A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization

Existing Android malware detection approaches use a variety of features such as security sensitive APIs, system calls, control-flow structures and information flows in conjunction with Machine Learning classifiers to achieve accurate detection. Each of these feature sets provides a unique semantic perspective (or view) of apps' behaviours with inherent strengths and limitations. Meaning, some views are more amenable to detect certain attacks but may not be suitable to characterise several other attacks. Most of the existing malware detection approaches use only one (or a selected few) of the aforementioned feature sets which prevent them from detecting a vast majority of attacks. Addressing this limitation, we propose MKLDroid, a unified framework that systematically integrates multiple views of apps for performing comprehensive malware detection and malicious code localisation. The rationale is that, while a malware app can disguise itself in some views, disguising in every view while maintaining malicious intent will be much harder. MKLDroid uses a graph kernel to capture structural and contextual information from apps' dependency graphs and identify malice code patterns in each view. Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted combination of the views which yields the best detection accuracy. Besides multi-view learning, MKLDroid's unique and salient trait is its ability to locate fine-grained malice code portions in dependency graphs (e.g., methods/classes). Through our large-scale experiments on several datasets (incl. wild apps), we demonstrate that MKLDroid outperforms three state-of-the-art techniques consistently, in terms of accuracy while maintaining comparable efficiency. In our malicious code localisation experiments on a dataset of repackaged malware, MKLDroid was able to identify all the malice classes with 94% average recall

apk2vec: Semi-supervised multi-view representation learning for profiling Android applications

Building behavior profiles of Android applications (apps) with holistic, rich and multi-view information (e.g., incorporating several semantic views of an app such as API sequences, system calls, etc.) would help catering downstream analytics tasks such as app categorization, recommendation and malware analysis significantly better. Towards this goal, we design a semi-supervised Representation Learning (RL) framework named apk2vec to automatically generate a compact representation (aka profile/embedding) for a given app. More specifically, apk2vec has the three following unique characteristics which make it an excellent choice for largescale app profiling: (1) it encompasses information from multiple semantic views such as API sequences, permissions, etc., (2) being a semi-supervised embedding technique, it can make use of labels associated with apps (e.g., malware family or app category labels) to build high quality app profiles, and (3) it combines RL and feature hashing which allows it to efficiently build profiles of apps that stream over time (i.e., online learning). The resulting semi-supervised multi-view hash embeddings of apps could then be used for a wide variety of downstream tasks such as the ones mentioned above. Our extensive evaluations with more than 42,000 apps demonstrate that apk2vec's app profiles could significantly outperform state-of-the-art techniques in four app analytics tasks namely, malware detection, familial clustering, app clone detection and app recommendation.Comment: International Conference on Data Mining, 201

LibiD: Reliable identification of obfuscated third-party android libraries

Third-party libraries are vital components of Android apps, yet they can also introduce serious security threats and impede the accuracy and reliability of app analysis tasks, such as app clone detection. Several library detection approaches have been proposed to address these problems. However, we show these techniques are not robust against popular code obfuscators, such as ProGuard, which is now used in nearly half of all apps. We then present LibID, a library detection tool that is more resilient to code shrinking and package modification than state-of-the-art tools. We show that the library identification problem can be formulated using binary integer programming models. LibID is able to identify specific versions of third-party libraries in candidate apps through static analysis of app binaries coupled with a database of third-party libraries. We propose a novel approach to generate synthetic apps to tune the detection thresholds. Then, we use F-Droid apps as the ground truth to evaluate LibID under different obfuscation settings, which shows that LibID is more robust to code obfuscators than state-of-the-art tools. Finally, we demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of 3,958 most popular apps on the Google Play Store.The Boeing Company, China Scholarship Council, Microsoft Researc

Familial ACC in Lynch Syndrome

CONTEXT: Adrenocortical carcinoma (ACC) is a rare endocrine malignancy with a poor prognosis. Although the majority of childhood ACC arises in the context of inherited cancer susceptibility syndromes, it remains less clear whether a hereditary tumor predisposition exists for the development of ACC in adults. Here, we report the first occurrence of familial ACC in a kindred with Lynch syndrome resulting from a pathogenic germline MSH2 mutation. CASE: A 54-year-old female with a history of ovarian and colorectal malignancy was found to have an ACC. A detailed family history revealed her mother had died of ACC and her sister had previously been diagnosed with endometrial and colorectal cancers. A unifying diagnosis of Lynch syndrome was considered, and immunohistochemical analyses demonstrated loss of MSH2 and MSH6 expression in both AACs (proband and her mother) and in the endometrial carcinoma of her sister. Subsequent genetic screening confirmed the presence of a germline MSH2 mutation (resulting in deletions of exons 1-3) in the proband and her sister. CONCLUSION: Our findings provide strong support for the recent proposal that ACC should be considered a Lynch syndrome-associated tumor and included in the Amsterdam II clinical diagnostic criteria. We also suggest that screening for ACC should be considered in cancer surveillance strategies directed at individuals with germline mutations in DNA mismatch repair genes.ASP, OK and MG are supported by the National Institutes for Health Research Cambridge Biomedical Research Centre. SNZ is a Wellcome Trust Intermediate Clinical Fellow (WT100183MA). We are grateful to Dr Joan Patterson for clinical advice and Dr Erik Schoenmakers for assistance with illustrations.This is the author accepted manuscript. The final version is available from the Endocrine Society via http://dx.doi.org/10.1210/jc.2016-146

Successful treatment of residual pituitary adenoma in persistent acromegaly following localisation by 11C-methionine PET co-registered with MRI.

OBJECTIVE: To determine if functional imaging using 11C-methionine positron emission tomography co-registered with 3D gradient echo MRI (Met-PET/MRI), can identify sites of residual active tumour in treated acromegaly, and discriminate these from post-treatment change, to allow further targeted treatment. DESIGN/METHODS: Twenty-six patients with persistent acromegaly after previous treatment, in whom MRI appearances were considered indeterminate, were referred to our centre for further evaluation over a 4.5-year period. Met-PET/MRI was performed in each case, and findings were used to decide regarding adjunctive therapy. Four patients with clinical and biochemical remission after transsphenoidal surgery (TSS), but in whom residual tumour was suspected on post-operative MRI, were also studied. RESULTS: Met-PET/MRI demonstrated tracer uptake only within the normal gland in the four patients who had achieved complete remission after primary surgery. In contrast, in 26 patients with active acromegaly, Met-PET/MRI localised sites of abnormal tracer uptake in all but one case. Based on these findings, fourteen subjects underwent endoscopic TSS, leading to a marked improvement in (n = 7), or complete resolution of (n = 7), residual acromegaly. One patient received stereotactic radiosurgery and two patients with cavernous sinus invasion were treated with image-guided fractionated radiotherapy, with good disease control. Three subjects await further intervention. Five patients chose to receive adjunctive medical therapy. Only one patient developed additional pituitary deficits after Met-PET/MRI-guided TSS. CONCLUSIONS: In patients with persistent acromegaly after primary therapy, Met-PET/MRI can help identify the site(s) of residual pituitary adenoma when MRI appearances are inconclusive and direct further targeted intervention (surgery or radiotherapy).This research did not receive any specific grant from any funding agency in the public, commercial or not-for-profit sector. OK, ASP, NB, JDP and MG are supported by the NIHR Cambridge Biomedical Research Centre. JDP has received support by an NIHR Senior Investigator award and NIHR brain injury HTC.This is the author accepted manuscript. The final version is available from BioScientifica via https://doi.org/10.1530/EJE-16-063

AN EXTENSIBLE TRANSCODER FOR HTML TO VOICEXML CONVERSION Publication No.

Dedicated to my Parent