The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Machine learning has become one of the go-to methods for solving problems in the field of networking. This development is driven by data availability in large-scale networks and the commodification of machine learning frameworks. While this makes it easier for researchers to implement and deploy machine learning solutions on networks quickly, there are a number of vital factors to account for when...
The initial focus for the cyber security community has been to make operating systems and networks more secure and harder to penetrate. These improvements are making it more difficult to exploit these systems, driving attackers to turn their attention to embedded systems and hardware exploitation. It is expected that new threats from improperly secured embedded operating systems, poorly defended firmware...
This work develops a method of detecting and classifying “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS...
With rising popularization of Android application, third party of APK market has become attractive target of attackers. There have been many research efforts on analyzing APK malware and malformed advertisement. However, so far, the empirical study of the large number of APKs distributed by third party market has not been discussed in detail. In this paper, we present a framework to inspect URL strings...
As many automated test input generation tools for Android need to instrument the system or the app, they cannot be used in some scenarios such as compatibility testing and malware analysis. We introduce DroidBot, a lightweight UI-guided test input generator, which is able to interact with an Android app on almost any device without instrumentation. The key technique behind DroidBot is that it can...
Detection of malicious software at the hardware level is emerging as an effective solution to increasing security threats. Hardware based detectors rely on Machine Learning(ML) classifiers to detect malware-like execution pattern based on Hardware Performance Counters(HPC) information at run-time. The effectiveness of these learning methods mainly relies on the information provided by expensive-to-implement...
With the continuous and rapid increase in quantity and diversity of Smartphone application usage, the storage of sensitive personal and even financial information of the users is also being augmented. It creates motivation for developers of malicious applications to put more effort on discovering ways to identify and exploit the vulnerabilities of utility applications and grab the sensitive information...
Development and dissemination of malicious software requires the creation of new methods for their detection. Therefore we began to use proactive technologies that use the test program to detect the presence of certain symptoms, often occurring in malware. Dynamic analysis of the studied program launched for execution. There is a study of how the program interacts with the software environment that...
In last years smartphone and tablet devices have been handling an increasing variety of sensitive resources. As a matter of fact, these devices store a plethora of information related to our every-day life, from the contact list, the received email, and also our position during the day (using not only the GPS chipset that can be disabled but only the Wi-Fi/mobile connection it is possible to discover...
Run-time malware detection strategies are efficient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), through a selection of n-gram sequences which only exist in malware...
Android malware scanning services (e.g., VirusTotal) are websites that users submit suspicious Android programs and get an array of malware detection results. With the growing popularity of such websites, we suspect that, these services are not only used by innocent users, but also, malware writers for testing the evasion capability of their malware samples. May this hypothesis be true, it not only...
The analysis of the threats of identity theft and infection of websites indicates that antivirals are ineffective for websites, because hosting does not conduct continuous monitoring for viruses on their servers due to large amounts of user data, and RAID cannot save data, because they only duplicate them, and in the case of infection with a virus they merely memorize a changed file. We have developed...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
Mobile malware has grown in scale and complexity, as a consequence of the unabated uptake of smartphones worldwide. Malware writers have been developing detection evasion techniques which are rapidly making anti-malware technologies uneffective. In particular, zero-days malware is able to easily pass signature based detection, while dynamic analysis based techniques, which could be more accurate and...
Malware is one of the most serious security threats on the Internet today, it has been seen that malware authors employ variety of techniques to evade security detection but most of their techniques are discovered and blocked by antivirus programs. Still there are some evasion techniques which are not exploited in wild and are effective against antivirus programs. This paper studies the working of...
This paper describes Variant, a testing framework for projects attempting to locate variants of malware families through similarity testing. The framework is a series of tests and data standards to evaluate recall and precision in tools that attempt to statically measure similarity in implementation of compiled software, specifically in determining code reuse in compiled software to identify malware...
A well-known proverb says “If it looks like a duck, walks like a duck and quacks like a duck, it is a duck”. This statement raises an interesting approach to identifying counterfeit mobile devices. If we substitute the “duck” for a device and map the proverb to the following characteristics of a device, we can use the proverb to help validate if a device is counterfeit: 1) Looks like a duck: user...
Attackers who designed malware seem to be so cautious that most of the malware are disguised as normal apps. This brings about huge difficulties to detect the malware. Similar with traditional PC testing, there are two main detection methods for Android malware: static analysis and dynamic monitoring. However, these methods inevitably face the challenge of code confusion performance cost. In this...
As most of the malware nowadays use Internet as their main doorway to infect a new system, it has become imperative for security vendors to provide cloud-based solutions that can filter and block malicious URLs. This paper presents different practical considerations related to this problem. The key points that we focus on are the usage of different machine learning techniques and unsupervised learning...
Android is one of the most popular open-source smartphone operating system and its access control permission mechanisms cannot detect any malware behavior. In this paper, new software behavior-based anomaly detection system is proposed to detect anomaly caused by malware. It works by analyzing anomalies on power consumption, battery temperature and network traffic data using machine learning classification...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.