The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Detecting zero-day sophisticated malware is like searching for a needle in the haystack, not knowing what the needle looks like. This paper describes Android Malicious Flow Visualization Toolbox that empowers a human analyst to detect such malware. Detecting sophisticated malware requires systematic exploration of the code to identify potentially malignant code, conceiving plausible malware hypotheses,...
Countless various malware families provide huge variety of functionalities which allow them to do many malicious activities. This conditions led to development of many different analysis methods. In this paper, we focused on reverse engineering, which is elementary part of static analysis. We evaluate current Java bytecode decompilers. We evaluate the output from current Java bytecode decompilers...
Cross Site Scripting (XSS) vulnerability acts as one of the chief widespread security issues in web applications. By reviewing the literature pertaining to XSS vulnerability, it has been found that many investigations have directed their energy only on XSS vulnerability detection, but not many studies have concentrated on removing XSS vulnerability. This paper embed the removal stage of XSS vulnerability...
Android has a large share in the mobile apps market which makes it attractive for both malicious and good developers. Online apps markets, despite their vetting procedures, still admit malicious apps that could be downloaded mistakenly by mobile users. Detecting Android malwares has been studied by many researchers using different approaches and techniques. The vast majority of them though were focused...
Malware is a widespread problem and despite the common use of anti-virus software, the diversity of malware is still increasing. A major challenge facing the anti-virus industry is how to effectively detect thousands of malware samples that are received every day. In this paper, a novel approach based Run Length Encoding (RLE) algorithm and n-gram are proposed to improve malware detect on dynamic...
The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be...
With the yearly increase of the amount of Android users, malicious applications for mobile terminals are emerging in endlessly. Many researchers have started to explore how malicious apps are detected from the perspective of network traffic. We design and implement a control and management system of Android traffic collection, which contains the functions of downloading APKs, malware static detection,...
Android represents the most widespread mobile environment. This increasing diffusion is the reason why attackers are attracted to develop malware targeting this platform. Malware writers usually use code obfuscation techniques in order to evade the current antimalware detection and to generate new malware variants. These techniques make code programs harder to understand and they change the signature...
Ransomware has become the most threatening malware which takes out money from their victims by threatening them that they have been caught accessing illegal websites or in other illegitimate activities. Ransomware has not spared even a single operating system. Windows, IOS, Android and even Linux have been attacked by ransomware and none of them was able to protect its users from its threat. Since...
the field of computer security faces numerous vulnerabilities which cause network resources to become unavailable and violate systems confidentiality and integrity. Malicious software (Malware) has become one of the most serious security threats on the Internet. Malware is a widespread problem and despite the common use of anti-virus software, the diversity of malware is still increasing. A major...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
Android platform implements permissions to guard sensitive information from untrusted apps. Android's permission system agreements an all-or-nothing choice when installing an app in smart phones. However, after permissions are approved by users at installation time, applications can use these permissions with no further restrictions to access personal information. Thus, contemporary years have perceived...
Malware, a significant threat to maintain a healthy Android ecosystem, always receives considerable attentions. This paper proposes a new dynamic Android malware classification approach by constructing and analyzing the dynamic behavior dependency graphs together with both framework-level function call behaviors and their data dependencies. Features are extracted from behavior graphs of different...
Malicious apps may install unwanted program or gather sensitive information from mobile devices. We notice Android apps fork several threads to accomplish a complex task intrinsically, and so does Android malware, that makes security experts difficult to analyze them without knowing their structure. In this paper, we propose an analysis scheme to group and analyze Android malware based on their dynamic...
Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features...
The threats of smartphone security are mostly from the privacy disclosure and malicious chargeback software which deducting expenses abnormally. They exploit the vulnerabilities of previous permission mechanism to attack to mobile phones, and what's more, it might call hardware to spy privacy invisibly in the background. As the existing Android operating system doesn't support users the monitoring...
The desire to understand mobile applications has resulted in researchers adapting classical static analysis techniques to the mobile domain. Examination of data and control flows in Android apps is now a common practice to classify them. Important to these analyses is a fine-grained examination and understanding of strings, since in Android they are heavily used in intents, URLs, reflection, and content...
Information flow monitoring has been mostly used to detect privacy leaks. In a previous work, we showed that they can also be used to characterize Android malware behaviours and in the current one we show that these flows can also be used to detect and identify Android malware. The characterization consists in computing automatically System Flow Graphs that describe how a malware disseminates its...
An applet that performs an action against the will of the user who invoked it should be considered malicious. A malicious applet is applet that attacks the local system of a Web surfer. They can even seriously damage a Java user's machine. The problem of malicious Java applets, that is currently not well addressed by existing work. We have developed a tool for malicious Java applets, which we call...
In recent years, zero-day attacks that exploit software vulnerabilities before they can be covered by hotfix deployments have become increasingly serious. And it has become very dangerous to leave such vulnerabilities uncovered because they may permit unauthorized access or malware infection. Additionally, hotfixes of software that manufacturers have stopped support will not be distributed. Because...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.