Detection of app collusion potential using logic programming

Mobile devices pose a particular security risk because they hold personal details (accounts, locations, contacts, photos) and have capabilities potentially exploitable for eavesdropping (cameras/microphone, wireless connections). The Android operating system is designed with a number of built-in security features such as application sandboxing and permission-based access control. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app is able to execute by itself. While the possibility of app collusion was first warned in 2011, it has been unclear if collusion is used by malware in the wild due to a lack of suitable detection methods and tools. This paper describes how we found the first collusion in the wild. We also present a strategy for detecting collusions and its implementation in Prolog that allowed us to make this discovery. Our detection strategy is grounded in concise definitions of collusion and the concept of ASR (Access-Send-Receive) signatures. The methodology is supported by statistical evidence. Our approach scales and is applicable to inclusion into professional malware detection systems: we applied it to a set of more than 50,000 apps collected in the wild. Code samples of our tool as well as of the detected malware are available

Android Malware Detection Using Parallel Machine Learning Classifiers

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Mobile malware has continued to grow at an alarming rate despite on-going mitigation efforts. This has been much more prevalent on Android due to being an open platform that is rapidly overtaking other competing platforms in the mobile smart devices market. Recently, a new generation of Android malware families has emerged with advanced evasion capabilities which make them much more difficult to detect using conventional methods. This paper proposes and investigates a parallel machine learning based classification approach for early detection of Android malware. Using real malware samples and benign applications, a composite classification model is developed from parallel combination of heterogeneous classifiers. The empirical evaluation of the model under different combination schemes demonstrates its efficacy and potential to improve detection accuracy. More importantly, by utilizing several classifiers with diverse characteristics, their strengths can be harnessed not only for enhanced Android malware detection but also quicker white box analysis by means of the more interpretable constituent classifiers

Android malware detection: An eigenspace analysis approach

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The battle to mitigate Android malware has become more critical with the emergence of new strains incorporating increasingly sophisticated evasion techniques, in turn necessitating more advanced detection capabilities. Hence, in this paper we propose and evaluate a machine learning based approach based on eigenspace analysis for Android malware detection using features derived from static analysis characterization of Android applications. Empirical evaluation with a dataset of real malware and benign samples show that detection rate of over 96% with a very low false positive rate is achievable using the proposed method

High Accuracy Android Malware Detection Using Ensemble Learning

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.With over 50 billion downloads and more than 1.3 million apps in Google's official market, Android has continued to gain popularity among smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature-based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus, this study proposes an approach that utilises ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3–99% detection accuracy with very low false positive rates

A New Android Malware Detection Approach Using Bayesian Classification

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Mobile malware has been growing in scale and complexity as smartphone usage continues to rise. Android has surpassed other mobile platforms as the most popular whilst also witnessing a dramatic increase in malware targeting the platform. A worrying trend that is emerging is the increasing sophistication of Android malware to evade detection by traditional signature-based scanners. As such, Android app marketplaces remain at risk of hosting malicious apps that could evade detection before being downloaded by unsuspecting users. Hence, in this paper we present an effective approach to alleviate this problem based on Bayesian classification models obtained from static code analysis. The models are built from a collection of code and app characteristics that provide indicators of potential malicious activities. The models are evaluated with real malware samples in the wild and results of experiments are presented to demonstrate the effectiveness of the proposed approach

Towards Automated Android App Collusion Detection

Android OS supports multiple communication methods between apps. This opens the possibility to carry out threats in a collaborative fashion, c.f. the Soundcomber example from 2011. In this paper we provide a concise definition of collusion and report on a number of automated detection approaches, developed in co-operation with Intel Security

New Meteorite Type NWA 8159 Augite Basalt: Specimen from a Previously Unsampled Location on Mars?

Up until recently the orthopyroxenite ALH 84001, a singleton martian meteorite type, was the only sample that did not fit within the common SNC types. However with the discovery of the unique basaltic breccia NWA 7034 pairing group [1] the diversity of martian meteorites beyond SNC types was expanded, and now with Northwest Africa (NWA) 8159, and its possible pairing NWA 7635 [2], the diversiy is expanded further with a third unique non-SNC meteorite type. The existence of meteorite types beyond the narrow range seen in SNCs is what might be expected from a random cratering sampling of a geologically long-lived and complex planet such as Mars

The Northwest Africa 8159 martian meteorite: Expanding the martian sample suite to the early Amazonian

International audienceNorthwest Africa (NWA) 8159 is an augite-rich shergottite, with a mineralogy dominated by Ca-, Fe-rich pyroxene, plagioclase, olivine, and magnetite. NWA 8159 crystallized from an evolved melt of basaltic composition under relatively rapid conditions of cooling, likely in a surface lava flow or shallow sill. Redox conditions experienced by the melt shifted from relatively oxidizing (with respect to known Martian lithologies, similar to QFM) on the liquidus to higher oxygen fugacity (similar to QFM + 2) during crystallization of the groundmass, and under subsolidus conditions. This shift resulted in the production of orthopyroxene and magnetite replacing olivine phenocryst rims. NWA 8159 contains both crystalline and shock-amorphized plagioclase (An(5062)), often observed within a single grain; based on known calibrations we bracket the peak shock pressure experienced by NWA 8159 to between 15 and 23 GPa. The bulk composition of NWA 8159 is depleted in LREE, as observed for Tissint and other depleted shergottites; however, NWA 8159 is distinct from all other martian lithologies in its bulk composition and oxygen fugacity. We obtain a Sm-Nd formation age of 2.37 +/- 0.25 Ga for NWA 8159, which represents an interval in Mars geologic time which, until recently, was not represented in the other martian meteorite types. The bulk rock Sm-147/Nd-144 value of 0.37 +/- 0.02 is consistent with it being derived directly from its source and the high initial epsilon(143)(Nd) value indicates this source was geochemically highly depleted. Cr, Nd, and W isotopic compositions further support a unique mantle source. While the rock shares similarities with the 2.4-Ga NWA 7635 meteorite, there are notable distinctions between the two meteorites that suggest differences in mantle source compositions and conditions of crystallization. Nevertheless, the two samples may be launch-paired. NWA 8159 expands the known basalt types, ages and mantle sources within the Mars sample suite to include a second igneous unit from the early Amazonian.(C) 2017 Elsevier Ltd. All rights reserved