ZapDroid: Managing Infrequently Used Applications on Smartphones

ABSTRACT User surveys have shown that a typical user has over a hundred apps on her smartphone [1], but stops using many of them. We conduct a user study to identify such unused apps, which we call zombies, and show via experiments that zombie apps consume significant resources on a user's smartphone and access her private information. We then design and build ZapDroid, which enables users to detect and silo zombie apps in an e↵ective way to prevent their undesired activities. If and when the user wishes to resume using such an app, ZapDroid restores the app quickly and e↵ectively. Our evaluations show that: (i) ZapDroid saves twice the energy from unwanted zombie app behaviors as compared to apps from the Play Store that kill background unwanted processes, and (ii) it e↵ectively prevents zombie apps from using undesired permissions. In addition, ZapDroid is energye cient, consuming < 4% of the battery per day

Leveraging Local Patch Differences in Multi-Object Scenes for Generative Adversarial Attacks

State-of-the-art generative model-based attacks against image classifiers overwhelmingly focus on single-object (i.e., single dominant object) images. Different from such settings, we tackle a more practical problem of generating adversarial perturbations using multi-object (i.e., multiple dominant objects) images as they are representative of most real-world scenes. Our goal is to design an attack strategy that can learn from such natural scenes by leveraging the local patch differences that occur inherently in such images (e.g. difference between the local patch on the object `person' and the object `bike' in a traffic scene). Our key idea is to misclassify an adversarial multi-object image by confusing the victim classifier for each local patch in the image. Based on this, we propose a novel generative attack (called Local Patch Difference or LPD-Attack) where a novel contrastive loss function uses the aforesaid local differences in feature space of multi-object scenes to optimize the perturbation generator. Through various experiments across diverse victim convolutional neural networks, we show that our approach outperforms baseline generative attacks with highly transferable perturbations when evaluated under different white-box and black-box settings.Comment: Accepted at WACV 2023 (Round 1), camera-ready versio

A software framework for alleviating the effects of MAC-aware jamming attacks in wireless access networks

The IEEE 802.11 protocol inherently provides the same long-term throughput to all the clients associated with a given access point (AP). In this paper, we first identify a clever, low-power jamming attack that can take advantage of this behavioral trait: the placement of a lowpower jammer in a way that it affects a single legitimate client can cause starvation to all the other clients. In other words, the total throughput provided by the corresponding AP is drastically degraded. To fight against this attack, we design FIJI, a cross-layer anti-jamming system that detects such intelligent jammers and mitigates their impact on network performance. FIJI looks for anomalies in the AP load distribution to efficiently perform jammer detection. It then makes decisions with regards to optimally shaping the traffic such that: (a) the clients that are not explicitly jammed are shielded from experiencing starvation and, (b) the jammed clients receive the maximum possible throughput under the given conditions. We implement FIJI in real hardware; we evaluate its efficacy through experiments on two wireless testbeds, under different traffic scenarios, network densities and jammer locations. We perform experiments both indoors and outdoors, and we consider both WLAN and mesh deployments. Our measurements suggest that FIJI detects such jammers in realtime and alleviates their impact by allocating the available bandwidth in a fair and efficient way. © Springer Science+Business Media

Adversarial Perturbations Against Real-Time Video Classification Systems

Recent research has demonstrated the brittleness of machine learning systems to adversarial perturbations. However, the studies have been mostly limited to perturbations on images and more generally, classification that does not deal with temporally varying inputs. In this paper we ask "Are adversarial perturbations possible in real-time video classification systems and if so, what properties must they satisfy?" Such systems find application in surveillance applications, smart vehicles, and smart elderly care and thus, misclassification could be particularly harmful (e.g., a mishap at an elderly care facility may be missed). We show that accounting for temporal structure is key to generating adversarial examples in such systems. We exploit recent advances in generative adversarial network (GAN) architectures to account for temporal correlations and generate adversarial samples that can cause misclassification rates of over 80% for targeted activities. More importantly, the samples also leave other activities largely unaffected making them extremely stealthy. Finally, we also surprisingly find that in many scenarios, the same perturbation can be applied to every frame in a video clip that makes the adversary's ability to achieve misclassification relatively easy

You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning

As Deep Packet Inspection (DPI) middleboxes become increasingly popular, a spectrum of adversarial attacks have emerged with the goal of evading such middleboxes. Many of these attacks exploit discrepancies between the middlebox network protocol implementations, and the more rigorous/complete versions implemented at end hosts. These evasion attacks largely involve subtle manipulations of packets to cause different behaviours at DPI and end hosts, to cloak malicious network traffic that is otherwise detectable. With recent automated discovery, it has become prohibitively challenging to manually curate rules for detecting these manipulations. In this work, we propose CLAP, the first fully-automated, unsupervised ML solution to accurately detect and localize DPI evasion attacks. By learning what we call the packet context, which essentially captures inter-relationships across both (1) different packets in a connection; and (2) different header fields within each packet, from benign traffic traces only, CLAP can detect and pinpoint packets that violate the benign packet contexts (which are the ones that are specially crafted for evasion purposes). Our evaluations with 73 state-of-the-art DPI evasion attacks show that CLAP achieves an Area Under the Receiver Operating Characteristic Curve (AUC-ROC) of 0.963, an Equal Error Rate (EER) of only 0.061 in detection, and an accuracy of 94.6% in localization. These results suggest that CLAP can be a promising tool for thwarting DPI evasion attacks.Comment: 12 pages, 12 figures; accepted to ACM CoNEXT 202

An Integrated Routing and Rate Adaptation Framework for Multi-rate Multi-hop Wireless Networks

International audienceIn this paper, we propose a new integrated framework for joint routing and rate adaptation in multi-rate multi-hop wireless networks. Unlike many previous efforts, our framework considers several factors that affect end-to-end performance. Among these factors, the framework takes into account the effect of the relative positions of the links on a path when choosing the rates of operation and the importance of avoiding congested areas. The key element of our framework is a new comprehensive path metric that we call ETM (for expected transmission cost in multi-rate wireless networks). We analytically derive the ETM metric. We show that the ETM metric can be used to determine the best end-to-end path with a greedy routing approach. We also show that the metric can be used to dynamically select the best transmission rate for each link on the path via a dynamic programming approach. We implement the ETM-framework on an indoor wireless mesh network and compare its performance with that of frameworks based on the popular ETT and the recently proposed ETOP metrics. Our experiments demonstrate that the ETM-framework can yield throughput improvements of up to 253 and 368 % as compared with the ETT and ETOP frameworks

TIDE: A User-Centric Tool for Identifying Energy Hungry Applications on Smartphones

Abstract-Today, many smartphone users are unaware of what applications (apps) they should stop using to prevent their battery from running out quickly. The problem is identifying such apps is hard due to the fact that there exist hundreds of thousands of apps and their impact on the battery is not well understood. We show via extensive measurement studies that the impact of an app on battery consumption depends on both environmental (wireless) factors and usage patterns. Based on this, we argue that there exists a critical need for a tool that allows a user to (a) identify apps that are energy hungry, and (b) understand why an app is consuming energy, on her phone. Towards addressing this need, we present TIDE, a tool to detect high energy apps on any particular smartphone. TIDE's key characteristic is that it accounts for usage-centric information while identifying energy hungry apps from among a multitude of apps that run simultaneously on a user's phone. Our evaluation of TIDE on a testbed of Android-based smartphones, using weeklong smartphone usage traces from 17 real users, shows that TIDE correctly identifies over 94% of energy-hungry apps and has a false positive rate of < 6%