An Efficient Sieve Technique In Mobile Malware Detection

Proliferation of mobile devices in the market has radically changed the way people handle their daily life activities.Rapid growth of mobile device technology has enabled users to use mobile device for various purposes such as web browsing,ubiquitous services,social networking,MMS and many more.Nowadays,Google’s Android Operating System has become the most popular choice of operating system for mobile devices since Android is an open source and easy to use.This scenario has also ignited possibility of malicious programs to exploit mobile devices and consequently expose any sensitive transaction made by the user.A malware ability to quickly evolve has made mobile malware detection a more complex. Antivirus and signature based IDS require a constant signature database update to keep up with the new malware,thus exhausting a mobile device’s resources.Even though,an anomaly-based detection can overcome this matter,an anomaly detection still produces a high amount of false alarms.Therefore,this research aims to improve Mobile Malware Detection by improving the accuracy,True Positive and True Negative as well as minimizing the False Positive rate using an n-gram system call sequence approach and a sieve technique.This research analyses the behaviour and traces of mobile malware application activity dynamically as mobile malware is executed on a mobile platform.Analysis done on mobile malware activity shows behaviour and traces of benign and malicious mobile applications are able to be distinctively classified through invocation of system call to a kernel level system by a mobile application.However,an n-gram system call sequence generated by this approach can contribute to a large amount of logged features that can consume a mobile device’s memory and storage.Hence this research, introduces a sieve technique in Mobile Malware Detection process in order to search for an optimum set of n-gram system call.In order to evaluate the performance of the proposed approach Accuracy,True Positive Rate,True Negative Rate,False Positive Rate and Receiver Operating Characteristic curve are measured with dataset of mobile malware from Malware Gnome Project and benign mobile application from Google Play Store.The experiment finding indicates the 3-gram system call sequence is capable of improving Mobile Malware Detection performance in terms of accuracy as well as minimizing the false alert.Whereas the sieve technique is able to reduce number of ngram system call features and providing an optimize 3-gram system call sequence features.The outcome indicate that a Mobile Malware Detection using 3-gram system call sequence as features and sieve technique is able to be used in improving a Mobile Malware Detection in classifying the benign and malicious mobile applications. The evaluation and validation shows that a Mobile Malware Detection using 3-gram system call sequence with sieve technique improve the classification performance.As a conclusion the 3-gram system call sequence Mobile Malware Detection with sieve technique is capable of classifying the benign and malicious mobile application more accurately and at the same time minimizing the false alarm

Effectiveness of security tools to anomalies on tunneled traffic

Tunneling mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel

Establishment of IPv6 Network on Intranet Environment

Internet Protocol version six (IPv6) is the next generation internet protocol. It is not yet possible to completely migrate to IPv6, but several transitions mechanisms are available to allow IPv6 and IPv4 coexist together in the same network infrastructure. The main benefit of this protocol is a larger address space and enhanced security options. It is not easy to migrate from current Internet Protocol version four (IPv4) to Internet Protocol version six (IPv6) as it is not “Plug n Play” since both are incompatible protocol. For smooth integration between these protocols, native IPv6 testbed (TEST6) was deployed in an intranet environment. In other hand, this gained an experience and confidence before fully integrating it with an existing Internet protocol. This paper describes how TEST6 was setup in intranet environment (TEST6-I) through numerous of process and network test performed to verify the connectivity

The new services in nagios network bandwidth utility email notification and sms alert in improving the network performance

A new feature of services in Nagios has been added to the existing system which has no such services. The bandwidth monitoring and notification system are configured for alerting the network administrators when the bandwidth of the network in an organization hits a certain threshold settings. The system sent an email alert and sms notification to the network administrator for taking further action in order to maintain the Quality of Service (QoS) in the network. All the logs file of the Nagios actions is saved in the Nagios File Logs. The analysis was conducted from the case study and problem statements. Network Development Life Cycle (NDLC) was chosen as a methodology for implementing this system in the network. Nagios is installed inside Ubuntu 10 Operating System along with Multi-Router Traffic Grapher (MRTG) and Mail Postfix. MRTG and Mail Postfix were configured to be integrated with the Nagios System. On the client side, NSClient++ has been installed, for monitoring the bandwidth and performance of windows based on operating system. The Nagios services have been improved with the implementation of sms and emails notifications since the existing services have no such utilities. With the implementation of these services to Nagios, the performance could be even better for the futur

Enhanced intrusion detection capabilities via weighted chi-square, discretization and SVM

Anomaly Intrusion Detection Systems (ADSs) identify patterns of network data behaviour to determine whether they are normal or represent an attack using the learning detection model. Much research has been conducted on enhancing ADSs particularly in the area of data mining that focuses on intrusive behaviour detection. Unfortunately, the current detection models such as the support vector machine (SVM) is affected by high dimensional data which limits its ability to accurately classify data. Moreover, the data points which appear similar between intrusive and regular behaviours could be problematic as some innovated attack behaviours may not be detected. To overcome this SVM drawback, we propose a combination of weighted chi-square (WCS) as a feature selection (FS) and a Discretization process (D). The WCS method is used firstly to reduce the dimensionality of data following which the assembled records are transformed into interval values via the D process before the SVM is used to identify groups of samples that behave similarly and dissimilarly such as malicious and non-malicious activities. Experiments were performed with well-known NSL-KDD data sets and the results show that the proposed method namely WCS-D-SVM (weighted chi-square, discretization and support vector machine) significantly improved and enhanced accuracy and detection rates while decreasing the false positives which the single SVM classifier produces

IoT Technological Development: Prospect And Implication For Cyberstability

Failure to address the risk poses by future technological development could cause devastating damage to public trust in the technologies. Therefore, ascendant technologies such as artificial intelligence are the key components to provide solutions for new cybersecurity threats and strengthen the capabilities of the future technological developments. In effect, ability of the technologies to prevent and withstand a cyber-attack could become the new deterrence. This paper will provide gaps to guide the government, industry, and the research community in pursuing Internet of Things (IoT) technological development that may be in need of improvement. The contribution of this paper is as follows: First, a roadmap that outline security requirements and concerns of future technology and the significant of IoT technology in addressing the concerns. Second, an assessment that illustrates the expected and unexpected impact of future technology adoption and its significant geopolitical implication on potential impacted areas such as regulatory, legal, political, military, and intelligence

An Evaluation Of N-gram System Call Sequence In Mobile Malware Detection

The rapid growth of Android-based mobile devices technology in recent years has increased the proliferation of mobile devices throughout the community at large. The ability of Android mobile devices has become similar to its desktop environment; users can do more than just a phone call and short text messaging. These days, Android mobile devices are used for various applications such as web browsing, ubiquitous services, social networking, MMS and many more. However, the rapid growth of Android mobile devices technology has also triggered the malware author to start exploiting the vulnerabilities of the devices. Based on this reason, this paper explores mobile malware detection through an n-gram system call sequence which uses a sequence of system call invoked by the mobile application as the feature in classifying a benign and malicious mobile application. Several n-gram values are evaluated with Linear-SVM classifier to determine the best n system call sequence that produces the highest detection accuracy and highest True Positive Rate (TPR) with low False Positive Rate (FPR)

Analysis Of Phishing Susceptibility In A Workplace: A Big-Five Personality Perspectives

Employee is frequently referred to as the weakest link in the cyber security in an organization. Differences in the employees’ personality makes it hard for any organization to design a proper mitigation strategy in order to prevent them from being a victim of phishing attack. Besides, users’ general life experience and technological experience will also influence the type of user’s personality traits while handling or interacting with the security system, which affects their susceptibility towards phishing. The objective of this paper is to examine the personality traits that influence phishing susceptibility among employees in a workplace, and to investigate the influence of employees’ experience in shaping employees’ personality and consequently their behaviour in resisting phishing attack. This study used quantitative method. A survey (N = 252) of employees in mid-sized IT related companies in Malaysia attempted to identify individual’s characteristics that relate to phishing susceptibility and characterize the higherrisk employees that pose threats to the companies. This paper presents three notable findings. First, the results of correlation analysis emphasized the importance of employees’ technical and general experience in shaping their personality to resist phishing attack. Secondly, the results of correlation analysis show that conscientiousness and self-monitoring personality traits were positively related with employee’s secure behaviour towards phishing threats. Finally, this study concluded that extroversion personality had the strongest influence towards phishing susceptibility, followed by self-monitoring, agreeableness and conscientiousness. The findings suggest that there is an inverse influence between personality traits (independent variables) and user behaviour (dependent variable). The proposed framework is useful for research attempting to shift concern on human factors in order to help organization improving employees’ cyber security complianc

Machine Learning For HTTP Botnet Detection Using Classifier Algorithms

Recently,HTTP based Botnet threat has become a serious problem for computer security experts as bots can infect victim’s computer quick and stealthily.By using HTTP protocol,Bots are able to hide their communication flow within normal HTTP communications.In addition,since HTTP protocol is widely used by internet application,it is not easy to block this service as a precautionary approach. Thus,it is needed for expert finding ways to detect the HTTP Botnet in network traffic effectively.In this paper, we propose to implement machine learning classifiers,to detect HTTP Botnets.Network traffic dataset used in this research is extracted based on TCP packet feature.We also able to find the best machine learning classifier in our experiment.The proposed method is able to classify HTTP Botnet in network traffic using the best classifier in the experiment with an average accuracy of 92.93%

Formulating Generalize Malware Attack Pattern Using Features Selection

Malicious software or malware activity is increasingly threatened the network security as the malicious codes can be easily obtained and can be used as a weapon to gain illegal objectives. Hence, network traffic gathered from a control experiment are explored and features selection method is used to identify the features involved in formulating the malware attack pattern. This paper proposes generalize malware attack pattern in two perspectives which is attacker and victim using traditional worm. This research shall facilitate the authorities in detecting the malware intrusion activities in cyber space while protecting the Critical National Information Infrastructure (CNII) in the country. These generalized malware attack pattern can be extended into research areas in alert correlation and computer forensic investigation