3,180 research outputs found
apk2vec: Semi-supervised multi-view representation learning for profiling Android applications
Building behavior profiles of Android applications (apps) with holistic, rich
and multi-view information (e.g., incorporating several semantic views of an
app such as API sequences, system calls, etc.) would help catering downstream
analytics tasks such as app categorization, recommendation and malware analysis
significantly better. Towards this goal, we design a semi-supervised
Representation Learning (RL) framework named apk2vec to automatically generate
a compact representation (aka profile/embedding) for a given app. More
specifically, apk2vec has the three following unique characteristics which make
it an excellent choice for largescale app profiling: (1) it encompasses
information from multiple semantic views such as API sequences, permissions,
etc., (2) being a semi-supervised embedding technique, it can make use of
labels associated with apps (e.g., malware family or app category labels) to
build high quality app profiles, and (3) it combines RL and feature hashing
which allows it to efficiently build profiles of apps that stream over time
(i.e., online learning). The resulting semi-supervised multi-view hash
embeddings of apps could then be used for a wide variety of downstream tasks
such as the ones mentioned above. Our extensive evaluations with more than
42,000 apps demonstrate that apk2vec's app profiles could significantly
outperform state-of-the-art techniques in four app analytics tasks namely,
malware detection, familial clustering, app clone detection and app
recommendation.Comment: International Conference on Data Mining, 201
NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
As a consequence of the growing popularity of smart mobile devices, mobile
malware is clearly on the rise, with attackers targeting valuable user
information and exploiting vulnerabilities of the mobile ecosystems. With the
emergence of large-scale mobile botnets, smartphones can also be used to launch
attacks on mobile networks. The NEMESYS project will develop novel security
technologies for seamless service provisioning in the smart mobile ecosystem,
and improve mobile network security through better understanding of the threat
landscape. NEMESYS will gather and analyze information about the nature of
cyber-attacks targeting mobile users and the mobile network so that appropriate
counter-measures can be taken. We will develop a data collection infrastructure
that incorporates virtualized mobile honeypots and a honeyclient, to gather,
detect and provide early warning of mobile attacks and better understand the
modus operandi of cyber-criminals that target mobile devices. By correlating
the extracted information with the known patterns of attacks from wireline
networks, we will reveal and identify trends in the way that cyber-criminals
launch attacks against mobile devices.Comment: Accepted for publication in Proceedings of the 28th International
Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figur
Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things
In this paper, we present evaluation of security
awareness of developers and users of cyber-physical systems. Our
study includes interviews, workshops, surveys and one practical
evaluation. We conducted 15 interviews and conducted survey with
55 respondents coming primarily from industry. Furthermore, we
performed practical evaluation of current state of practice for a
society-critical application, a commercial vehicle, and reconfirmed
our findings discussing an attack vector for an off-line societycritical
facility. More work is necessary to increase usage of security
strategies, available methods, processes and standards. The security
information, currently often insufficient, should be provided in the
user manuals of products and services to protect system users. We
confirmed it lately when we conducted an additional survey of
users, with users feeling as left out in their quest for own security
and privacy. Finally, hardware-related security questions begin to
come up on the agenda, with a general increase of interest and
awareness of hardware contribution to the overall cyber-physical
security. At the end of this paper we discuss possible
countermeasures for dealing with threats in infrastructures,
highlighting the role of authorities in this quest
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
- …