507 research outputs found
The Future of Deer Hunting in New York State: Preliminary Assessment of Three Possible Regulation Changes
Click on the PDF for an Executive Summary and the full report. Visit the HDRU website for a complete listing of HDRU publications at: http://hdru.dnr.cornell.edu
EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The Android operating system has become the most popular operating system for smartphones and tablets leading to a rapid rise in malware. Sophisticated Android malware employ detection avoidance techniques in order to hide their malicious activities from analysis tools. These include a wide range of anti-emulator techniques, where the malware programs attempt to hide their malicious activities by detecting the emulator. For this reason, countermeasures against anti-emulation are becoming increasingly important in Android malware detection. Analysis and detection based on real devices can alleviate the problems of anti-emulation as well as improve the effectiveness of dynamic analysis. Hence, in this paper we present an investigation of machine learning based malware detection using dynamic analysis on real devices. A tool is implemented to automatically extract dynamic features from Android phones and through several experiments, a comparative analysis of emulator based vs. device based detection by means of several machine learning algorithms is undertaken. Our study shows that several features could be extracted more effectively from the on-device dynamic analysis compared to emulators. It was also found that approximately 24% more apps were successfully analysed on the phone. Furthermore, all of the studied machine learning based detection performed better when applied to features extracted from the on-device dynamic analysis
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
Exploring the Eastern Frontier: A First Look at Mobile App Tracking in China
Many mobile apps are integrated with mobile advertising and tracking services running in the background to collect information for tracking users. Considering China currently tops mobile traffic growth globally, this paper aims to take a first look at China’s mobile tracking patterns from a large 4G network. We observe the dominance of the top popular domestic trackers and the pervasive tracking on mobile apps. We also discover a very well-connected tracking community, where the non-popular trackers form many local communities with each community tracking a particular category of mobile apps. We further conclude that some trackers have a monopoly on specific groups of mobile users and 10% of users upload Personally Identifiable Information (PII) to trackers (with 90% of PII tracking flows local to China). Our results consistently show a distinctive mobile tracking market in China. We hope the results can inform users and stakeholders on the interplay between mobile tracking and potential security and privacy issues
AnFlo: Detecting anomalous sensitive information flows in Android apps
Smartphone apps usually have access to sensitive user data such as contacts,
geo-location, and account credentials and they might share such data to
external entities through the Internet or with other apps. Confidentiality of
user data could be breached if there are anomalies in the way sensitive data is
handled by an app which is vulnerable or malicious. Existing approaches that
detect anomalous sensitive data flows have limitations in terms of accuracy
because the definition of anomalous flows may differ for different apps with
different functionalities; it is normal for "Health" apps to share heart rate
information through the Internet but is anomalous for "Travel" apps.
In this paper, we propose a novel approach to detect anomalous sensitive data
flows in Android apps, with improved accuracy. To achieve this objective, we
first group trusted apps according to the topics inferred from their functional
descriptions. We then learn sensitive information flows with respect to each
group of trusted apps. For a given app under analysis, anomalies are identified
by comparing sensitive information flows in the app against those flows learned
from trusted apps grouped under the same topic. In the evaluation, information
flow is learned from 11,796 trusted apps. We then checked for anomalies in 596
new (benign) apps and identified 2 previously-unknown vulnerable apps related
to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6
of them
Defending against Sybil Devices in Crowdsourced Mapping Services
Real-time crowdsourced maps such as Waze provide timely updates on traffic,
congestion, accidents and points of interest. In this paper, we demonstrate how
lack of strong location authentication allows creation of software-based {\em
Sybil devices} that expose crowdsourced map systems to a variety of security
and privacy attacks. Our experiments show that a single Sybil device with
limited resources can cause havoc on Waze, reporting false congestion and
accidents and automatically rerouting user traffic. More importantly, we
describe techniques to generate Sybil devices at scale, creating armies of
virtual vehicles capable of remotely tracking precise movements for large user
populations while avoiding detection. We propose a new approach to defend
against Sybil devices based on {\em co-location edges}, authenticated records
that attest to the one-time physical co-location of a pair of devices. Over
time, co-location edges combine to form large {\em proximity graphs} that
attest to physical interactions between devices, allowing scalable detection of
virtual vehicles. We demonstrate the efficacy of this approach using
large-scale simulations, and discuss how they can be used to dramatically
reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio
New York's Southern Tier Landowners' Management for Early Successional Forest Habitat: Attitudes, Barriers and Motivations
Click on the PDF for an Executive Summary and the full report. Visit the HDRU website for a complete listing of HDRU publications at: http://hdru.dnr.cornell.edu
Characterization of nanometer scale compositionally inhomogeneous AlGaN active regions on bulk AlN substrates
The optical and structural properties of AlGaN active regions containing nanoscale compositional inhomogeneities (NCI) grown on low dislocation density bulk AlN substrates are reported. These substrates are found to improve the internal quantum efficiency and structural quality of NCI-AlGaN active regions for high Al content alloys, as well as the interfaces of the NCI with the surrounding wider bandgap matrix, as manifested in the absence of any significant long decay component of the low temperature radiative lifetime, which is well characterized by a single exponential photoluminescence decay with a 330 ps time constant. However, room temperature results indicate that non-radiative recombination associated with the high point defect density becomes a limiting factor in these films even at low dislocation densities for larger AlN mole fractions
- …