Robust access control framework for mobile cloud computing network

Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not sufficient when integrating mobile devices with organization's internal network. Within this context, we exploit the features of smart devices to enhance the security of the traditional access control technique. Dynamic attributes in smart devices such as unlock failures, application usage, location and proximity of devices can be used to determine the risk level of an end-user. In this paper, we seamlessly incorporate the dynamic attributes to the conventional access control scheme. Inclusion of dynamic attributes provides an additional layer of security to the conventional access control. We demonstrate that the efficiency of the proposed algorithm is comparable to the efficiency of the conventional schemes

PIndroid: A novel Android malware detection system using ensemble learning

The extensive usage of smartphones has been the major driving force behind a drastic increase of new security threats. The stealthy techniques used by malware make them hard to detect with signature based intrusion detection and anti-malware methods. In this paper, we present PIndroid|a novel Permissions and Intents based framework for identifying Android malware apps. To the best of our knowledge, PIndroid is the first solution that uses a combination of permissions and intents supplemented with multiple stages of classifiers for malware detection. Ensemble techniques are applied for optimization of detection results. We apply the proposed approach on 1,745 real world applications and obtain 99.8% accuracy which is the best reported to date. Empirical results suggest that our proposed framework built on permissions and intents is effective in detecting malware applications

Dynamic super round based distributed task scheduling for UAV networks

Networks of Unmanned Aerial Vehicles (UAVs) are emerging in many application domains, e.g., military surveillance. To perform collaborative tasks, the involved UAVs exchange several types of information, e.g., sensor data and commands. The major question here is how to schedule the tasks under dynamic traffic flows to provide network services. Existing solutions use the Round-Robin Strategy (RRS), where the tasks are scheduled statistically by dividing the time into fixed-length rounds. However, the RRS wastes significant network and device resources due to task scheduling in each round. This paper proposes DROVE – a novel clustering approach that allows the UAVs for dynamic task scheduling. However, determining the task scheduling is crucial, as it significantly affects several network parameters, e.g., throughput. Therefore, we devise the problem of distributed task scheduling under dynamic traffic flow scenarios to optimize the throughput. We propose a clustering task scheduling algorithm to serve dynamic traffic flows. Particularly, we integrate the dynamic traffic flows into the Lyapunov drift analysis framework, and determine the throughput optimality of our proposed scheduling algorithm. We perform extensive simulations to validate the effectiveness of DROVE. The results show that DROVE outperforms the state-of-the-art solutions in terms of energy consumption, clustering overhead, throughput, end-to-end delay, flow success rate and packet drop rate. </p

Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents

Microsoft Office may be by far the most widely used suite for processing documents, spreadsheets, and presentations. Due to its popularity, it is continuously utilised to carry out malicious campaigns. Threat actors, exploiting the platform’s dynamic features, use it to launch their attacks and penetrate millions of hosts in their campaigns. This work explores the modern landscape of malicious Microsoft Office documents, exposing the means that malware authors use. We leverage a taxonomy of the tools used to weaponise Microsoft Office documents and explore the modus operandi of malicious actors. Moreover, we generated and publicly shared a specially crafted dataset, which relies on incorporating benign and malicious documents containing many dynamic features such as VBA macros and DDE. The latter is crucial for a fair and realistic analysis, an open issue in the current state of the art. This allows us to draw safe conclusions on the malicious features and behaviour. More precisely, we extract the necessary features with an automated analysis pipeline to efficiently and accurately classify a document as benign or malicious using machine learning with an F1 score above 0.98, outperforming the current state of the art detection algorithms