On the Use of Artificial Malicious Patterns for Android Malware Detection

International audienceMalware programs currently represent the most serious threat to computer information systems. Despite the performed efforts of researchers in this field, detection tools still have limitations for one main reason. Actually, malware developers usually use obfuscation techniques consisting in a set of transformations that make the code and/or its execution difficult to analyze by hindering both manual and automated inspections. These techniques allow the malware to escape the detection tools, and hence to be seen as a benign program. To solve the obfuscation issue, many researchers have proposed to extract frequent Application Programming Interface (API) call sequences from previously encountered malware programs using pattern mining techniques and hence, build a base of fraudulent behaviors. Based on this process, it is worth mentioning that the performance of the detection process heavily depends on the base of examples of malware behaviors; also called malware patterns. In order to deal with this shortcoming, a dynamic detection method called Artificial Malware-based Detection (AMD) is proposed in this paper. AMD makes use of not only extracted malware patterns but also artificially generated ones. The artificial malware patterns are generated using an evolutionary (genetic) algorithm. The latter evolves a population of API call sequences with the aim to find new malware behaviors following a set of well-defined evolution rules. The artificial fraudulent behaviors are subsequently inserted into the base of examples in order to enrich it with unseen malware patterns. The main motivation behind the proposed AMD approach is to diversify the base of malware examples in order to maximize the detection rate. AMD has been tested on different Android malware data sets and compared against recent prominent works using commonly employed performance metrics. The performance analysis of the obtained results shows the merits of our AMD novel approach

Integrated Groundwater Flow Modeling for Managing a Complex Alluvial Aquifer Case of Study Mio-Plio-Quaternary Plain of Kairouan (Central Tunisia)

In central Tunisia, anthropic activities, such as groundwater abstraction for irrigation, have resulted in excessive groundwater level declines of the Mio-Plio-Quaternary aquifer hosted in Kairouan Plain. Besides, the two dams El Houareb and Sidi Saad’s impoundment since the 1980s has deeply modified the natural process of aquifer recharge. Hence, some studies claim the dam’s instauration of this groundwater depletion; however, some other studies attribute this critical situation to an issue of groundwater management. A multidisciplinary study was carried out to retrace the groundwater flow dynamics for 48 years before and after the dams’ erection and to understand the main factors causing the groundwater depletion. Hence, a conceptual model was developed based on gathering all available data from 114 borehole logs, 10 seismic lines, and 08 petroleum wells. Based on this reconstructed geometry, the groundwater head was simulated using the numerical code Modflow. The model was calibrated in steady-state with reference to the piezometric levels measured in 1969 and in the transient state for the period 1970–2017 and validated for the period 2007–2017. The outputs of the calibrated model show a relevant finding of the decrease of the inflows coming from the rivers’ beds (Zeroud and Marguellil) from 1990 to 2017 by 48%; yet, the pumping rate has increased by 119%. The simulated scenario without dams and maintaining the same withdrawals has shown a groundwater level rise downstream of the plain; yet, in its upstream, the depletion was less intense compared to the current model. However, the case of doing without dams and raising withdrawals from the aquifer has generated a huge decline reaching 22 m near Draa Affane

Malware Evolution and Detection Based on the Variable Precision Rough Set Model

International audienceTo offer innovative malware evolution techniques, it is appealing to integrate approaches that handle imperfect data and knowledge. In fact, malware writers tend to target some precise features within the app's code to camouflage the malicious content. Those features may sometimes present conflictual information about the true nature of the content of the app (malicious/benign). In this paper, we show how the Variable Precision Rough Set (VPRS) model can be combined with optimization techniques, in particular Bilevel-Optimization-Problems (BLOPs), in order to establish a detection model capable of following the crazy race of malware evolution initiated among malware-developers. We propose a new malware detection technique, based on such hybridization, named Variable Precision Rough set Malware Detection (ProRSDet), that offers robust detection rules capable of revealing the new nature of a given app. ProRSDet attains encouraging results when tested against various state-of-the-art malware detection systems using common evaluation metrics

Android Malware Detection as a Bi-level Problem

International audienceMalware detection is still a very challenging topic in the cybersecurity field. This is mainly due to the use of obfuscation techniques. To solve this issue, researchers proposed to extract frequent API (Application Programming Interface) call sequences and then use them as behavior indicators. Several methods aiming at generating malware detection rules have been proposed with the goal to come up with a set of rules that is able to accurately detect malicious code patterns. However, the rules generation process heavily depends on the training database content which will affect the detection rate of the model when confronted to new variants of malicious patterns. In order to assess a rule's detection accuracy, we need to execute the rule on the whole malware database which makes the detection rule quality evaluation very sensitive to the database content. To solve this issue, we suggest in this paper to consider the detection rules generation process as a BLOP (Bi-Level Optimization Problem), where a lower-level optimization task is embedded within the upper-level one. The goal of the upper-level is to generate a set of detection rules in the form of: trees of combined patterns. Those rules are able to detect not only the real patterns from the base of examples but also the artificial patterns generated by the lower-level. The lower-level aims to generate a set of artificial malicious patterns that escape the rules of the upper-level. An efficient co-evolutionary algorithm is adopted as a search engine to ensure optimization at both levels. Such an automated competition between the two levels makes our new method BMD (Bilevel Malware Detection) able to produce effective detection rules that are capable of detecting new predictable malicious behaviors in addition to existing ones. Based on the statistical analysis of the experimental results, our BMD method has shown its merits when compared to several relevant state-of-the-art malware detection techniques on different Android malware datasets

Immune-Based System to Enhance Malware Detection

International audienceMalicious apps use various methods to spread viruses, take control of computers and/or IoT devices, and steal sensitive data such as credit card numbers or other personal information. Despite the numerous existing means of intrusion detection, malware code is not easily detectable. The primary issue with current malware detection approaches is their inability to identify novel attacks and obfuscated malware, as they rely on static bases of malware examples, making them susceptible to new unseen malware behaviors. To address this, we propose a new method for malware recognition, which consists of two processes: the first process creates new instances of malware using a memetic algorithm, and the second process detects these new instances of attacks through solid detectors produced by an artificial immune system-based algorithm. Our new malware recognition method has proven its merits through thorough experiments on widely used datasets and evaluation metrics, and has been compared to prominent state-of-the-art methods

Android malware detection as a Bi-level problem

International audienceMalware detection is still a very challenging topic in the cybersecurity field. This is mainly due to the use of obfuscation techniques. To solve this issue, researchers proposed to extract frequent API (Application Programming Interface) call sequences and then use them as behavior indicators. Several methods aiming at generating malware detection rules have been proposed with the goal to come up with a set of rules that is able to accurately detect malicious code patterns. However, the rules generation process heavily depends on the training database content which will affect the detection rate of the model when confronted to new variants of malicious patterns. In order to assess a rule's detection accuracy, we need to execute the rule on the whole malware database which makes the detection rule quality evaluation very sensitive to the database content. To solve this issue, we suggest in this paper to consider the detection rules generation process as a BLOP (Bi-Level Optimization Problem), where a lower-level optimization task is embedded within the upper-level one. The goal of the upper-level is to generate a set of detection rules in the form of: trees of combined patterns. Those rules are able to detect not only the real patterns from the base of examples but also the artificial patterns generated by the lower-level. The lower-level aims to generate a set of artificial malicious patterns that escape the rules of the upper-level. An efficient co-evolutionary algorithm is adopted as a search engine to ensure optimization at both levels. Such an automated competition between the two levels makes our new method BMD (Bi-level Malware Detection) able to produce effective detection rules that are capable of detecting new predictable malicious behaviors in addition to existing ones. Based on the statistical analysis of the experimental results, our BMD method has shown its merits when compared to several relevant state-of-the-art malware detection techniques on different Android malware datasets

Malware Detection Using Rough Set Based Evolutionary Optimization

International audienceDespite the existing anti-malware techniques and their interesting achieved results to "hook" attacks, the unstoppable evolution of malware makes the need for more capable malware detection systems overriding. In this paper, we propose a new malware detection technique named Bilevel-Roughset based Malware Detection (BLRDetect) that is based on, and exploits the benefits of, Bilevel optimization and Rough Set Theory. The upper-level of the Bilevel optimization component uses a Genetic Programming Algorithm in its chase of generating powerful detection rules while the lower-level leans on both a Genetic Algorithm and a Rough-Set module to produce high quality, and reliable, malware samples that escape, to their best, the upper-level's generated detection rules. Both levels interact with each other in a competitive way in order to produce populations that depend on one another. Our detection technique has proven its outperformance when tested against various stateof-the-art malware detection systems using common evaluation metrics

On the Use of Artificial Malicious Patterns for Android Malware Detection

International audienceMalware programs currently represent the most serious threat to computer information systems. Despite the performed efforts of researchers in this field, detection tools still have limitations for one main reason. Actually, malware developers usually use obfuscation techniques consisting in a set of transformations that make the code and/or its execution difficult to analyze by hindering both manual and automated inspections. These techniques allow the malware to escape the detection tools, and hence to be seen as a benign program. To solve the obfuscation issue, many researchers have proposed to extract frequent Application Programming Interface (API) call sequences from previously encountered malware programs using pattern mining techniques and hence, build a base of fraudulent behaviors. Based on this process, it is worth mentioning that the performance of the detection process heavily depends on the base of examples of malware behaviors; also called malware patterns. In order to deal with this shortcoming, a dynamic detection method called Artificial Malware-based Detection (AMD) is proposed in this paper. AMD makes use of not only extracted malware patterns but also artificially generated ones. The artificial malware patterns are generated using an evolutionary (genetic) algorithm. The latter evolves a population of API call sequences with the aim to find new malware behaviors following a set of well-defined evolution rules. The artificial fraudulent behaviors are subsequently inserted into the base of examples in order to enrich it with unseen malware patterns. The main motivation behind the proposed AMD approach is to diversify the base of malware examples in order to maximize the detection rate. AMD has been tested on different Android malware data sets and compared against recent prominent works using commonly employed performance metrics. The performance analysis of the obtained results shows the merits of our AMD novel approach

An unusual case of pediatric acute nicotine poisoning due to a dermal exposure

Acute intoxication with nicotine is possible to cause nonspecific clinical signs and may be serious and lead to the death. We report a rare and severe form of acute nicotine poisoning secondary to dermal absorption of tobacco