality and computing times. Furthermore, the relevance of the improvement produced by our proposal has been corroborated by non-parametric statistical tests
Multi-objective general variable neighborhood search for software maintainability optimization
(Elsevier, 2024-07) Yuste, Javier; Pardo, Eduardo G.; Duarte, Abraham; Hao, Jin-Kao
The quality of software projects is measured by different attributes such as efficiency, security, robustness, or understandability, among others. In this paper, we focus on maintainability by studying the optimization of software modularity, which is one of the most important aspects in this regard. Specifically, we study two well-known and closely related multi-objective optimization problems: the Equal-size Cluster Approach Problem (ECA) and the Maximizing Cluster Approach Problem (MCA). Each of these two problems looks for the optimization of several conflicting and desirable objectives in terms of modularity. To this end, we propose a method based on the Multi-Objective Variable Neighborhood Search (MO-VNS) methodology in combination with a constructive procedure based on Path-Relinking. As far as we know, this is the first time that a method based on MO-VNS is proposed for the MCA and ECA problems. To enhance the performance of the proposed algorithm, we present three advanced strategies: an incremental evaluation of the objective functions, an efficient exploration of promising areas in the search space, and an analysis of the objectives that better serve as guiding functions during the search phase. Our proposal has been validated by experimentally comparing the performance of our algorithm with the best previous state-of-the-art method for the problem and three reference methods for multi-objective optimization. The experiments have been performed on a set of 124 real software instances previously reported in the literature
Optimization of code caves in malware binaries to evade machine learning detectors
(Elsevier, 2022) Yuste, Javier; García Pardo, Eduardo; Tapiador, Juan
Machine Learning (ML) techniques, especially Artificial Neural Networks, have been widely adopted as a tool for malware detection due to their high accuracy when classifying programs as benign or malicious. However, these techniques are vulnerable to Adversarial Examples (AEs), i.e., carefully crafted samples designed by an attacker to be misclassified by the target model. In this work, we propose a general method to produce AEs from existing malware, which is useful to increase the robustness of ML-based models. Our method dynamically introduces unused blocks (caves) in malware binaries, preserving their original functionality. Then, by using optimization techniques based on Genetic Algorithms, we determine the most adequate content to place in such code caves to achieve misclassification. We evaluate our model in a black-box setting with a well-known state-of-the-art architecture (MalConv), resulting in a successful evasion rate of 97.99 % from the 2k tested malware samples. Additionally, we successfully test the transferability of our proposal to commercial AV engines available at VirusTotal, showing a reduction in the detection rate for the crafted AEs. Finally, the obtained AEs are used to retrain the ML-based malware detector previously evaluated, showing an improve on its robustness.