12 research outputs found
A survey on malware propagation, analysis, and detection
Over the last decades, there were lots of studies made on
malware and their countermeasures. The most recent reports
emphasize that the invention of malicious software is rapidly
increasing. Moreover, the intensive use of networks and
Internet increases the ability of the spreading and the
effectiveness of this kind of software. On the other hand,
researchers and manufacturers making great efforts to produce
anti-malware systems with effective detection methods for
better protection on computers. In this paper, a detailed
review has been conducted on the current situation of
malware infection and the work done to improve anti-malware
or malware detection systems. Thus, it provides an up-to-date
comparative reference for developers of malware detection
systems
M0Droid : an android behavioral-based malware detection model
Anti-mobile malware has attracted the attention of the research and security community in recent
years due to the increasing threat of mobile malware and the significant increase in the number of
mobile devices. M0Droid, a novel Android behavioral-based malware detection technique comprising
a lightweight client agent and a server analyzer, is proposed here. The server analyzer generates a signature for every application (app) based on the system call requests of the app (termed app behavior)
and normalizes the generated signature to improve accuracy. The analyzer then uses Spearman’s rank
correlation coefficient to identify malware with similar behavior signatures in a previously generated
blacklist of malwares signatures. The main contribution of this research is the proposed method to
generate standardized mobile malware signatures based on their behavior and a method for comparing
generated signatures. Preliminary experiments running M0Droid against Genome dataset and APK submissions of Android client agent or developers indicate a detection rate of 60.16% with 39.43%
false-positives and 0.4% false-negatives at a threshold value of 0.90. Increasing or decreasing the
threshold value can adjust the strictness of M0Droid. As the threshold value increases, the false-negative rate will also increase, and as the threshold value decreases, the detection and false-positive
rates will also decrease. The authors hope that this research will contribute towards Android malware
detection techniques
Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices
In today’s Internet-connected world, mobile devices are increasingly used to access
cloud storage services, which allow users to access data anywhere, anytime. Mobile
devices have, however, been known to be used and/or targeted by cyber criminals
to conduct malicious activities, such as data exfiltration, malware, identity theft,
piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Consequently, mobile devices are an increasing important source of evidence in digital
investigations. In this paper, we examine four popular cloud client apps, namely
OneDrive, Box, GoogleDrive, and Dropbox, on both Android and iOS platforms
(two of the most popular mobile operating systems). We identify artefacts of forensic interest, such as information generated during login, uploading, downloading,
deletion, and the sharing of files. These findings may assist forensic examiners and
practitioners in real-world examination of cloud client applications on Android and
iOS platforms
Digital forensic readiness framework for ransomware investigation
Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry and the volatile memory of the infected machine. Digital Forensic Readiness (DFR) processes provide mechanisms for the pro-active collection of digital footprints. This study proposed the integration of DFR mechanisms as a process to mitigate Ransomware attacks. A detailed process model of the proposed DFR mechanism was evaluated in compliance with the ISO/IEC 27043 standard. The evaluation revealed that the proposed mechanism has the potential to harness system information prior to, and during a Ransomware attack. This information can then be used to potentially decrypt the encrypted machine. The implementation of the proposed mechanism can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. Furthermore, the implementation of the DFR mechanism implies that useful decryption processes can be performed to prevent ransom payment.http://www.springer.com/series/8197hj2019Computer Scienc