Defending Your Mobile Fortress: An In-Depth Look at on-Device Trojan Detection in Machine Learning: Systematic Literature Review

Mobile app trojans are becoming an increasingly serious threat to personal information security. They can cause severe damage by exposing sensitive and personally-identifying information to malicious actors. This paper’s contribution is a comprehensive review of the attack vectors for trojan attacks, and ways to eliminate the risks posed by attack vectors and generate settlement automatically. As such, such attacks must be prevented. In this study, we explore to find how to detect the trojan attack in detail, and the way that we know in machine learning. A review is conducted on the state-of-the-art methods using the preferred reporting items for reviews and meta-analyses (PRISMA) guidelines. We review literature from several publications and analyze the use of machine learning for on-device trojan detection. This review provides evidence for the effectiveness of machine learning in detecting such threats. The current trend shows that signature-based analysis using various metadata, such as permission, intent, API and system calls, and network analysis, are capable of detecting trojan attacks before and after the initial infectio

When Cyber Got Real: Challenges in Securing Cyber-Physical Systems

The security challenges arising at the layer between their digital and physical components of Cyber-Physical Systems (CPSs) are, at the same time, pressing, important and complex. In this paper, we discuss how the unique nature of CPSs influences and drives security analysis through two case studies. We also discuss how sensors and their networks, being a key element of the aforementioned interaction surface, are critical to this effort

An analysis of android malware classification services

The increasing number of Android malware forced antivirus (AV) companies to rely on automated classification techniques to determine the family and class of suspicious samples. The research community relies heavily on such labels to carry out prevalence studies of the threat ecosystem and to build datasets that are used to validate and benchmark novel detection and classification methods. In this work, we carry out an extensive study of the Android malware ecosystem by surveying white papers and reports from 6 key players in the industry, as well as 81 papers from 8 top security conferences, to understand how malware datasets are used by both. We, then, explore the limitations associated with the use of available malware classification services, namely VirusTotal (VT) engines, for determining the family of an Android sample. Using a dataset of 2.47 M Android malware samples, we find that the detection coverage of VT's AVs is generally very low, that the percentage of samples flagged by any 2 AV engines does not go beyond 52%, and that common families between any pair of AV engines is at best 29%. We rely on clustering to determine the extent to which different AV engine pairs agree upon which samples belong to the same family (regardless of the actual family name) and find that there are discrepancies that can introduce noise in automatic label unification schemes. We also observe the usage of generic labels and inconsistencies within the labels of top AV engines, suggesting that their efforts are directed towards accurate detection rather than classification. Our results contribute to a better understanding of the limitations of using Android malware family labels as supplied by common AV engines.This work has been supported by the “Ramon y Cajal” Fellowship RYC-2020-029401

OWASP ZAP vs Snort for SQLi Vulnerability Scanning

Web applications are important to protect from threats that will compromise sensitive information. Web vulnerability scanners are a prominent tool for this purpose, as they can be utilized to find vulnerabilities in a web application to be rectified. Two popular open-source tools were compared head-to-head, OWASP ZAP and Snort. The performance metrics evaluated were SQLi attacks detected, false positives, false negatives, processing time, and memory usage. OWASP ZAP yielded fewer false positives and had less processing time. Snort used significantly fewer memory resources. The internal workings of ZAP’s Active Scan feature and Snort’s implementation of the Boyer-Moore and Aho-Corasick algorithms were identified as the main processes responsible for the results. Based on the research, a set of future working recommendations were proposed to improve web vulnerability scanning methods

Embedding Java classes with code2vec: improvements from variable obfuscation

Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source code into numeric feature vectors while maintaining the semantics of the code as much as possible. code2vec is a recently released embedding approach that uses the proxy task of method name prediction to map Java methods to feature vectors. However, experimentation with code2vec shows that it learns to rely on variable names for prediction, causing it to be easily fooled by typos or adversarial attacks. Moreover, it is only able to embed individual Java methods and cannot embed an entire collection of methods such as those present in a typical Java class, making it difficult to perform predictions at the class level (e.g., for the identification of malicious Java classes). Both shortcomings are addressed in the research presented in this paper. We investigate the effect of obfuscating variable names during training of a code2vec model to force it to rely on the structure of the code rather than specific names and consider a simple approach to creating class-level embeddings by aggregating sets of method embeddings. Our results, obtained on a challenging new collection of source-code classification problems, indicate that obfuscating variable names produces an embedding model that is both impervious to variable naming and more accurately reflects code semantics. The datasets, models, and code are shared1 for further ML research on source code

Android malicious attacks detection models using machine learning techniques based on permissions

The Android operating system is the most used mobile operating system in the world, and it is one of the most popular operating systems for different kinds of devices from smartwatches, IoT, and TVs to mobiles and cockpits in cars. Security is the main challenge to any operating system. Android malware attacks and vulnerabilities are known as emerging risks for mobile devices. The development of Android malware has been observed to be at an accelerated speed. Most Android security breaches permitted by permission misuse are amongst the most critical and prevalent issues threatening Android OS security. This research performs several studies on malware and non-malware applications to provide a recently updated dataset. The goal of proposed models is to find a combination of noise-cleaning algorithms, features selection techniques, and classification algorithms that are noise-tolerant and can achieve high accuracy results in detecting new Android malware. The results from the empirical experiments show that the proposed models are able to detect Android malware with an accuracy that reaches 87%, despite the noise in the dataset. We also find that the best classification results are achieved using the RF algorithm. This work can be extended in many ways by applying higher noise ratios and running more classifiers and optimizers