44 research outputs found
A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks
Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection
Mayall:a framework for desktop JavaScript auditing and post-exploitation analysis
Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed
Protecting the Intellectual Property of Diffusion Models by the Watermark Diffusion Process
Diffusion models have emerged as state-of-the-art deep generative
architectures with the increasing demands for generation tasks. Training large
diffusion models for good performance requires high resource costs, making them
valuable intellectual properties to protect. While most of the existing
ownership solutions, including watermarking, mainly focus on discriminative
models. This paper proposes WDM, a novel watermarking method for diffusion
models, including watermark embedding, extraction, and verification. WDM embeds
the watermark data through training or fine-tuning the diffusion model to learn
a Watermark Diffusion Process (WDP), different from the standard diffusion
process for the task data. The embedded watermark can be extracted by sampling
using the shared reverse noise from the learned WDP without degrading
performance on the original task. We also provide theoretical foundations and
analysis of the proposed method by connecting the WDP to the diffusion process
with a modified Gaussian kernel. Extensive experiments are conducted to
demonstrate its effectiveness and robustness against various attacks
Data Quality Assessment for Maritime Situation Awareness
International audienceThe Automatic Identification System (AIS) initially designed to ensure maritime security through continuous position reports has been progressively used for many extended objectives. In particular it supports a global monitoring of the maritime domain for various purposes like safety and security but also traffic management, logistics or protection of strategic areas, etc. In this monitoring, data errors, misuse, irregular behaviours at sea, malfeasance mechanisms and bad navigation practices have inevitably emerged either by inattentiveness or voluntary actions in order to circumvent, alter or exploit such a system in the interests of offenders. This paper introduces the AIS system and presents vulnerabilities and data quality assessment for decision making in maritime situational awareness cases. The principles of a novel methodological approach for modelling, analysing and detecting these data errors and falsification are introduced
Flexible Information-Flow Control
As more and more sensitive data is handled by software, its trustworthinessbecomes an increasingly important concern. This thesis presents work on ensuringthat information processed by computing systems is not disclosed to thirdparties without the user\u27s permission; i.e. to prevent unwanted flows ofinformation. While this problem is widely studied, proposed rigorousinformation-flow control approaches that enforce strong securityproperties like noninterference have yet to see widespread practical use.Conversely, lightweight techniques such as taint tracking are more prevalent inpractice, but lack formal underpinnings, making it unclear what guarantees theyprovide.This thesis aims to shrink the gap between heavyweight information-flow controlapproaches that have been proven sound and lightweight practical techniqueswithout formal guarantees such as taint tracking. This thesis attempts toreconcile these areas by (a) providing formal foundations to taint trackingapproaches, (b) extending information-flow control techniques to more realisticlanguages and settings, and (c) exploring security policies and mechanisms thatfall in between information-flow control and taint tracking and investigating whattrade-offs they incur
Evil from Within: Machine Learning Backdoors through Hardware Trojans
Backdoors pose a serious threat to machine learning, as they can compromise
the integrity of security-critical systems, such as self-driving cars. While
different defenses have been proposed to address this threat, they all rely on
the assumption that the hardware on which the learning models are executed
during inference is trusted. In this paper, we challenge this assumption and
introduce a backdoor attack that completely resides within a common hardware
accelerator for machine learning. Outside of the accelerator, neither the
learning model nor the software is manipulated, so that current defenses fail.
To make this attack practical, we overcome two challenges: First, as memory on
a hardware accelerator is severely limited, we introduce the concept of a
minimal backdoor that deviates as little as possible from the original model
and is activated by replacing a few model parameters only. Second, we develop a
configurable hardware trojan that can be provisioned with the backdoor and
performs a replacement only when the specific target model is processed. We
demonstrate the practical feasibility of our attack by implanting our hardware
trojan into the Xilinx Vitis AI DPU, a commercial machine-learning accelerator.
We configure the trojan with a minimal backdoor for a traffic-sign recognition
system. The backdoor replaces only 30 (0.069%) model parameters, yet it
reliably manipulates the recognition once the input contains a backdoor
trigger. Our attack expands the hardware circuit of the accelerator by 0.24%
and induces no run-time overhead, rendering a detection hardly possible. Given
the complex and highly distributed manufacturing process of current hardware,
our work points to a new threat in machine learning that is inaccessible to
current security mechanisms and calls for hardware to be manufactured only in
fully trusted environments
When Less is Enough: Positive and Unlabeled Learning Model for Vulnerability Detection
Automated code vulnerability detection has gained increasing attention in
recent years. The deep learning (DL)-based methods, which implicitly learn
vulnerable code patterns, have proven effective in vulnerability detection. The
performance of DL-based methods usually relies on the quantity and quality of
labeled data. However, the current labeled data are generally automatically
collected, such as crawled from human-generated commits, making it hard to
ensure the quality of the labels. Prior studies have demonstrated that the
non-vulnerable code (i.e., negative labels) tends to be unreliable in
commonly-used datasets, while vulnerable code (i.e., positive labels) is more
determined. Considering the large numbers of unlabeled data in practice, it is
necessary and worth exploring to leverage the positive data and large numbers
of unlabeled data for more accurate vulnerability detection.
In this paper, we focus on the Positive and Unlabeled (PU) learning problem
for vulnerability detection and propose a novel model named PILOT, i.e.,
PositIve and unlabeled Learning mOdel for vulnerability deTection. PILOT only
learns from positive and unlabeled data for vulnerability detection. It mainly
contains two modules: (1) A distance-aware label selection module, aiming at
generating pseudo-labels for selected unlabeled data, which involves the
inter-class distance prototype and progressive fine-tuning; (2) A
mixed-supervision representation learning module to further alleviate the
influence of noise and enhance the discrimination of representations.Comment: This paper is accepted by ASE 202
Detection of false AIS messages for the improvement of maritime situational awareness
International audienceThe Automatic Identification System (AIS) was initially designed for safety and security of navigation purposes. However it was progressively also used for other objectives, such as surveillance, and thus led to the discovery of behaviors such as the falsification of the AIS messages by people that have been carrying out illegal activities and will to keep their activities up in an hidden way. In addition, the messages contain erroneous data and undergo spoofing attacks. The paper introduces the quality dimensions of data that shall be used in a quality assessment of AIS messages, in order to point out the dubious ones. The principles of a methodological approach for the detection of such data errors and falsifications are introduced