A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization

Existing Android malware detection approaches use a variety of features such as security sensitive APIs, system calls, control-flow structures and information flows in conjunction with Machine Learning classifiers to achieve accurate detection. Each of these feature sets provides a unique semantic perspective (or view) of apps' behaviours with inherent strengths and limitations. Meaning, some views are more amenable to detect certain attacks but may not be suitable to characterise several other attacks. Most of the existing malware detection approaches use only one (or a selected few) of the aforementioned feature sets which prevent them from detecting a vast majority of attacks. Addressing this limitation, we propose MKLDroid, a unified framework that systematically integrates multiple views of apps for performing comprehensive malware detection and malicious code localisation. The rationale is that, while a malware app can disguise itself in some views, disguising in every view while maintaining malicious intent will be much harder. MKLDroid uses a graph kernel to capture structural and contextual information from apps' dependency graphs and identify malice code patterns in each view. Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted combination of the views which yields the best detection accuracy. Besides multi-view learning, MKLDroid's unique and salient trait is its ability to locate fine-grained malice code portions in dependency graphs (e.g., methods/classes). Through our large-scale experiments on several datasets (incl. wild apps), we demonstrate that MKLDroid outperforms three state-of-the-art techniques consistently, in terms of accuracy while maintaining comparable efficiency. In our malicious code localisation experiments on a dataset of repackaged malware, MKLDroid was able to identify all the malice classes with 94% average recall

apk2vec: Semi-supervised multi-view representation learning for profiling Android applications

Building behavior profiles of Android applications (apps) with holistic, rich and multi-view information (e.g., incorporating several semantic views of an app such as API sequences, system calls, etc.) would help catering downstream analytics tasks such as app categorization, recommendation and malware analysis significantly better. Towards this goal, we design a semi-supervised Representation Learning (RL) framework named apk2vec to automatically generate a compact representation (aka profile/embedding) for a given app. More specifically, apk2vec has the three following unique characteristics which make it an excellent choice for largescale app profiling: (1) it encompasses information from multiple semantic views such as API sequences, permissions, etc., (2) being a semi-supervised embedding technique, it can make use of labels associated with apps (e.g., malware family or app category labels) to build high quality app profiles, and (3) it combines RL and feature hashing which allows it to efficiently build profiles of apps that stream over time (i.e., online learning). The resulting semi-supervised multi-view hash embeddings of apps could then be used for a wide variety of downstream tasks such as the ones mentioned above. Our extensive evaluations with more than 42,000 apps demonstrate that apk2vec's app profiles could significantly outperform state-of-the-art techniques in four app analytics tasks namely, malware detection, familial clustering, app clone detection and app recommendation.Comment: International Conference on Data Mining, 201

Research on Building Information Model (BIM) Technology

All above this paper is to give the BIM scientific definition, describes the BIM six technical characteristics and points out the essence of BIM Technology, creatively put forward the mature styling BIM seven technical standards, depicting the BIM Technology Development Tools, and other technical fusion development realize the feasibility of the technical route, show the BIM building life cycle management strategies and methods based on, from the two dimensions of qualitative and quantitative, symbiosis is the example of the fused BIM Technology and energy consumption analysis tool. In the realization of green, smart and sustainable design BIM technology advantages to focus attention, the article finally, the BIM technology in China's engineering practice in the application of the prospects for the future

Notch activity opposes ras-induced differentiation during the second mitotic wave of the developing Drosophila eye

BACKGROUND: EGF receptor acts through Ras and the MAPK cascade to trigger differentiation and maintain survival of most of cell types in the Drosophila retina. Cell types are specified sequentially by separate episodes of EGFR activity. All the cell types differentiate in G1 phase of the cell cycle. Before differentiating, many cells pass through the cell cycle in the "Second Mitotic Wave" in response to Notch activity, but no cell fates are specified during the Second Mitotic Wave. It is not known how fate specification is limited to G1-arrested cells. RESULTS: Competence to differentiate in response to activated RasV12 was diminished during the Second Mitotic Wave accounting for the failure to recruit cell fates from cycling cells. Competence was not restored by blocking cell cycle progression, but was restored by reduced Notch activity. CONCLUSION: Competence to differentiate does not depend on cell cycle progression per se, but on the same receptor activity that also induces cell cycle entry. Dual effects of Notch on the cell cycle and on differentiation help ensure that only G1 phase cells undergo fate specification