Ensemble Method for Mobile Malware Detection using N-Gram Sequences of System Calls

Mobile device has become an essential tool among the community across the globe and has turned into a necessity in daily life. An extensive usage of mobile devices for everyday life tasks such as online banking, online shopping and exchanging e-mails has enable mobile devices to become data storage for users. The data stored in these mobile devices can contain sensitive and critical information to the users. Hence, making mobile devices as the prime target for cybercriminal. To date, Android based mobile devices is one of the mobile devices that are dominating the phone market. Moreover, the ease of use and open-source feature has made Android based mobile devices popular. However, the widely used Android mobile devices has encourage malware author to write malicious application. In a short duration of time mobile malware has rapidly evolve and have the capability to bypass signature detection approach which requires a constant signature update to detect mobile malware. To overcome this drawback an anomaly detection approach can be used to mitigate this issue. Yet, using a single classifier in an anomaly detection approach will not improve the classification detection performance. Based on this reason, this research formulates an ensemble classification method of different n-gram system call sequence features to improve the accuracy of mobile malware detection. This research proposes n-number of classifier models for each different n-gram sequence call feature. The probability output of each classifier is then combined to produce a better classification performance which is better compared to a single classifier

Data Communications and Networking: Practical Approach

This book aimed primarily for students who will be taking subject related to this field. All lab activity are divided to four subtopic which is learning outcomes, introduction, hands on exercises with step by step instruction and self review question. This will give the student knowledge about theoretical background of the lab activity and how to implement the activity by follow the procedures

Experimental Approach Based on Ensemble and Frequent Itemsets Mining for Image Spam Filtering

Excessive amounts of image spam cause many problems to e-mail users. Since image spam is difficult to detect using conventional text-based spam approach, various image processing techniques have been proposed. In this paper, we present an ensemble method using frequent itemset mining (FIM) for filtering image spam. Despite the fact that FIM techniques are well established in data mining, it is not commonly used in the ensemble method. In order to obtain a good filtering performance, a SIFT descriptor is used since it is widely known as effective image descriptors. K-mean clustering is applied to the SIFT keypoints which produce a visual codebook. The bag-of-word (BOW) feature vectors for each image is generated using a hard bag-of-features (HBOF) approach. FIM descriptors are obtained from the frequent itemsets of the BOW feature vectors. We combine BOW, FIM with another three different feature selections, namely Information Gain (IG), Symmetrical Uncertainty (SU) and Chi Square (CS) with a Spatial Pyramid in an ensemble method. We have performed experiments on Dredze and SpamArchive datasets. The results show that our ensemble that uses the frequent itemsets mining has significantly outperform the traditional BOW and naive approach that combines all descriptors directly in a very large single input vector

Mobile Malware Behaviour through Opcode Analysis

As the popularity of mobile devices are on the rise, millions of users are now exposed to mobile malware threats. Malware is known for its ability in causing damage to mobile devices. Attackers often use it as a way to use the resources available and for other cybercriminal benefits such stealing users’ data, credentials and credit card number. Various detection techniques have been introduced in mitigating mobile malware, yet the malware author has its own method to overcome the detection method. This paper presents mobile malware analysis approaches through opcode analysis. Opcode analysis on mobile malware reveals the behaviour of malicious application in the binary level. The comparison made between the numbers of opcode occurrence from a malicious application and benign shows a significance traits. These differences can be used in classifying the malicious and benign mobile application

Establishment of IPv6 Network on Intranet Environment

Internet Protocol version six (IPv6) is the next generation internet protocol. It is not yet possible to completely migrate to IPv6, but several transitions mechanisms are available to allow IPv6 and IPv4 coexist together in the same network infrastructure. The main benefit of this protocol is a larger address space and enhanced security options. It is not easy to migrate from current Internet Protocol version four (IPv4) to Internet Protocol version six (IPv6) as it is not “Plug n Play” since both are incompatible protocol. For smooth integration between these protocols, native IPv6 testbed (TEST6) was deployed in an intranet environment. In other hand, this gained an experience and confidence before fully integrating it with an existing Internet protocol. This paper describes how TEST6 was setup in intranet environment (TEST6-I) through numerous of process and network test performed to verify the connectivity

Neighbor-based probabilistic rebroadcast routing protocol for reducing routing overhead in mobile ad hoc networks

In Mobile Ad-Hoc Network (MANET) Application, routing protocol is essential to ensure successful data transmission to all nodes. Ad-hoc On-demand Distance Vector (AODV) Protocol is a reactive routing protocol that is mostly used in MANET applications. However, the protocol causes Route Request (RREQ) message flooding issue due to the broadcasting method at the route request stage to find a path to a particular destination, where the RREQ will be rebroadcast if no Request Response (RREP) message is received. A scalable neighbor-based routing (SNBR) protocol was then proposed to overcome the issue. In the SNBR protocol, the RREQ message is only rebroadcast if the number of neighbor nodes less than a certain fix number, known as drop factor. However, since a network always have a dynamic characteristic with a dynamic number of neighbor nodes, the fix drop factor in SNBR protocol could not provide an optimal flooding problem solution in a low dense network environment, where the RREQ message is continuously rebroadcast RREQ message until reach the fix drop factor. To overcome this problem, a new broadcasting method as Dynamic SNBR (DSNBR) is proposed, where the drop factor is determined based on current number of neighbor nodes. This method rebroadcast the extra RREQ messages based on the determined dynamic drop factor. The performance of the proposed DSNBR is evaluated using NS2 and compared with the performance of the existing protocol; AODV and SNBR. Simulation results show that the new routing protocol reduces the routing request overhead, energy consumption, MAC Collision and enhances end-to-end delay, network coverage ratio as a result of reducing the extra route request messages

Functional outcomes after internal and external hemipelvectomy in HUSM

Background: Although great advancements have been made in survival rates over the last half century with adjuvant therapies and current surgical techniques, hemipelvectomy as the surgical treatment for pelvic tumours continue to have significant associations with morbidity and complications. Using the Enneking’s criteria as adopted by the Musculoskeletal Tumor Society (MSTS), we evaluated the functional outcomes of patients who have had an internal hemipelvectomy with and without reconstruction, and external hemipelvectomy. Method: We evaluated patients who underwent hemipelvectomy in our institution between 2001 and 2010. Patients who had had an internal or external hemipelvectomy surgery at any point in their clinical course were included in the study. Patients with follow up periods of less than four months were not included. MSTS scores were obtained at various times after the surgery. Results: A total of 50 patients who had undergone various types of resection and reconstruction techniques were included in this study. The average age is 40.1 years (range 12-79). Average duration of follow up is 10 months. The average MSTS percentage score was 44.32% (range: 6.67%-100%). Results show that external hemipelvectomy in our patients have a high morbidity and mortality rate. Various techniques of resection and reconstruction give different functional scores. Conclusion: Hemipelvectomies have a profound impact on patients’ lives as illustrated by their low MSTS scores. Proper patient selection is crucial to obtain the best outcome. This study is an effort to obtain a proper reference for preoperative discussion with patients and relatives regarding expected outcomes following such a procedure

Functional outcomes after internal and external hemipelvectomy in HUSM

Background: Although great advancements have been made in survival rates over the last half century with adjuvant therapies and current surgical techniques, hemipelvectomy as the surgical treatment for pelvic tumours continue to have significant associations with morbidity and complications. Using the Enneking’s criteria as adopted by the Musculoskeletal Tumor Society (MSTS), we evaluated the functional outcomes of patients who have had an internal hemipelvectomy with and without reconstruction, and external hemipelvectomy. Method: We evaluated patients who underwent hemipelvectomy in our institution between 2001 and 2010. Patients who had had an internal or external hemipelvectomy surgery at any point in their clinical course were included in the study. Patients with follow up periods of less than four months were not included. MSTS scores were obtained at various times after the surgery. Results: A total of 50 patients who had undergone various types of resection and reconstruction techniques were included in this study. The average age is 40.1 years (range 12-79). Average duration of follow up is 10 months. The average MSTS percentage score was 44.32% (range: 6.67%-100%). Results show that external hemipelvectomy in our patients have a high morbidity and mortality rate. Various techniques of resection and reconstruction give different functional scores. Conclusion: Hemipelvectomies have a profound impact on patients’ lives as illustrated by their low MSTS scores. Proper patient selection is crucial to obtain the best outcome. This study is an effort to obtain a proper reference for preoperative discussion with patients and relatives regarding expected outcomes following such a procedure

Evaluation of blood loss during internal (limb-salvage) hemipelvectomy for pelvic tumours : what have we learned so far?

Introduction: Pelvic tumour resections are complex and associated with extensive bleeding. Despite various blood management options in orthopaedic surgery, their used are limited particularly for pelvic tumour resections. Identifying predictive factors for a large amount of blood loss during surgery is essential. Objective: To evaluate the volume of blood loss in limb salvage pelvic resections and identify the risk factors for large amount of perioperative blood loss. Methodology: We retrospectively reviewed 25 patients underwent pelvic tumour resections performed between 2000 and 2010 in a single institution. Tumours originating from the sacrum were excluded. Total blood volume loss consisted of estimated intra-operative blood loss and the drainage volume on the first day after surgery. Loss of more than 3000ml of blood was classified as large amount of blood loss. Statistical analysis performed using Fisher’s exact test. Results: Six (24.0%) patients had total blood loss greater than 3000ml. Resections of primary bone sarcomas (osteosarcoma and chondrosarcoma) have the highest mean blood loss volume (6556.67ml and 1768.57ml, respectively). Most important factor associated with large amount of blood loss is the involvement of the acetabulum. Neo-adjuvant therapies and pre-operative embolization were not shown to be associated with extensive blood loss.. Conclusion: Resections of pelvic tumours involving the acetabular region are likely to have a large amount of blood loss perioperatively and should be anticipated. Radiation therapy prior to surgery was believed to increase the risk of bleeding intra-operatively, was not observed in this study

Pengelasan e-mel menggunakan kaedah perambat balik

E-mel merupakan antara perkhidmatan komunikasi yang paling popular dewasa ini. Penggunaan e-mel tidak melibatkan kos yang tinggi serta pantas di dalam menyampaikan maklumat. Namun begitu, lambakan e-mel spam banyak menimbulkan masalah kepada pengguna, organisasi dan penyedia servis Internet. E-mel spam menyebabkan produktiviti kerja menurun dan kerugian dari segi penggunaan jalur lebar dan storan. Justeru itu, satu kajian telah dilakukan bagi menapis e-mel spam menggunakan rangkaian neural perambat balik. Data bagi kajian diperolehi dari e-mel peribadi penulis yang dikumpul selama 6 bulan. Perkataan yang wujud pada kandungan e-mel digunakan bagi melatih rangkaian neural. Perkataan terlebih dahulu diekstrak dari e-mel dan melalui pra proses data. Pra proses data melibatkan pembuangan kata henti, cantasan, penjanaan matriks perkataan e-mel dan umpukan pemberat terhadap perkataan. Perlaksanaan cantasan menggunakan algoritma Porter bagi perkataan bahasa Inggeris dan algoritma Fatimah bagi perkataan bahasa Malaysia. Umpukan pemberat bagi perkataan menggunakan TF-IDF dan teknik khi kuasa dua digunakan bagi memilih perkataan yang akan melatih rangkaian neural. Pemberat TF-IDF perkataan akan ditukar ke nilai 0 hingga 1 menggunakan pernormalan minimummaksimum sebelum menjadi input kepada rangkaian neural. Kriteria pemilihan model terbaik adalah berdasarkan kepada ketepatan ramalan set latihan tertinggi bagi rangkaian neural. Hasil eksperimen dibandingkan dengan kajian lepas mendapati gabungan pemberat TF-IDF dan khi kuasa dua memberikan keputusan ramalan yang memuaskan