Simple and Naïve Techniques for Backdoor Elimination in RCA

World is rapidly going to be digitalized and security is major challenge in digital world. Digital data should be protected against bad natured users. Number of system has come up with different solutions, some of them adopting response computation authentication. In Response Computation Authentication System, system calculates users response and if it matches with system expected value then system authenticates user. Response computation system authenticates user independently. In RCA bad natured developer have plant backdoor to avoid regular authentication procedure. Developer can add some delicate vulnerability in source code or can use some insufficient cryptographic algorithm to plant backdoor. Because of insufficient cryptographic algorithm it is very difficult to detect and eliminate backdoor in RCA. Here proposed system provides solution to check whether any system contain any backdoor or not? Login module is divided into number of components and component having simple logic are checked by code review and component which contains cryptography are sandboxed. DOI: 10.17762/ijritcc2321-8169.150613

A survey on Response Computaion Authentication techniques.

as we know the problems regarding data and system security are challenging and taking attraction of researchers. Although there are many techniques available which offers protection to systems there is no single Method which can provide full protection. As we know to provide security to system authentication in login system is main issue for developers. Response Computable Authentication is two way methods which are used by number of authentication system where an authentication system independently calculates the expected user response and authenticates a user if the actual user response matches the expected value. But such authentication system have been scare by malicious developer who can bypass normal authentication by covering logic in source code or using weak cryptography. This paper mainly focuses on RCA system to make sure that authentication system will not be influenced by backdoors. In this paper our main goal is to take review of different methods, approaches and techniques used for Response Computation Authentication

Malware Analysis on Android Using Supervised Machine Learning Techniques

In recent years, a widespread research is conducted with the growth of malware resulted in the domain of malware analysis and detection in Android devices. Android, a mobile-based operating system currently having more than one billion active users with a high market impact that have inspired the expansion of malware by cyber criminals. Android implements a different architecture and security controls to solve the problems caused by malware, such as unique user ID (UID) for each application, system permissions, and its distribution platform Google Play. There are numerous ways to violate that fortification, and how the complexity of creating a new solution is enlarged while cybercriminals progress their skills to develop malware. A community including developer and researcher has been evolving substitutes aimed at refining the level of safety where numerous machine learning algorithms already been proposed or applied to classify or cluster malware including analysis techniques, frameworks, sandboxes, and systems security. One of the most promising techniques is the implementation of artificial intelligence solutions for malware analysis. In this paper, we evaluate numerous supervised machine learning algorithms by implementing a static analysis framework to make predictions for detecting malware on Android

КАТЕГОРИЗАЦІЯ МЕТОДИК ФАЗЗІНГУ

Статичний аналіз початкового коду  як метод виявлення урзливостей — це метод білого  ящика.  Перевірка  початкового  коду  при  цьому  вимагає  того,  щоб  початковий  код  був доступний.  Проте  існують  альтернативні  методи  чорного  ящика,  при  яких  доступ  до початкового  коду  не  потрібен.  Одна  з  таких  альтернатив — технологія  фаззінгу,  яка  чудово себе  зарекомендувала  при  знаходженні  серйозних  уразливостей,  які  іншими  методами  не вдалося виявити [1]

Quadro de referência para analise de software malicioso para Android

Android es un sistema operativo de código abierto con más de mil millones de usuarios activos para todos sus dispositivos (móviles, televisión, relojes inteligentes, entre otros). La cantidad de información sensible que se utiliza en estas tecnologías genera un interés particular de los cibercriminales para el desarrollo de técnicas y herramientas que permitan la adquisición de la información o alteren el buen funcionamiento del dispositivo.  Hoy por hoy existen distintas soluciones que permiten tener un nivel razonable de seguridad sobre la información, pero con el transcurrir de los días, la habilidad de los atacantes crece gracias a una mayor experiencia, lo que genera un reto permanente para los desarrolladores de herramientas de seguridad. Debido a la problemática detectada, algunos trabajos han optado por el uso de técnicas de inteligencia artificial en la seguridad en Android, un ejemplo de ello es el uso de algoritmos de aprendizaje de máquina para la clasificación de aplicaciones benignas y malignas, con base en una revisión y análisis de ellas, este artículo se propone un framework de análisis estático y aprendizaje de máquina para clasificación de software benigno y malicioso en Android.Android is a open source operating system with more than a billion of users, including all kind of devices (cell phones, TV, smart watch, etc). The amount of sensitive data “using” this technologies has increased the cyber criminals interest to develop tools and techniques to acquire that information or to disrupt the device's smooth operation. Despite several solutions are able to guarantee an adequate level of security, day by day the hackers skills grows up (because of their growing experience), what means a permanent challenge for security tools developers. As a response, several members of the research community are using artificial intelligence tools for Android security, particularly machine learning techniques to classify between healthy and malicious apps; from an analytic review of those works, this paper propose a static analysis framework and machine learning to do that classification.Android é um sistema operacional de código aberto com mais de um bilhão de usuários ativos, somando dispositivos móveis, televisão e relógios inteligentes, entre outros. A quantidade de informação sensível utilizada nestas tecnologias incentiva os cibercriminosos ao desenvolvimento de técnicas e ferramentas que permitam a aquisição desta informação ou alterem o bom funcionamento do dispositivo. E embora existam soluções que permitem um razoável nível de segurança da informação, com o passar dos dias a experiência dos atacantes cresce a uma taxa maior do que a dos trabalhos em segurança. Devido aos problemas detectados, alguns optaram por usar técnicas de inteligência artificial na segurança para Android, como o uso de algoritmos de aprendizado de máquina para a classificação de aplicações benignas e malignas. Este artigo propoe um framework de análise estática e aprendizado de máquina para a classificação de software benigno e malicioso para Android.

Об автоматическом анализе практической стойкости обфусцирующих преобразований

A method is developed for assessing the practical persistence of obfuscating transformations of programs based on the calculation of the similarity index for the original, obfuscated and deobfuscated programs. Candidates are proposed for similarity indices, which are based on such program characteristics as the control flow graph, symbolic execution time and degree of coverage for symbolic execution. The control flow graph is considered as the basis for building other candidates for program similarity indicators. On its basis, a new candidate is proposed for the similarity index, which, when calculated, finds the Hamming distance between the adjacency matrices of control flow graphs of compared programs. A scheme for estimating (analyzing) the persistence of obfuscating transformations is constructed, according to which for the original, obfuscated and deobfuscated programs, the characteristics of these programs are calculated and compared in accordance with the chosen comparison model. The developed scheme, in particular, is suitable for comparing programs based on similarity indices. This paper develops and implements one of the key units of the constructed scheme - a block for obtaining program characteristics compiled for the x86/x86 64 architecture. The developed unit allow to find the control flow graph, the time for symbolic execution and the degree of coverage for symbolic execution. Some results of work of the constructed block are given.Разрабатывается способ оценки практической стойкости обфусцирующих преобразований программ, основанный на вычислении показателя похожести для исходной, обфусцированной и деобфусцированной программ. Предлагаются кандидаты для показателей похожести, в основе вычисления которых лежат такие характеристики программ, как граф потока управления, время символьного выполнения и степень покрытия при символьном выполнении. Граф потока управления рассматривается как основа для построения других кандидатов для показателей похожести программ. На его основе предлагается новый кандидат для показателя похожести, при вычислении которого находится расстояние Хэмминга между матрицами смежности графов потока управления сравниваемых программ. Строится схема оценки (анализа) стойкости обфусцирующих преобразований, в соответствии с которой для исходной, обфусцированной и деобфусцированной программ вычисляются или находятся характеристики этих программ, которые сравниваются в соответствии с выбранной моделью сравнения. Разработанная схема, в частности, подходит для сравнения программ на основе показателей похожести. В работе разрабатывается и реализуется один из ключевых блоков построенной схемы – блок получения характеристик программ, скомпилированных для архитектуры x86/x86_64. Разработанный блок позволяет находить граф потока управления, время символьного выполнения и степень покрытия при символьном выполнении. Приводятся некоторые результаты работы построенного блока.