Design and implementation of Linux based workflow for digital forensics investigation

Window based digital forensic workflow has been the traditional investigation model for digital evidence. Investigating using Linux based platform tends challenging since there is no specific investigation workflow for Linux platform. This study designed and implemented a Linux forensic based-workflow for digital investigation. The workflow was divided into different investigation phases. The digital investigations processes in all the phases were performed using Linux riggings. The work-flow was tested and evidence such as (E01) Image was accurately acquired. This paper is presented in the following sections. Section one and two provided introduction and literature on existing forensic workflow using windows-based workflow respectively. Section three provided the approach to window workflow. The experimental design and tools used were presented in section four. The rest of the sections considered the research analysis, discussion and conclusion respectively. The implication of the test conducted, tools used with their corresponding weakness and strengths were highlighted in the appendix

Host-based detection and analysis of Android malware: implication for privilege exploitation

The Rapid expansion of mobile Operating Systems has created a proportional development in Android malware infection targeting Android which is the most widely used mobile OS. factors such Android open source platform, low-cost influence the interest of malware writers targeting this mobile OS. Though there are a lot of anti-virus programs for malware detection designed with varying degrees of signatures for this purpose, many don’t give analysis of what the malware does. Some anti-virus engines give clearance during installations of repackaged malicious applications without detection. This paper collected 28 Android malware family samples with a total of 163 sample dataset. A general analysis of the entire sample dataset was created given credence to their individual family samples and year discovered. A general detection and classification of the Android malware corpus was performed using K-means clustering algorithm. Detection rules were written with five major functions for automatic scanning, signature enablement, quarantine and reporting the scan results. The LMD was able to scan a file size of 2048mb and report accurately whether the file is benign or malicious. The K-means clustering algorithm used was set to 5 iteration training phases and was able to classify accurately the malware corpus into benign and malicious files. The obtained result shows that some Android families exploit potential privileges on mobile devices. Information leakage from the victim’s device without consent and payload deposits are some of the results obtained. The result calls proactive measures rather than proactive in tackling malware infection on Android based mobile devices

Android Permission Classifier: a deep learning algorithmic framework based on protection and threat levels

Recent works demonstrated that Android is the fastest growing mobile OS with the highest number of users worldwide. Android's popularity is facilitated by factors such as ease of use, open‐source, and cheap to purchase compared to mobile OS like iOS. The widespread of Android has brought an exponential increase in the complexity and number of malicious applications targeting Android. Malware deploys different attack vectors to exploit Android vulnerability and attack the OS. One way to thwart malware attacks on Android is the use of Android security patches, antivirus software, and layer security. However, the fact that the permission request dynamic is different from other attack vectors, makes it difficult to identify which permission request is malicious or not especially when constructing permission request profiles for Android users. The aforementioned challenge is tackled by our research. This article proposed a framework called Android Permission Classifier for the classification of Android malware permission requests based on threat levels. This article is the first to classify Android permission based on their protection and threat levels. With the framework, out of the 113 permissions extracted, 23 were classified as more dangerous. Our model shows classification accuracy of 97% and an FPR value of 0.2% with high diversity capacity when compared with the performance of those of other similar existing metho

Modeling correlation between android permissions based on threat and protection level using exploratory factor plane analysis

The evolution of mobile technology has increased correspondingly with the number of attacks on mobile devices. Malware attack on mobile devices is one of the top security challenges the mobile community faces daily. While malware classification and detection tools are being developed to fight malware infection, hackers keep deploying different infection strategies, including permissions usage. Among mobile platforms, Android is the most targeted by malware because of its open OS and popularity. Permissions is one of the major security techniques used by Android and other mobile platforms to control device resources and enhance access control. In this study, we used the t-Distribution stochastic neighbor embedding (t-SNE) and Self-Organizing Map techniques to produce a visualization method using exploratory factor plane analysis to visualize permissions correlation in Android applications. Two categories of datasets were used for this study: the benign and malicious datasets. Dataset was obtained from Contagio, VirusShare, VirusTotal, and Androzoo repositories. A total of 12,267 malicious and 10,837 benign applications with different categories were used. We demonstrate that our method can identify the correlation between permissions and classify Android applications based on their protection and threat level. Our results show that every permission has a threat level. This signifies those permissions with the same protection level have the same threat level.PTDF/ED/PHD/AMA/1245/17/17: Petroleum Technology Development Fund (PTDF)

Analysis of Android malware detection techniques: a systematic review

The emergence and rapid development in complexity and popularity of Android mobile phones has created proportionate destructive effects from the world of cyber-attack. Android based device platform is experiencing great threats from different attack angles such as DoS, Botnets, phishing, social engineering, malware and others. Among these threats, malware attacks on android phones has become a daily occurrence. This is due to the fact that Android has millions of user, high computational abilities, popularity, and other essential attributes. These factors influence cybercriminals (especially malware writers) to focus on Android for financial gain, political interest, and revenge. This calls for effective techniques that could detect these malicious applications on android devices. The aim of this paper is to provide a systematic review of the malware detection techniques used for android devices. The results show that most detection techniques are not very effective to detect zero-day malware and other variants that deploy obfuscation to evade detection. The critical appraisal of the study identified some of the limitations in the detection techniques that need improvement for better detection

Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach

In the era of digital advancements, the escalation of credit card fraud necessitates the development of robust and efficient fraud detection systems. This paper delves into the application of machine learning models, specifically focusing on ensemble methods, to enhance credit card fraud detection. Through an extensive review of existing literature, we identified limitations in current fraud detection technologies, including issues like data imbalance, concept drift, false positives/negatives, limited generalisability, and challenges in real-time processing. To address some of these shortcomings, we propose a novel ensemble model that integrates a Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Random Forest (RF), Bagging, and Boosting classifiers. This ensemble model tackles the dataset imbalance problem associated with most credit card datasets by implementing under-sampling and the Synthetic Over-sampling Technique (SMOTE) on some machine learning algorithms. The evaluation of the model utilises a dataset comprising transaction records from European credit card holders, providing a realistic scenario for assessment. The methodology of the proposed model encompasses data pre-processing, feature engineering, model selection, and evaluation, with Google Colab computational capabilities facilitating efficient model training and testing. Comparative analysis between the proposed ensemble model, traditional machine learning methods, and individual classifiers reveals the superior performance of the ensemble in mitigating challenges associated with credit card fraud detection. Across accuracy, precision, recall, and F1-score metrics, the ensemble outperforms existing models. This paper underscores the efficacy of ensemble methods as a valuable tool in the battle against fraudulent transactions. The findings presented lay the groundwork for future advancements in the development of more resilient and adaptive fraud detection systems, which will become crucial as credit card fraud techniques continue to evolve

Effective methods to detect metamorphic malware: A systematic review

The succeeding code for metamorphic Malware is routinely rewritten to remain stealthy and undetected within infected environments. This characteristic is maintained by means of encryption and decryption methods, obfuscation through garbage code insertion, code transformation and registry modification which makes detection very challenging. The main objective of this study is to contribute an evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen primary studies were included in this analysis based on a pre-defined protocol. The majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG) and API Call Graph. Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty. Methods were further analysed on the basis of their approach, limitation, empirical evidence and key parameters such as dataset, Detection Rate (DR) and False Positive Rate (FPR)

Enhancing credit card fraud detection: an ensemble machine learning approach

In the era of digital advancements, the escalation of credit card fraud necessitates the development of robust and efficient fraud detection systems. This paper delves into the application of machine learning models, specifically focusing on ensemble methods, to enhance credit card fraud detection. Through an extensive review of existing literature, we identified limitations in current fraud detection technologies, including issues like data imbalance, concept drift, false positives/negatives, limited generalisability, and challenges in real-time processing. To address some of these shortcomings, we propose a novel ensemble model that integrates a Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Random Forest (RF), Bagging, and Boosting classifiers. This ensemble model tackles the dataset imbalance problem associated with most credit card datasets by implementing under-sampling and the Synthetic Over-sampling Technique (SMOTE) on some machine learning algorithms. The evaluation of the model utilises a dataset comprising transaction records from European credit card holders, providing a realistic scenario for assessment. The methodology of the proposed model encompasses data pre-processing, feature engineering, model selection, and evaluation, with Google Colab computational capabilities facilitating efficient model training and testing. Comparative analysis between the proposed ensemble model, traditional machine learning methods, and individual classifiers reveals the superior performance of the ensemble in mitigating challenges associated with credit card fraud detection. Across accuracy, precision, recall, and F1-score metrics, the ensemble outperforms existing models. This paper underscores the efficacy of ensemble methods as a valuable tool in the battle against fraudulent transactions. The findings presented lay the groundwork for future advancements in the development of more resilient and adaptive fraud detection systems, which will become crucial as credit card fraud techniques continue to evolve