The Evolution of Android Malware and Android Analysis Techniques

Publisher policy: author can archive post-print on institutional repository. Publisher's version/PDF cannot be used. Publisher copyright and source must be acknowledged. Must link to publisher version with statement that this is the definitive version and DOI. Must state that version on repository is the authors versio

MBotCS: A mobile botnet detection system based on machine learning

As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning techniques. Our approach has been evaluated using real mobile device traffic captured from Android mobile devices, running normal apps and mobile botnets. In the evaluation, we investigated the use of 5 machine learning classifier algorithms and a group of machine learning box algorithms with different validation schemes. We have also evaluated the effect of our approach with respect to its effect on the overall performance and battery consumption of mobile devices

Intelligent OS X malware threat detection with code inspection

With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine (SVM) and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were is created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset

Evaluation of Tree Based Machine Learning Classifiers for Android Malware Detection

Android is a most popular mobile-based operating system with billions of active users, which has encouraged hackers and cyber-criminals to push the malware into this operating system. Accordingly, extensive research has been conducted on malware analysis and detection for Android in recent years; and Android has developed and implemented numerous security controls to deal with the problems, including unique ID (UID) for each application, system permissions, and its distribution platform Google Play. In this paper, we evaluate four tree-based machine learning algorithms for detecting Android malware in conjunction with a substring-based feature selection method for the classifiers. In the experiments 11,120 apps of the DREBIN dataset were used where 5,560 contain malware samples and the rest are benign. It is found that the Random Forest classifier outperforms the best previously reported result (around 94% accuracy, obtained by SVM) with 97.24% accuracy, and thus provides a strong basis for building effective tools for Android malware detection

Mobile malware detection - an analysis of the impact of feature categories

Imam, T ORCiD: 0000-0002-8864-4155The use of smartphones and hand-held devices continues to increase with rapid development in underlying technology and widespread deployment of numerous applications including social network, email and financial transactions. Inevitably, malware attacks are shifting towards these devices. To detect mobile malware, features representing the characteristics of applications play a crucial role. In this work, we systematically studied the impact of all categories of features (i.e., permission, application programmers interface calls, inter component communication and dynamic features) of android applications in classifying a malware from benign applications. We identifed the best combination of feature categories that yield better performance in terms of widely used metrics than blindly using all feature categories. We proposed a new technique to include contextual information in API calls into feature values and the study reveals that embedding such information enhances malware detection capability by a good margin. Information gain analysis shows that a significant number of features in ICC category is not relevant to malware prediction and hence, least effective. This study will be useful in designing better mobile malware detection system

Three-dimensional momentum imaging of dissociation in flight of metastable molecules

Citation: Jochim, B., Erdwien, R., Malakar, Y., Severt, T., Berry, B., Feizollah, P., … Ben-Itzhak, I. (2017). Three-dimensional momentum imaging of dissociation in flight of metastable molecules. New Journal of Physics, 19(10), 103006. https://doi.org/10.1088/1367-2630/aa81a

Three-dimensional momentum imaging of dissociation in flight of metastable molecules

We investigate dissociation in flight of metastable molecular dications formed by ultrashort, intense laser pulses using the cold target recoil ion momentum spectroscopy technique. A method for retrieving the lifetime(s) of the transient metastable state(s) as well as the complete three-dimensional momenta of the dissociating fragments is presented. Specifically, we demonstrate and discuss this approach by focusing on dissociation in flight of the ethylene dication going to the deprotonation channel. Two lifetimes are found to be associated with this process, C2H${}_{4}^{2+}\,\to$ C2H3 + + H+: ${\tau }_{1}=202\pm 10$ ns and ${\tau }_{2}=916\pm 40$ ns. For the corresponding channel in deuterated ethylene, lifetimes of ${\tau }_{1}=269\pm 29$ ns and ${\tau }_{2}=956\pm 83$ ns are obtained

Native Frames: Disentangling Sequential from Concerted Three-Body Fragmentation

Citation: Rajput, J., Severt, T., Berry, B., Jochim, B., Feizollah, P., Kaderiya, B., … Ben-Itzhak, I. (2018). Native Frames: Disentangling Sequential from Concerted Three-Body Fragmentation. Physical Review Letters, 120(10), 103001. https://doi.org/10.1103/PhysRevLett.120.103001A key question concerning the three-body fragmentation of polyatomic molecules is the distinction of sequential and concerted mechanisms, i.e., the stepwise or simultaneous cleavage of bonds. Using laser-driven fragmentation of OCS into O++C++S+ and employing coincidence momentum imaging, we demonstrate a novel method that enables the clear separation of sequential and concerted breakup. The separation is accomplished by analyzing the three-body fragmentation in the native frame associated with each step and taking advantage of the rotation of the intermediate molecular fragment, CO2+ or CS2+, before its unimolecular dissociation. This native-frame method works for any projectile (electrons, ions, or photons), provides details on each step of the sequential breakup, and enables the retrieval of the relevant spectra for sequential and concerted breakup separately. Specifically, this allows the determination of the branching ratio of all these processes in OCS3+ breakup. Moreover, we find that the first step of sequential breakup is tightly aligned along the laser polarization and identify the likely electronic states of the intermediate dication that undergo unimolecular dissociation in the second step. Finally, the separated concerted breakup spectra show clearly that the central carbon atom is preferentially ejected perpendicular to the laser field