Demystifying security and compatibility issues in Android Apps

Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking, etc. Even though the Android OS offers powerful communication and application execution capabilities, it is riddled with defects (e.g., security risks, and compatibility issues), new vulnerabilities come to light daily, and bugs cost the economy tens of billions of dollars annually. For example, malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are reported [Google, 2022] to exhibit malicious behaviours, including privacy stealing, unwanted programs installed, etc. To counteract these threats, many works have been proposed that rely on static analysis techniques to detect such issues. However, static techniques are not sufficient on their own to detect such defects precisely. This will likely yield false positive results as static analysis has to make some trade-offs when handling complicated cases (e.g., object-sensitive vs. object-insensitive). In addition, static analysis techniques will also likely suffer from soundness issues because some complicated features (e.g., reflection, obfuscation, and hardening) are difficult to be handled [Sun et al., 2021b, Samhi et al., 2022].Comment: Thesi

Detecting Slow DDos Attacks on Mobile Devices

Denial of service attacks, distributed denial of service attacks and reflector attacks are well known and documented events. More recently these attacks have been directed at game stations and mobile communication devices as strategies for disrupting communication. In this paper we ask, How can slow DDos attacks be detected? The similarity metric is adopted and applied for potential application. A short review of previous literature on attacks and prevention methodologies is provided and strategies are discussed. An innovative attack detection method is introduced and the processes and procedures are summarized into an investigation process model. The advantages and benefits of applying the metric are demonstrated and the importance of trace back preparation discussed

The Awareness Of Information Security Breach Among User IT In KPTMBP

Recently, network security has become a major concern in cyber world. Thus, the need in cyber security is higher in order to make our data safety and privacy. The usages of internet are widely used in internet banking, online shopping, data storage, global positioning system, media and many other social applications. Security became a critical aspect in an overall information security area. Human error becomes a vulnerable to security breaches if a user did not practice safety behavior. Therefore, this study was conducted to investigate the unsatisfactory factors towards individual, organization and information security awareness towards security breach among user in Kolej Poly-Tech MARA Batu Pahat (KPTM). By observing the literature review and related research, this study proposed a research model of the awareness of security breach relying on the individual, organization and information security awareness. In conjunction with proposed model, this study addresses 2 hypothesis which are; H1- there is no relationship between independence variables and dependence variable; H2- there is a relationship between independence variables and dependence variable. The descriptive research has been used to investigate awareness of information security that focus on human error, policy and procedure and information security awareness in education and experience by distributing the questionnaires. The respondents of this study involve 155 of user in KPTM that used techniques of snowballs to gather the data. This study might help IT Officer in Batu Pahat or others branches in KPTM to monitor the awareness level of users towards information security, thus can design an information security awareness programs like campaign, seminar and case study. Meanwhile, KPTM Batu Pahat also can design a more robust system policy and procedure that would ensure the systems with a condition of confidentiality, integrity and availability of the system. For future work, this study can be implement in different private and public colleagues and universities mainly at west region to cover a large population of sampling

An investigation into trust and security in the mandatory and imposed use of financial ICTs upon older people

Care needs to be taken to reduce the number of people who are fearful and mistrustful of using ICT where that usage is forced upon them without choice or alternative. The growing incidence of mandatory and imposed online systems can result in confusion, misuse, fear, and rejection by people with only rudimentary ICT skills. A cohort where a high percentage of such people occur is older people, defined in this study as people over the age of 60 Examples of compulsory ICT interactions include some banks limiting bank statement access through online rather than paper-based options. Other examples include the purchase of theatre or sports events tickets through ticketing systems that require an online transaction to take place. Increasingly, people are living beyond the normal retiring age. As the older cohort increases in size and in overall global population percentage, the problem of forced technology usage affects technology acceptance, technology trust, and technology rejection. People care about ICT systems where reduced trusted acceptance of technology reduces the advantages of digital health care, the perceived security of banking and shopping, and the autonomy of ICT-driven lifestyle choices. This study aims to solve one of the puzzles of ICT-driven change, where older people can show trepidation towards using technology. By understanding the drivers that influence the choices older people make in relation to ICT systems, it may be possible to introduce a much higher level of trusted acceptance in ICT systems. Although many people adopt ICTs into their lives, many older people face difficulty in using technology when it is forced upon them. This study aims to understand the connection between how choice (or lack of choice) can lead to the rejection or resistance towards ICT usage. Older people sometimes opt towards practices that place themselves at risk of financial or informational disadvantage. This study used a qualitative approach to understanding the factors that influenced the trusted acceptance, trepidation, and in some cases rejection of ICT usage by interviewing a sample of older people. Participants were asked to consider a wide range of ICT-usage scenarios and to describe their intentions. The study focussed on circumstances where ICT usage fell under either mandatory, imposed, or voluntary conditions in order to compare user behaviour. Settings included a range of technology-reliant states that examined IT security, volition and choice, aging, trusted acceptance, and technology adoption. Participants were interviewed to discover and sort the conditions (whether singly or in combination) under which the expectation of ICT acceptance was in some way altered, diminished, or prevented. This research found that older people made poor decisions when the choice to use a technology was replaced with a mandatory or strongly imposed pathway. Mandatory ICT usage across the broad area of financial transactions brought about widespread fear and distrust of online technology usage. The results revealed that many older people not only find these innovations daunting and confronting, but they also have difficulty placing their trust in ICT systems and applications that have become mandatory. In normative conditions, increased ICT acceptance and ICT usage is expected. When ICTs are mandatory in their usage, acceptance is replaced with compulsory procedure. This does not mean that mandatory things cannot be accepted, but rather that older people will accept the need to use a technology according to their perception of what is necessary for their daily and routine interactions. This study showed that voluntary ICT usages including choices increase informed decision-making, security of online financial interactions, and trusted reliance upon ICTs. Choice in ICT usage carries greater trust than mandatory, obligated, or heavily imposed ICTs. The study revealed that mandatory ICT systems can create perceptions of fear, mistrust and uncertainty. In situations where a mandatory ICT system becomes the normative method of transaction, a strong risk to the trusted acceptance of a technology is not merely the lack of ICT-based choice, but also the inability to gain reassurance or secondary confirmation through either face to face or telephone-based communication. Trust in not just the usage, but the implied secure usage of mandated and imposed ICTs, is problematic for older people. This study revealed the significance of mandated ICT systems that limit choices for people, because older humans more readily validate and associate their trust in new innovations when they can access various different professional, technical, peer-based, social and popular opinions. The research also showed that older people are fearful and less trusting in mandatory and imposed systems because they have less financial resilience, and less opportunity to bounce back from loss and disadvantage brought about by digital and online interactions. Older people were worried and reluctant to accept technology at first glance because they knew that they had spent more time than others in a pre-internet, pre-digital environment, and their seminal life experiences are correspondingly less technology-related. The results showed that many older people preferred human communication and interaction rather than communicating, buying, paying, and trusting in purely digital, ICT-based experiences. This demonstrated a gap in the trust and security of digital systems, and the need to address those ICTs that impose and mandate instruments and procedures for daily life. Specifically this study looked at what could reduce unsafe and insecure banking practices by understanding the role of choice in the trusted usage of ICT systems. This study is significant because it shows that older people make financial and social, decisions under reactionary, insecure, and under-informed conditions as a result of a gap in terms of trust security and choice. On the one hand older people develop trust towards a new innovation based on accumulated human discussion, information and reputation. On the other hand older people hold the perception that online systems offer reduced choices. This study led to the development of a model for trusted technology choice (TTCM). It differs from traditional acceptance and diffusion thinking, by having outputs as either ICT acceptance or ICT rejection. It diverges from diffusion and technology acceptance models (TAM), because technology acceptance is not regarded as a foregone conclusion. Instead, it places a very high value upon choice and volition, trust, security and human interaction. The TTCM model, together with a framework for identifying volition barriers, provides a different set of criteria for understanding the needs of older people and their meaningful interactions with new innovation and ICTs. The practical applications for using such a model directly impact upon financial and social stability for older people. Where choices are either removed or limited due to ICT usage, older citizens are unfairly disadvantaged. A model that accurately predicts the trusted usage of ICT innovations can have a widespread effect on the implementation of large-scale public and private systems where the trusted acceptance (or rejection) of each system has on flow impact on financial, health, and other critical services that include the growing population of older people

Managerial Strategies Small Businesses Use to Prevent Cybercrime

Estimated worldwide losses due to cybercrime are approximately $375-575 billion annually, affecting governments, business organizations, economies, and society. With globalization on the rise, even small businesses conduct transactions worldwide through the use of information technology (IT), leaving these small businesses vulnerable to the intrusion of their networks. The purpose of this multiple case study was to explore the managerial strategies of small manufacturing business owners to protect their financial assets, data, and intellectual property from cybercrime. The conceptual framework was systems thinking and action theory. Participants included 4 small manufacturing business owners in the midwestern region of the United States. Data were collected via face-to-face interviews with owners, company documentation, and observations. Member checking was used to help ensure data reliability and validity. Four themes emerged from the data analysis: organizational policies, IT structure, managerial strategies, and assessment and action. Through effective IT security and protocols, proactive managerial strategies, and continuous evaluation of the organization\u27s system, the small business owner can sustain the business and protect it against potential cyberattacks on the organization\u27s network. The findings of the study have implications for positive social change by informing managers regarding (a) the elimination or reduction of cybercrimes, (b) the protection of customers\u27 information, and (c) the prevention of future breaches by implementing effective managerial strategies to protect individuals in society

A survey of app store analysis for software engineering

App Store Analysis studies information about applications obtained from app stores. App stores provide a wealth of information derived from users that would not exist had the applications been distributed via previous software deployment methods. App Store Analysis combines this non-technical information with technical information to learn trends and behaviours within these forms of software repositories. Findings from App Store Analysis have a direct and actionable impact on the software teams that develop software for app stores, and have led to techniques for requirements engineering, release planning, software design, security and testing. This survey describes and compares the areas of research that have been explored thus far, drawing out common aspects, trends and directions future research should take to address open problems and challenges

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Leveraging the Use of API Call Traces for Mobile Security

The growing popularity of Android applications has generated increased concerns over the danger of piracy and the spread of malware. A popular way to distribute malware in the mobile world is through the repackaging of legitimate apps. This process consists of downloading, unpacking, manipulating, recompiling an application, and publishing it again in an app store. In this thesis, we conduct an empirical study of over 15,000 apps to gain insights into the factors that drive the spread of repackaged apps. We also examine the motivations of developers who publish repackaged apps and those of users who download them, as well as the factors that determine which apps are chosen for repackaging, and the ways in which the apps are modified during the repackaging process. We have also studied android applications structure to investigate the locations where malicious code are more probable to be embedded into legitimate applications. We observed that service components contain key characteristics that entice attackers to misuse them. Therefore, we have focus on studying the behavior of malicious and benign services. Whereas benign services tend to inform the user of the background operations, malicious services tend to do long running operations and have a loose connection with rest of the code. These findings lead us to propose an approach to detect malware by studying the services’ behavior. To model the services’ behavior, we used API calls as feature sets. We proposed a hybrid approach using static and dynamic analysis to extract the API calls through the service lifecycle. Finally, we used the list of API calls preponderantly present in both malware as well as benign services as the feature set. We applied machine learning algorithms to use the feature set to classify malicious services and benign services