A Novel Approach to Trojan Horse Detection in Mobile Phones Messaging and Bluetooth Services

A method to detect Trojan horses in messaging and Bluetooth in mobile phones by means of monitoring the events produced by the infections is presented in this paper. The structure of the detection approach is split into two modules: the first is the Monitoring module which controls connection requests and sent/received files, and the second is the Graphical User module which shows messages and, under suspicious situations, reports the user about a possible malware. Prototypes have been implemented on different mobile operating systems to test its feasibility on real cellphone malware. Experimental results are shown to be promising since this approach effectively detects various known malwareMinisterio de Ciencia e Innovación TIN2009-14378-C02-0

Lack of Awareness by End Users on Security Issues Affecting Mobile Banking: A Case Study of Kenyan Mobile Phone End Users

The use of mobile phones in African has seen a formidable growth. The use of mobile phones to perform business and financial transactions seems to be on the increase as well. The rise in use of mobile phones to perform financial transactions also increases the risks associated with such transactions and especially man in the middle attacks. These compounded with lack of awareness among users means that they (the users) are highly exposed to such attacks. Due to the popular use of mobile banking in Kenya and the third world in particular, securing communication between the mobile device and the back end server has become a fundamental issue. This is due to the fact that hackers have the ability to steal banking information using various techniques, particularly the duping of mobile phone users to believe that they are communicating with a genuine program from their bank while in reality a user is simple giving away sensitive information to the hacker. This paper aims to investigate the level of awareness among users of mobile banking transactions in regards to man in the middle attacks and whether the awareness or lack of it can increase or deter such attacks Key words: mobile phones, Mobile banking services, Security, man in the middle attack

Distributed detection of anomalous internet sessions

Financial service providers are moving many services online reducing their costs and facilitating customers¿ interaction. Unfortunately criminals have quickly found several ways to avoid most security measures applied to browsers and banking sites. The use of highly dangerous malware has become the most significant threat and traditional signature-detection methods are nowadays easily circumvented due to the amount of new samples and the use of sophisticated evasion techniques. Antivirus vendors and malware experts are pushed to seek for new methodologies to improve the identification and understanding of malicious applications behavior and their targets. Financial institutions are now playing an important role by deploying their own detection tools against malware that specifically affect their customers. However, most detection approaches tend to base on sequence of bytes in order to create new signatures. This thesis approach is based on new sources of information: the web logs generated from each banking session, the normal browser execution and customers mobile phone behavior. The thesis can be divided in four parts: The first part involves the introduction of the thesis along with the presentation of the problems and the methodology used to perform the experimentation. The second part describes our contributions to the research, which are based in two areas: *Server side: Weblogs analysis. We first focus on the real time detection of anomalies through the analysis of web logs and the challenges introduced due to the amount of information generated daily. We propose different techniques to detect multiple threats by deploying per user and global models in a graph based environment that will allow increase performance of a set of highly related data. *Customer side: Browser analysis. We deal with the detection of malicious behaviors from the other side of a banking session: the browser. Malware samples must interact with the browser in order to retrieve or add information. Such relation interferes with the normal behavior of the browser. We propose to develop models capable of detecting unusual patterns of function calls in order to detect if a given sample is targeting an specific financial entity. In the third part, we propose to adapt our approaches to mobile phones and Critical Infrastructures environments. The latest online banking attack techniques circumvent protection schemes such password verification systems send via SMS. Man in the Mobile attacks are capable of compromising mobile devices and gaining access to SMS traffic. Once the Transaction Authentication Number is obtained, criminals are free to make fraudulent transfers. We propose to model the behavior of the applications related messaging services to automatically detect suspicious actions. Real time detection of unwanted SMS forwarding can improve the effectiveness of second channel authentication and build on detection techniques applied to browsers and Web servers. Finally, we describe possible adaptations of our techniques to another area outside the scope of online banking: critical infrastructures, an environment with similar features since the applications involved can also be profiled. Just as financial entities, critical infrastructures are experiencing an increase in the number of cyber attacks, but the sophistication of the malware samples utilized forces to new detection approaches. The aim of the last proposal is to demonstrate the validity of out approach in different scenarios. Conclusions. Finally, we conclude with a summary of our findings and the directions for future work

Protecting Future Personal Computing: Challenging Traditional Network Security Models

The Internet is a notoriously two-way street. If multiple computers can communicate sensitive data across the internet, malicious entities can access the network and collect this data also. The range and number of connected devices is increasing dramatically and with this expansion so is the security risk. Collection of ever rising quantities of data, especially sensitive and personal data, raises many challenges and questions about the suitability of current security. The key problem our research investigates is how we can adapt traditional security models to enhance it both current and future deployment. The work is not aimed to replace existing security although it builds upon it to complement it and enhance existing methods. We utilise the timeliness of the Internet of Things as a focus to develop and experiment with our work. In this paper we present our novel framework and introduce our initial work to prove the concept is feasible. Our initial results are encouraging as to the impact the framework could have on future security. Keywords- Network security; mobile security; smartphone; malware detection; in-network; Collaborative; Internet of Thing