1,427 research outputs found
Android Malware Family Classification Based on Resource Consumption over Time
The vast majority of today's mobile malware targets Android devices. This has
pushed the research effort in Android malware analysis in the last years. An
important task of malware analysis is the classification of malware samples
into known families. Static malware analysis is known to fall short against
techniques that change static characteristics of the malware (e.g. code
obfuscation), while dynamic analysis has proven effective against such
techniques. To the best of our knowledge, the most notable work on Android
malware family classification purely based on dynamic analysis is DroidScribe.
With respect to DroidScribe, our approach is easier to reproduce. Our
methodology only employs publicly available tools, does not require any
modification to the emulated environment or Android OS, and can collect data
from physical devices. The latter is a key factor, since modern mobile malware
can detect the emulated environment and hide their malicious behavior. Our
approach relies on resource consumption metrics available from the proc file
system. Features are extracted through detrended fluctuation analysis and
correlation. Finally, a SVM is employed to classify malware into families. We
provide an experimental evaluation on malware samples from the Drebin dataset,
where we obtain a classification accuracy of 82%, proving that our methodology
achieves an accuracy comparable to that of DroidScribe. Furthermore, we make
the software we developed publicly available, to ease the reproducibility of
our results.Comment: Extended Versio
EavesDroid: Eavesdropping User Behaviors via OS Side-Channels on Smartphones
As the Internet of Things (IoT) continues to evolve, smartphones have become
essential components of IoT systems. However, with the increasing amount of
personal information stored on smartphones, user privacy is at risk of being
compromised by malicious attackers. Although malware detection engines are
commonly installed on smartphones against these attacks, attacks that can evade
these defenses may still emerge. In this paper, we analyze the return values of
system calls on Android smartphones and find two never-disclosed vulnerable
return values that can leak fine-grained user behaviors. Based on this
observation, we present EavesDroid, an application-embedded side-channel attack
on Android smartphones that allows unprivileged attackers to accurately
identify fine-grained user behaviors (e.g., viewing messages and playing
videos) via on-screen operations. Our attack relies on the correlation between
user behaviors and the return values associated with hardware and system
resources. While this attack is challenging since these return values are
susceptible to fluctuation and misalignment caused by many factors, we show
that attackers can eavesdrop on fine-grained user behaviors using a CNN-GRU
classification model that adopts min-max normalization and multiple return
value fusion. Our experiments on different models and versions of Android
smartphones demonstrate that EavesDroid can achieve 98% and 86% inference
accuracy for 17 classes of user behaviors in the test set and real-world
settings, highlighting the risk of our attack on user privacy. Finally, we
recommend effective malware detection, carefully designed obfuscation methods,
or restrictions on reading vulnerable return values to mitigate this attack.Comment: 15 pages, 25 figure
Effective Secure Data Agreement Approach-based cloud storage for a healthcare organization
In recent days, there has been a significant development in the field of computers as they need to handle the vast resource using cloud computing and performing various cloud services. The cloud helps to manage the resource dynamically based on the user demand and is transmitted to multiple users in healthcare organizations. Mainly the cloud helps to reduce the performance cost and enhance data scalability & flexibility. The main challenges faced by the existing technologies integrated with the cloud need to be solved in managing the data and the problem of data heterogeneity. As the above challenges, mitigation makes the services more data stable should the healthcare organization identify the malware. Developed countries are utilizing the services through the cloud as it needs more security. In this work, a secure data agreement approach is proposed as it is associated with feature extraction with cloud computing for healthcare to examine and enhance the user parties to make effective decisions. The proposed method classifies into two components. The first component deals with the modified data formulation algorithm, used to identify the relationship among variables, i.e., data correlation, and validate the data using trained data. It helps to achieve data reduction and data scale development. In the second component, Feature selection is used to validate the model using subset selection to determine the model fitness based on the data. It is necessary to have more samples of different Android applications to examine the framework using factors like data correctness and the F-measure. As feature selection is a concern, this study focuses on Chi-square, gain ratio, information gain, logistic regression analysis, OneR, and PCA
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
The influence of Deep Learning on image identification and natural language
processing has attracted enormous attention globally. The convolution neural
network that can learn without prior extraction of features fits well in
response to the rapid iteration of Android malware. The traditional solution
for detecting Android malware requires continuous learning through
pre-extracted features to maintain high performance of identifying the malware.
In order to reduce the manpower of feature engineering prior to the condition
of not to extract pre-selected features, we have developed a coloR-inspired
convolutional neuRal networks (CNN)-based AndroiD malware Detection (R2-D2)
system. The system can convert the bytecode of classes.dex from Android archive
file to rgb color code and store it as a color image with fixed size. The color
image is input to the convolutional neural network for automatic feature
extraction and training. The data was collected from Jan. 2017 to Aug 2017.
During the period of time, we have collected approximately 2 million of benign
and malicious Android apps for our experiments with the help from our research
partner Leopard Mobile Inc. Our experiment results demonstrate that the
proposed system has accurate security analysis on contracts. Furthermore, we
keep our research results and experiment materials on http://R2D2.TWMAN.ORG.Comment: Verison 2018/11/15, IEEE BigData 2018, Seattle, WA, USA, Dec 10-13,
2018. (Accepted
The Evolution of Android Malware and Android Analysis Techniques
Publisher policy: author can archive post-print on institutional repository. Publisher's version/PDF cannot be used. Publisher copyright and source must be acknowledged. Must link to publisher version with statement that this is the definitive version and DOI. Must state that version on repository is the authors versio
Exploiting Model Checking for Mobile Botnet Detection
Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results
- …