The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Android malware authors use sophisticated techniques to hide the malicious intent of their applications. They use cryptography or obfuscation techniques to avoid detection during static analysis. They can also avoid detection during a dynamic analysis. Frequently, the malicious execution is postponed as long as the malware is not convinced that it is running in a real smartphone of a real user. However,...
Increased use of Android devices and its open source development framework has attracted many digital crime groups to use Android devices as one of the key attack surfaces. Due to the extensive connectivity and multiple sources of network connections, Android devices are most suitable to botnet based malware attacks. The research focuses on developing a cloud-based Android botnet malware detection...
Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. Attackers profile the information on the user's environment such as the name and version of the browser and browser plugins and launch a drive-by download attack on only certain targets by changing the destination URL. When...
Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely...
Android applications are widely used by millions of users to perform many activities. Unfortunately, legitimate and popular applications are targeted by malware authors and they repackage the existing applications by injecting additional code intended to perform malicious activities without the knowledge of end users. Thus, it is important to validate applications for possible repackaging before their...
Android is a very attractive platform for malware developers because it is widely used. There is a need to understand how malware works and how it can exploit a system's security architecture. To do so, this work decompiles Android malware applications to study their source code and to look for patterns, regarding instructions, method calls, and permission usage. The goal is to define a set of instruction-based...
The objective of Malicious Remote Code Execution Exploits is to remotely execute code transparently to the user, and without relying on user interaction, in order to infect targeted machines. This comparative study examines the effectiveness of different proactive exploit mitigation technologies included in popular endpoint security products and specialized anti-exploit tools. The study focuses on...
Malicious Java applets are widely used to deliver malicious software to remote systems. In this work, we present HoneyAgent which allows for the dynamic analysis of Java applets, bypassing common obfuscation techniques. This enables security researchers to quickly comprehend the functionality of an examined applet and to unveil malicious behavior. In order to trace the behavior of a sample as far...
Android, being an open source smartphone operating system, enjoys a large community of developers who create new mobile services and applications. However, it also attracts malware writers to exploit Android devices in order to distribute malicious apps in the wild. In fact, Android malware are becoming more sophisticated and they use advanced “dynamic loading” techniques like Java reflection or native...
In this paper, we present an approach to comparing control flow graphs of binary programs by matching their basic blocks. We first set up an initial match and propagate it to reach a stable state. We consider the matched pairs to identify overall similarities. To evaluate the proposed method, we perform experiments on real-world Java applications, and compare their performance with previous structural...
Over the last few years, exploit kits have been increasingly used for system compromise and malware propagation. As they target the web browser which is one of the most commonly used software in the Internet era, exploit kits have become a major concern of security community. In this paper, we propose a proactive approach to protecting vulnerable systems from this prevalent cyber threat. Our technique...
Topics include the biggest distributed denial-of-service ever measured, the IPv4 address shortage, the cooling of supercomputers by immersing them in liquid, a report naming Java as the leading malware target, a new headset that beams video directly into users' eyes, an ear-based computer controlled by facial movements, software that makes cloud operations more efficient, new technology that lets...
When it comes to security risks, especially malware, Mac OS X has the questionable reputation of being inherently safe. While there is a substantial body of research and implementations dealing with malware on Windows and, more recently, Android systems, Mac OS X has received little attention so far. To amend this shortcoming, we built a Mac OS X based high-interaction honeypot and used it to evaluate...
It is well known that malware (worms, botnets, etc…) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then...
Software Assurance Metrics and Tool Evaluation (SAMATE) is a broad, inclusive project at the U.S. National Institute of Standards and Technology (NIST) with the goal of improving software assurance by developing materials, specifications, and methods to test tools and techniques and measure their effectiveness. We review some SAMATE sub-projects: web application security scanners, malware research...
We will focus in this paper to improve the level of intrusion detection system (IDS). This improvement is based on three research areas: classification of attacks, generation of attack scenarios and finally evaluation methods. We will discuss in this article the second area, which consists on the research of meaningful scenarios in order to minimize false and positive alerts reported by an IDS. We...
Ensuring users with a safe web experience has become a critical problem recently as fraud and privacy infringement on the Internet are becoming current. Web-scripting-based malware is also intensively used to carry out longer-term exploitation such as XSS worms or botnets, and server-side countermeasures are often ineffective against such threats while client-side ones seldom deal with the problem...
In this paper we apply Machine Learning (ML) techniques on static features that are extracted from Android's application files for the classification of the files. Features are extracted from Android's Java byte-code (i.e.,.dex files) and other file types such as XML-files. Our evaluation focused on classifying two types of Android applications: tools and games. Successful differentiation between...
Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.