5 research outputs found
Propagation, Detection and Containment of Mobile Malware.
Today's enterprise systems and networks are frequent targets of
malicious attacks, such as worms, viruses, spyware and intrusions
that can disrupt, or even disable critical services. Recent trends
suggest that by combining spyware as a malicious payload with worms
as a delivery mechanism, malicious programs can potentially be used
for industrial espionage and identity theft. The problem is
compounded further by the increasing convergence of wired, wireless
and cellular networks, since virus writers can now write malware
that can crossover from one network segment to another,
exploiting services and vulnerabilities specific to each network.
This dissertation makes four primary contributions. First, it builds
more accurate malware propagation models for emerging hybrid malware
(i.e., malware that use multiple propagation vectors such as
Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing
key propagation factors such as heterogeneity of nodes, services and
user mobility within the network. Second, it develops a proactive containment framework based on group-behavior of
hosts against such malicious agents in an enterprise setting. The
majority of today's anti-virus solutions are reactive, i.e., these
are activated only after a malicious activity has been detected at a
node in the network. In contrast, proactive containment has the
potential of closing the vulnerable services ahead of infection, and
thereby halting the spread of the malware. Third, we study (1) the
current-generation mobile viruses and worms that target SMS/MMS
messaging and Bluetooth on handsets, and the corresponding exploits,
and (2) their potential impact in a large SMS provider network using
real-life SMS network data. Finally, we propose a new behavioral
approach for detecting emerging malware targeting mobile handsets.
Our approach is based on the concept of generalized behavioral
patterns instead of traditional signature-based detection. The
signature-based methods are not scalable for deployment in mobile
devices due to limited resources available on today's typical
handsets. Further, we demonstrate that the behavioral approach not
only has a compact footprint, but also can detect new classes of
malware that combine some features from existing classes of malware.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60849/1/abose_1.pd
GekkoFS: A temporary burst buffer file system for HPC applications
Many scientific fields increasingly use high-performance computing (HPC) to process and analyze massive amounts of experimental data while storage systems in today’s HPC environments have to cope with new access patterns. These patterns include many metadata operations, small I/O requests, or randomized file I/O, while general-purpose parallel file systems have been optimized for sequential shared access to large files. Burst buffer file systems create a separate file system that applications can use to store temporary data. They aggregate node-local storage available within the compute nodes or use dedicated SSD clusters and offer a peak bandwidth higher than that of the backend parallel file system without interfering with it. However, burst buffer file systems typically offer many features that a scientific application, running in isolation for a limited amount of time, does not require. We present GekkoFS, a temporary, highly-scalable file system which has been specifically optimized for the aforementioned use cases. GekkoFS provides relaxed POSIX semantics which only offers features which are actually required by most (not all) applications. GekkoFS is, therefore, able to provide scalable I/O performance and reaches millions of metadata operations already for a small number of nodes, significantly outperforming the capabilities of common parallel file systems.Peer ReviewedPostprint (author's final draft
Detection of Anomalous Behavior of Wireless Devices using Power Signal and Changepoint Detection Theory.
Anomaly detection has been applied in different fields of science and engineering over many years to recognize inconsistent behavior, which can affect the regular operation of devices, machines, and even organisms. The main goal of the research described in this thesis is to extract the meaningful features of an object's characteristics that allow researchers recognize such malicious behavior.
Specifically, this work is focused on identifying malicious behavior in Android smartphones caused by code running on it. In general, extraneous activities can affect different parameters of such devices such as network traffic, CPU usage, hardware and software resources. Therefore, it is possible to use these parameters to unveil malicious activities. Using only one parameter can not guarantee an accurate model since a parameter may be modified by cybercriminals to act as a benign application. In contrast, using many parameters can produce excessive usage of smartphone's resources, or/and it can affect the time of detection of a proposed methodology. Considering that malicious activities are injected through the software applications that manage the usage of all hardware components, a smartphone's overall power consumption is a better choice for detecting malicious behavior. This metric is considered critical for anomaly analysis because it summarizes the impact of all hardware components' power consumption. Using only one metric is guaranteed to be efficient and accurate methodology for detecting malware on Android smartphones.
This thesis analyzes the accuracy of two methodologies that are evaluated with emulated and real malware. It is necessary to highlight that the detection of real malware can be a challenging task because malicious activities can be triggered only if a user executes the correct combination of actions on the application. For this reason, in the present work, this drawback is solved by automating the user inputs with Android Debug Bridge (ADB) commands and Droidbot. With this automation tool, it is highly likely that malicious behavior can act, leaving a fingerprint in the power consumption.
It should be noted that power consumption consist of time-series data that can be considered non-stationary signals due to changes in statistical parameters such as mean and variance over time. Therefore, the present work approaches the problem by analyzing each signal as a stochastic, using Changepoint detection theory to extract features from the time series. Finally, these features become the input of different machine learning classifiers used to differentiate non-malicious from malicious applications. Furthermore, the efficiency of each methodology is assessed in terms of the time of detection