A survey on malware propagation, analysis, and detection

Over the last decades, there were lots of studies made on malware and their countermeasures. The most recent reports emphasize that the invention of malicious software is rapidly increasing. Moreover, the intensive use of networks and Internet increases the ability of the spreading and the effectiveness of this kind of software. On the other hand, researchers and manufacturers making great efforts to produce anti-malware systems with effective detection methods for better protection on computers. In this paper, a detailed review has been conducted on the current situation of malware infection and the work done to improve anti-malware or malware detection systems. Thus, it provides an up-to-date comparative reference for developers of malware detection systems

M0Droid : an android behavioral-based malware detection model

Anti-mobile malware has attracted the attention of the research and security community in recent years due to the increasing threat of mobile malware and the significant increase in the number of mobile devices. M0Droid, a novel Android behavioral-based malware detection technique comprising a lightweight client agent and a server analyzer, is proposed here. The server analyzer generates a signature for every application (app) based on the system call requests of the app (termed app behavior) and normalizes the generated signature to improve accuracy. The analyzer then uses Spearman’s rank correlation coefficient to identify malware with similar behavior signatures in a previously generated blacklist of malwares signatures. The main contribution of this research is the proposed method to generate standardized mobile malware signatures based on their behavior and a method for comparing generated signatures. Preliminary experiments running M0Droid against Genome dataset and APK submissions of Android client agent or developers indicate a detection rate of 60.16% with 39.43% false-positives and 0.4% false-negatives at a threshold value of 0.90. Increasing or decreasing the threshold value can adjust the strictness of M0Droid. As the threshold value increases, the false-negative rate will also increase, and as the threshold value decreases, the detection and false-positive rates will also decrease. The authors hope that this research will contribute towards Android malware detection techniques

Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices

In today’s Internet-connected world, mobile devices are increasingly used to access cloud storage services, which allow users to access data anywhere, anytime. Mobile devices have, however, been known to be used and/or targeted by cyber criminals to conduct malicious activities, such as data exfiltration, malware, identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Consequently, mobile devices are an increasing important source of evidence in digital investigations. In this paper, we examine four popular cloud client apps, namely OneDrive, Box, GoogleDrive, and Dropbox, on both Android and iOS platforms (two of the most popular mobile operating systems). We identify artefacts of forensic interest, such as information generated during login, uploading, downloading, deletion, and the sharing of files. These findings may assist forensic examiners and practitioners in real-world examination of cloud client applications on Android and iOS platforms

Digital forensic readiness framework for ransomware investigation

Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry and the volatile memory of the infected machine. Digital Forensic Readiness (DFR) processes provide mechanisms for the pro-active collection of digital footprints. This study proposed the integration of DFR mechanisms as a process to mitigate Ransomware attacks. A detailed process model of the proposed DFR mechanism was evaluated in compliance with the ISO/IEC 27043 standard. The evaluation revealed that the proposed mechanism has the potential to harness system information prior to, and during a Ransomware attack. This information can then be used to potentially decrypt the encrypted machine. The implementation of the proposed mechanism can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. Furthermore, the implementation of the DFR mechanism implies that useful decryption processes can be performed to prevent ransom payment.http://www.springer.com/series/8197hj2019Computer Scienc