s2ipt: A Lightweight Network Intrusion Detection/Prevention System based on IPtables

n/

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

With the wide diffusion of smartphones and their usage in a plethora of processes and activities, these devices have been handling an increasing variety of sensitive resources. Attackers are hence producing a large number of malware applications for Android (the most spread mobile platform), often by slightly modifying existing applications, which results in malware being organized in families. Some works in the literature showed that opcodes are informative for detecting malware, not only in the Android platform. In this paper, we investigate if frequencies of ngrams of opcodes are effective in detecting Android malware and if there is some significant malware family for which they are more or less effective. To this end, we designed a method based on state-of-the-art classifiers applied to frequencies of opcodes ngrams. Then, we experimentally evaluated it on a recent dataset composed of 11120 applications, 5560 of which are malware belonging to several different families. Results show that an accuracy of 97% can be obtained on the average, whereas perfect detection rate is achieved for more than one malware family

On the Effectiveness of System API-Related Information for Android Ransomware Detection

Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were tailored to identifying malware families, without a clear focus on ransomware. More specifically, such approaches resorted to complex information types such as permissions, user-implemented API calls, and native calls. However, this led to significant drawbacks concerning complexity, resilience against obfuscation, and explainability. To overcome these issues, in this paper, we propose and discuss learning-based detection strategies that rely on System API information. These techniques leverage the fact that ransomware attacks heavily resort to System API to perform their actions, and allow distinguishing between generic malware, ransomware and goodware. We tested three different ways of employing System API information, i.e., through packages, classes, and methods, and we compared their performances to other, more complex state-of-the-art approaches. The attained results showed that systems based on System API could detect ransomware and generic malware with very good accuracy, comparable to systems that employed more complex information. Moreover, the proposed systems could accurately detect novel samples in the wild and showed resilience against static obfuscation attempts. Finally, to guarantee early on-device detection, we developed and released on the Android platform a complete ransomware and malware detector (R-PackDroid) that employed one of the methodologies proposed in this paper

Enhancing Online Discussion Forums with Topic-Driven Content Search and Assisted Posting

Online forums represent nowadays one of the most popular and rich repository of user generated information over the Internet. Searching information of interest in an online forum may be substantially improved by a proper organization of the forum content. With this aim, in this paper we propose an approach that enhances an existing forum by introducing a navigation structure that enables searching and navigating the forum content by topics of discussion. Topics and hierarchical relations between them are semi-automatically extracted from the forum content by applying Information Retrieval techniques, specifically Topic Models and Formal Concept Analysis. Then, forum posts and discussion threads are associated to discussion topics on a similarity score basis. Moreover, to support automatic moderation in websites that host several forums, we propose a strategy to assist a user writing a new post in choosing the most appropriate forum into which it should be added. An implementation of the topic-driven content search and navigation and assisted posting forum enhancement approaches for the Moodle learning management system is also presented in the paper, opening to the application of these approaches to several real distance learning contexts. Finally, we also report on two case studies that we have conducted to validate the two approaches and evaluate their benefits.Laboratorio de Investigación y Formación en Informática Avanzad

Exploiting natural language structures in software informal documentation

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Communication means, such as issue trackers, mailing lists, Q&A forums, and app reviews, are premier means of collaboration among developers, and between developers and end-users. Analyzing such sources of information is crucial to build recommenders for developers, for example suggesting experts, re-documenting source code, or transforming user feedback in maintenance and evolution strategies for developers. To ease this analysis, in previous work we proposed DECA (Development Emails Content Analyzer), a tool based on Natural Language Parsing that classifies with high precision development emails' fragments according to their purpose. However, DECA has to be trained through a manual tagging of relevant patterns, which is often effort-intensive, error-prone and requires specific expertise in natural language parsing. In this paper, we first show, with a study involving Master's and Ph.D. students, the extent to which producing rules for identifying such patterns requires effort, depending on the nature and complexity of patterns. Then, we propose an approach, named NEON (Nlp-based softwarE dOcumentation aNalyzer), that automatically mines such rules, minimizing the manual effort. We assess the performances of NEON in the analysis and classification of mobile app reviews, developers discussions, and issues. NEON simplifies the patterns' identification and rules' definition processes, allowing a savings of more than 70% of the time otherwise spent on performing such activities manually. Results also show that NEON-generated rules are close to the manually identified ones, achieving comparable recall

Il Futuro della Cybersecurity in Italia: Ambiti Progettuali Strategici

Il presente volume nasce come continuazione del precedente, con l’obiettivo di delineare un insieme di ambiti progettuali e di azioni che la comunità nazionale della ricerca ritiene essenziali a complemento e a supporto di quelli previsti nel DPCM Gentiloni in materia di sicurezza cibernetica, pubblicato nel febbraio del 2017. La lettura non richiede particolari conoscenze tecniche; il testo è fruibile da chiunque utilizzi strumenti informatici o navighi in rete. Nel volume vengono considerati molteplici aspetti della cybersecurity, che vanno dalla definizione di infrastrutture e centri necessari a organizzare la difesa alle azioni e alle tecnologie da sviluppare per essere protetti al meglio, dall’individuazione delle principali tecnologie da difendere alla proposta di un insieme di azioni orizzontali per la formazione, la sensibilizzazione e la gestione dei rischi. Gli ambiti progettuali e le azioni, che noi speriamo possano svilupparsi nei prossimi anni in Italia, sono poi accompagnate da una serie di raccomandazioni agli organi preposti per affrontare al meglio, e da Paese consapevole, la sfida della trasformazione digitale. Le raccomandazioni non intendono essere esaustive, ma vanno a toccare dei punti che riteniamo essenziali per una corretta implementazione di una politica di sicurezza cibernetica a livello nazionale. Politica che, per sua natura, dovrà necessariamente essere dinamica e in continua evoluzione in base ai cambiamenti tecnologici, normativi, sociali e geopolitici. All’interno del volume, sono riportati dei riquadri con sfondo violetto o grigio; i primi sono usati nel capitolo introduttivo e nelle conclusioni per mettere in evidenza alcuni concetti ritenuti importanti, i secondi sono usati negli altri capitoli per spiegare il significato di alcuni termini tecnici comunemente utilizzati dagli addetti ai lavori. In conclusione, ringraziamo tutti i colleghi che hanno contribuito a questo volume: un gruppo di oltre 120 ricercatori, provenienti da circa 40 tra Enti di Ricerca e Università, unico per numerosità ed eccellenza, che rappresenta il meglio della ricerca in Italia nel settore della cybersecurity. Un grazie speciale va a Gabriella Caramagno e ad Angela Miola che hanno contribuito a tutte le fasi di produzione del libro. Tra i ringraziamenti ci fa piacere aggiungere il supporto ottenuto dai partecipanti al progetto FILIERASICURA