1,203 research outputs found
Android Malware Detection Using Parallel Machine Learning Classifiers
Mobile malware has continued to grow at an alarming rate despite on-going
efforts towards mitigating the problem. This has been particularly noticeable
on Android due to its being an open platform that has subsequently overtaken
other platforms in the share of the mobile smart devices market. Hence,
incentivizing a new wave of emerging Android malware sophisticated enough to
evade most common detection methods. This paper proposes and investigates a
parallel machine learning based classification approach for early detection of
Android malware. Using real malware samples and benign applications, a
composite classification model is developed from parallel combination of
heterogeneous classifiers. The empirical evaluation of the model under
different combination schemes demonstrates its efficacy and potential to
improve detection accuracy. More importantly, by utilizing several classifiers
with diverse characteristics, their strengths can be harnessed not only for
enhanced Android malware detection but also quicker white box analysis by means
of the more interpretable constituent classifiers.Comment: 8th International Conference on Next Generation Mobile Applications,
Services and Technologies, (NGMAST), 10-14 Sept., 2014, Oxford, United
Kingdo
Using Deep Neural Network for Android Malware Detection
The pervasiveness of the Android operating system, with the availability of
applications almost for everything, is readily accessible in the official
Google play store or a dozen alternative third-party markets. Additionally, the
vital role of smartphones in modern life leads to store significant information
on devices, not only personal information but also corporate information, which
attract malware developers to develop applications that can infiltrate user's
devices to steal information and perform harmful tasks. This accompanied with
the limitation of currently defenses techniques such as ineffective screening
in Google play store, weak or no screening in third-party markets. Antiviruses
software that still relies on a signature-based database that is effective only
in identifying known malware. To contrive with malicious applications that are
increased in volume and sophistication, we propose an Android malware detection
system that applies deep learning technique to face the threats of Android
malware. Extensive experiments on a real-world dataset contain benign and
malicious applications uncovered that the proposed system reaches an accuracy
of 95.31%.Comment: 9 pages, 5 figures, 6 Table
Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach
The evolution of mobile malware poses a serious threat to smartphone
security. Today, sophisticated attackers can adapt by maximally sabotaging
machine-learning classifiers via polluting training data, rendering most recent
machine learning-based malware detection tools (such as Drebin, DroidAPIMiner,
and MaMaDroid) ineffective. In this paper, we explore the feasibility of
constructing crafted malware samples; examine how machine-learning classifiers
can be misled under three different threat models; then conclude that injecting
carefully crafted data into training data can significantly reduce detection
accuracy. To tackle the problem, we propose KuafuDet, a two-phase learning
enhancing approach that learns mobile malware by adversarial detection.
KuafuDet includes an offline training phase that selects and extracts features
from the training set, and an online detection phase that utilizes the
classifier trained by the first phase. To further address the adversarial
environment, these two phases are intertwined through a self-adaptive learning
scheme, wherein an automated camouflage detector is introduced to filter the
suspicious false negatives and feed them back into the training phase. We
finally show that KuafuDet can significantly reduce false negatives and boost
the detection accuracy by at least 15%. Experiments on more than 250,000 mobile
applications demonstrate that KuafuDet is scalable and can be highly effective
as a standalone system
Andro-profiler: Detecting and Classifying Android Malware based on Behavioral Profiles
Mass-market mobile security threats have increased recently due to the growth
of mobile technologies and the popularity of mobile devices. Accordingly,
techniques have been introduced for identifying, classifying, and defending
against mobile threats utilizing static, dynamic, on-device, off-device, and
hybrid approaches. In this paper, we contribute to the mobile security defense
posture by introducing Andro-profiler, a hybrid behavior based analysis and
classification system for mobile malware. Andro-profiler classifies malware by
exploiting the behavior profiling extracted from the integrated system logs
including system calls, which are implicitly equivalent to distinct behavior
characteristics. Andro-profiler executes a malicious application on an emulator
in order to generate the integrated system logs, and creates human-readable
behavior profiles by analyzing the integrated system logs. By comparing the
behavior profile of malicious application with representative behavior profile
for each malware family, Andro-profiler detects and classifies it into malware
families. The experiment results demonstrate that Andro-profiler is scalable,
performs well in detecting and classifying malware with accuracy greater than
, outperforms the existing state-of-the-art work, and is capable of
identifying zero-day mobile malware samples.Comment: 13 page
Signature Generation for Sensitive Information Leakage in Android Applications
In recent years, there has been rapid growth in mobile devices such as
smartphones, and a number of applications are developed specifically for the
smartphone market. In particular, there are many applications that are ``free''
to the user, but depend on advertisement services for their revenue. Such
applications include an advertisement module - a library provided by the
advertisement service - that can collect a user's sensitive information and
transmit it across the network. Users accept this business model, but in most
cases the applications do not require the user's acknowledgment in order to
transmit sensitive information. Therefore, such applications' behavior becomes
an invasion of privacy. In our analysis of 1,188 Android applications' network
traffic and permissions, 93% of the applications we analyzed connected to
multiple destinations when using the network. 61% required a permission
combination that included both access to sensitive information and use of
networking services. These applications have the potential to leak the user's
sensitive information. In an effort to enable users to control the transmission
of their private information, we propose a system which, using a novel
clustering method based on the HTTP packet destination and content distances,
generates signatures from the clustering result and uses them to detect
sensitive information leakage from Android applications. Our system does not
require an Android framework modification or any special privileges. Thus users
can easily introduce our system to their devices, and manage suspicious
applications' network behavior in a fine grained manner. Our system accurately
detected 94% of the sensitive information leakage from the applications
evaluated and produced only 5% false negative results, and less than 3% false
positive results.Comment: 8 pages, 4 figure
6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices
Sensors (e.g., light, gyroscope, accelerotmeter) and sensing enabled
applications on a smart device make the applications more user-friendly and
efficient. However, the current permission-based sensor management systems of
smart devices only focus on certain sensors and any App can get access to other
sensors by just accessing the generic sensor API. In this way, attackers can
exploit these sensors in numerous ways: they can extract or leak users'
sensitive information, transfer malware, or record or steal sensitive
information from other nearby devices. In this paper, we propose 6thSense, a
context-aware intrusion detection system which enhances the security of smart
devices by observing changes in sensor data for different tasks of users and
creating a contextual model to distinguish benign and malicious behavior of
sensors. 6thSense utilizes three different Machine Learning-based detection
mechanisms (i.e., Markov Chain, Naive Bayes, and LMT) to detect malicious
behavior associated with sensors. We implemented 6thSense on a sensor-rich
Android smart device (i.e., smartphone) and collected data from typical daily
activities of 50 real users. Furthermore, we evaluated the performance of
6thSense against three sensor-based threats: (1) a malicious App that can be
triggered via a sensor (e.g., light), (2) a malicious App that can leak
information via a sensor, and (3) a malicious App that can steal data using
sensors. Our extensive evaluations show that the 6thSense framework is an
effective and practical approach to defeat growing sensor-based threats with an
accuracy above 96% without compromising the normal functionality of the device.
Moreover, our framework costs minimal overhead.Comment: 18 pages, Cyber-security, smart devices, sensors, sensor-based
threats, 26th USENIX Security Symposiu
Ransomware in Windows and Android Platforms
Malware proliferation and sophistication have drastically increased and
evolved continuously. Recent indiscriminate ransomware victimizations have
imposed critical needs of effective detection techniques to prevent damages.
Therefore, ransomware has drawn attention among cyberspace researchers. This
paper contributes a comprehensive overview of ransomware attacks and summarizes
existing detection and prevention techniques in both Windows and Android
platforms. Moreover, it highlights the strengths and shortcomings of those
techniques and provides a comparison between them. Furthermore, it gives
recommendations to users and system administrators.Comment: 21 pages, 7 figures, 5 table
Secure Containers in Android: the Samsung KNOX Case Study
Bring Your Own Device (BYOD) is a growing trend among enterprises, aiming to
improve workers' mobility and productivity via their smartphones. The threats
and dangers posed by the smartphones to the enterprise are also ever-growing.
Such dangers can be mitigated by running the enterprise software inside a
"secure container" on the smartphone. In our work we present a systematic
assessment of security critical areas in design and implementation of a secure
container for Android using reverse engineering and attacker-inspired methods.
We do this through a case-study of Samsung KNOX, a real-world product deployed
on millions of devices. Our research shows how KNOX security features work
behind the scenes and lets us compare the vendor's public security claims
against reality. Along the way we identified several design weaknesses and a
few vulnerabilities that were disclosed to Samsung
Malware Detection Approach for Android systems Using System Call Logs
Static detection technologies based on signature-based approaches that are
widely used in Android platform to detect malicious applications. It can
accurately detect malware by extracting signatures from test data and then
comparing the test data with the signature samples of virus and benign samples.
However, this method is generally unable to detect unknown malware
applications. This is because, sometimes, the machine code can be converted
into assembly code, which can be easily read and understood by humans.
Furthuremore, the attacker can then make sense of the assembly instructions and
understand the functioning of the program from the same. Therefore we focus on
observing the behaviour of the malicious software while it is actually running
on a host system. The dynamic behaviours of an application are conducted by the
system call sequences at the end. Hence, we observe the system call log of each
application, use the same for the construction of our dataset, and finally use
this dataset to classify an unknown application as malicious or benign
On labeling Android malware signatures using minhashing and further classification with Structural Equation Models
Multi-scanner Antivirus systems provide insightful information on the nature
of a suspect application; however there is often a lack of consensus and
consistency between different Anti-Virus engines. In this article, we analyze
more than 250 thousand malware signatures generated by 61 different Anti-Virus
engines after analyzing 82 thousand different Android malware applications. We
identify 41 different malware classes grouped into three major categories,
namely Adware, Harmful Threats and Unknown or Generic signatures. We further
investigate the relationships between such 41 classes using community detection
algorithms from graph theory to identify similarities between them; and we
finally propose a Structure Equation Model to identify which Anti-Virus engines
are more powerful at detecting each macro-category. As an application, we show
how such models can help in identifying whether Unknown malware applications
are more likely to be of Harmful or Adware type.Comment: 15 pages, 5 figures, 2 table
- …