Stateful Detection Of Stealthy Behaviors In Android Apps

DOWNLOAD

Download Stateful Detection Of Stealthy Behaviors In Android Apps PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Stateful Detection Of Stealthy Behaviors In Android Apps book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages. If the content not found or just blank you must refresh this page

Stateful Detection Of Stealthy Behaviors In Android Apps

DOWNLOAD
Author : Mohsin Junaid
language : en
Publisher:
Release Date : 2019

Stateful Detection Of Stealthy Behaviors In Android Apps written by Mohsin Junaid and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2019 with Computer crimes categories.

The number of smartphones has increased greatly during the last few years. Among the popular mobile operating systems (such as iOS and Android) installed on these devices, Android captures most of the mobile market share. This also puts Android OS in a spotlight to attract malware attacks. A recent study shows that for the last two years, more than ∼99% of the mobile malware targeted Android OS [1]. Examples of such attacks are leakage of privacy-sensitive data available on the devices (such as phone number, contacts, photos, and SMS and call logs), recording audio and video files, silently making phone calls in the background, and encrypting device files. Many of them are profit-oriented (i.e., sending SMS to premium rate numbers can cause unexpected higher monthly bills for the users). Driven by the rich profit, the malware attacks are also becoming stealthier over time to maximize the long-term payoffs. A stealthy attack typically takes extra precautionary measures to stay undetected for a longer period of time. There are two types of stealthy attacks based on how stealth is achieved: (1) Type 1 attacks use hidden or uncommon program flows of Android apps to exhibit their malicious behaviors. (2) Type 2 attacks launch additional actions to hide their intended malicious behaviors. For example, the infamous Android.HeHe malware [2] carefully takes three actions to silently block incoming phone calls: that is, it mutes ringer just before the incoming call is notified on the device, blocks the phone call, and unmutes the ringer after call blocking. To combat such attacks, researchers have developed numerous techniques based on static analysis. Static analysis detects malicious behaviors by analyzing the app code without execution. It represents program logic in some model (such as a control flow graph)and analyzes the model to detect possible attacks. The effectiveness of a static analysis tool relies on three key elements: (i) the app model representing app behaviors, (ii) the attack model representing attack behaviors, and (iii) the attack detection algorithm which analyzes the app model. If any of the models and/or the algorithm is inadequate, then sophisticated attacks such as stealthy attacks discussed above cannot be detected. To this end, this dissertation develops methods to accurately model app and attack behaviors, and, based on those models, improves analysis algorithms to effectively detect malicious behaviors inAndroid apps. More specifically, the dissertation proposes two static analysis frameworks called Dexteroid and StateDroid to achieve these goals. The former identifies many hidden program flows and based on them, analyzes Android apps to detect malicious behaviors including type 1 stealthy attacks. The latter focuses on modeling of malware attacks and developing analysis techniques to detect the attacks such as type 2 stealthy attacks. Dexteroid identifies hidden program flows in Android apps by performing reverse engineering on life cycle models of Android components. The components are building blocks of Android apps and life cycle models describe components' behaviors. Dexteroid represents the reverse-engineered life cycle models as state machines and drives from the mall program flows which consist of component callback methods. The callback methods are analyzed to detect malicious behaviors, including those that are launched through hidden program flows. A prototype of Dexteroid is implemented as a static taint analysis tool. A novel implementation of taint analysis which maintains up to date values and states of program variables through symbol tables allows Dexteroid to detect many attacks with high accuracy. Current implementation detects two attacks: (1) leakage of private information, and (2) sending SMS to premium-rate numbers. Evaluation results on a Google Play and Genome Malware apps show that the proposed framework is effective and efficient in terms of precision, recall, and execution time. StateDroid focuses on detecting type 2 stealthy attacks which typically execute multiple actions to launch and hide their malicious behaviors. To detect them, the framework presents novel techniques, based on state machines, to construct accurate attack behaviors. An attack, represented by an attack state machine (ASM), has states and transitions; state represents status of the attack, and transition represents the executed action. The framework first detects actions of an attack, and then uses them with an ASM to detect the attack. Given an Android app as an input, StateDroid performs fine-grained static analysis and reports various detected stealthy behaviors (in one pass), including but not limited to sending SMS message, blocking phone call, removing app icon from launcher menu, recording an audio or video file, and setting device ringer to silent mode. A prototype of StateDroid framework is implemented, and evaluated extensively with ground truth dataset,1505 Google Play apps, and 1369 malicious apps including 94 notorious ransom ware apps. The experimental results demonstrate the efficacy and generality of StateDroid. The success of StateDroid will enable broader adoptions of formal methods in cyber defense.

Cybersecurity And Identity Access Management

DOWNLOAD
Author : Bharat S. Rawal
language : en
Publisher: Springer Nature
Release Date : 2022-06-28

Cybersecurity And Identity Access Management written by Bharat S. Rawal and has been published by Springer Nature this book supported file pdf, txt, epub, kindle and other format this book has been release on 2022-06-28 with Technology & Engineering categories.

This textbook provides a comprehensive, thorough and up-to-date treatment of topics in cyber security, cyber-attacks, ethical hacking, and cyber crimes prevention. It discusses the different third-party attacks and hacking processes which a poses a big issue in terms of data damage or theft. The book then highlights the cyber security protection techniques and overall risk assessments to detect and resolve these issues at the beginning stage to minimize data loss or damage. This book is written in a way that it presents the topics in a simplified holistic and pedagogical manner with end-of chapter exercises and examples to cater to undergraduate students, engineers and scientists who will benefit from this approach.

Computer And Information Security Handbook 2 Volume Set

DOWNLOAD
Author : John R. Vacca
language : en
Publisher: Elsevier
Release Date : 2024-08-28

Computer And Information Security Handbook 2 Volume Set written by John R. Vacca and has been published by Elsevier this book supported file pdf, txt, epub, kindle and other format this book has been release on 2024-08-28 with Mathematics categories.

Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applications and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cyber Security for the Smart City and Smart Homes, Cyber Security of Connected and Automated Vehicles, and Future Cyber Security Trends and Directions, the book now has 104 chapters in 2 Volumes written by leading experts in their fields, as well as 8 updated appendices and an expanded glossary.Chapters new to this edition include such timely topics as Threat Landscape and Good Practices for Internet Infrastructure, Cyber Attacks Against the Grid Infrastructure, Threat Landscape and Good Practices for the Smart Grid Infrastructure, Energy Infrastructure Cyber Security, Smart Cities Cyber Security Concerns, Community Preparedness Action Groups for Smart City Cyber Security, Smart City Disaster Preparedness and Resilience, Cyber Security in Smart Homes, Threat Landscape and Good Practices for Smart Homes and Converged Media, Future Trends for Cyber Security for Smart Cities and Smart Homes, Cyber Attacks and Defenses on Intelligent Connected Vehicles, Cyber Security Issues in VANETs, Use of AI in Cyber Security, New Cyber Security Vulnerabilities and Trends Facing Aerospace and Defense Systems, and much more. - Written by leaders in the field - Comprehensive and up-to-date coverage of the latest security technologies, issues, and best practices - Presents methods for analysis, along with problem-solving techniques for implementing practical solutions

Permission And Behavior Based Malware Detection Of Android Apps

DOWNLOAD
Author : Neha Gupta
language : en
Publisher:
Release Date : 2017-07-21

Permission And Behavior Based Malware Detection Of Android Apps written by Neha Gupta and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2017-07-21 with categories.

Detecting Privacy Leaks Through Existing Android Frameworks

DOWNLOAD
Author : Parul Khanna
language : en
Publisher:
Release Date : 2017

Detecting Privacy Leaks Through Existing Android Frameworks written by Parul Khanna and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2017 with categories.

The Android application ecosystem has thrived, with hundreds of thousands of applications (apps) available to users; however, not all of them are safe or privacy-friendly. Analyzing these many apps for malicious behaviors is an important but challenging area of research as malicious apps tend to use prevalent stealth techniques, e.g., encryption, code transformation, and other obfuscation approaches to bypass detection. Academic researchers and security companies have realized that the traditional signature-based and static analysis methods are inadequate to deal with this evolvingthreat. In recent years, a number of static and dynamic code analysis proposals for analyzing Android apps have been introduced in academia and in the commercial world. Moreover, as a single detection approach may be ineffective against advanced obfuscation techniques, multiple frameworks for privacy leakage detection have been shown to yield better results when used in conjunction. In this dissertation, our contribution is two-fold. First, we organize 32 of the most recent and promising privacy-oriented proposals on Android apps analysis into two categories: static and dynamic analysis. For each category, we survey the state of-the-art proposals and provide a high-level overview of the methodology they rely on to detect privacy-sensitive leakages and app behaviors. Second, we choose one popular proposal from each category to analyze and detect leakages in 5,000 Android apps. Our toolchain setup consists of IntelliDroid (static) to find and trigger sensitive API (Application Program Interface) calls in target apps and leverages TaintDroid (dynamic) to detect leakages in these apps. We found that about 33%of the tested apps leak privacy-sensitive information over the network (e.g., IMEI, location, UDID), which is consistent with existing work. Furthermore, we highlight the efficiency of combining IntelliDroid and TaintDroid in comparison with Android Monkey and TaintDroid as used in most prior work. We report an overall increase in the frequency of leakage of identifiers. This increase may indicate that IntelliDroid is a better approach over Android Monkey.

Detecting And Characterizing Self Hiding Behavior In Android Applications

DOWNLOAD
Author : Raina Samuel
language : en
Publisher:
Release Date : 2018

Detecting And Characterizing Self Hiding Behavior In Android Applications written by Raina Samuel and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2018 with categories.

Applications (apps) that conceal their activities are fundamentally deceptive; app marketplaces and end-users should treat such apps as suspicious. However, due to its nature and intent, activity concealing is not disclosed up-front, which puts users at risk. This study focuses on characterization and detection of such techniques, e.g., hiding the app or removing traces, known as 'self hiding' (SH) behavior. SH behavior has not been studied per se - rather it has been reported on only as a byproduct of malware investigations. This gap is addressed via a study and suite of static analyses targeted at SH in Android apps.

Detecting Stealthy Malware Using Behavioral Features In Network Traffic

DOWNLOAD
Author : Ting-Fang Yen
language : en
Publisher:
Release Date : 2011

Detecting Stealthy Malware Using Behavioral Features In Network Traffic written by Ting-Fang Yen and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2011 with categories.

Vulnerability Detection Approaches On Application Behaviors In Mobile Environment

DOWNLOAD
Author : Abdellah OUAGUID
language : en
Publisher:
Release Date : 2022

Vulnerability Detection Approaches On Application Behaviors In Mobile Environment written by Abdellah OUAGUID and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2022 with categories.

Several solutions ensuring the dynamic detection of malicious activities on Android ecosystem have been proposed. These are represented by generic rules and models that identify any purported malicious behavior. However, the approaches adopted are far from being effective in detecting malware (listed or not) and whose form and behavior are likely to be different depending on the execution environment or the design of the malware itself (polymorphic for example). An additional difficulty is added when these approaches are unable to capture, analyze, and classify all the execution paths incorporated in the analyzed application earlier. This suggests that the functionality of the analyzed application can constitute a potential risk but never explored or revealed. We have studied some malware detection techniques based on behavioral analysis of applications. The description, characteristics, and results obtained from each technique are presented in this article wherein we have also highlighted some open problems, challenges as well as the different possible future directions of research concerning behavioral analysis of malware.

Multi Level Sandboxing Techniques For Execution Based Stealthy Malware Detection

DOWNLOAD
Author : Lei Liu
language : en
Publisher:
Release Date : 2011

Multi Level Sandboxing Techniques For Execution Based Stealthy Malware Detection written by Lei Liu and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2011 with Anomaly detection (Computer security) categories.

These days all kinds of malware are pervasive on the Internet. Compared to their ancestors that were commonly used for vandalism or demonstration of skills, modern malware, such as Bots, are driven by the underground economics. Often consisting of hundreds to thousands of bots, botnets are one of the most serious threats on the Internet, responsible for various attacks, such as spamming and distributed denial of service (DDoS). As web browsers are the main interface for the majority of Internet users to surf the Internet today, many of such stealthy malware seek to invade via web browsers in the form of browser helper objects (BHO) and browser toolbars. To defend against Internet malware, existing schemes mainly rely on either signature-based or anomaly-based detection approaches. Signature-based detection is effective for known malware if the malware signature has been generated. However, the effectiveness of signature-based schemes is challenged by polymorphism, metamorphism, obfuscation, encryption, and other techniques. Moreover, signature-based schemes do not work for zero-day (or unknown) malware. On the other hand, anomaly-based detection schemes seek to detect behavior patterns that do not conform to the established normal patterns. Anomaly-based detection schemes do not require malware signatures. However, modern computer software and systems are often complicated, building and analyzing a comprehensive behavior model is time consuming and even impractical. To overcome these challenges, we propose a novel execution-based approach for stealthy malware detection. In order to facilitate such run-time detection, we aim to design and implement multi-level sandboxing techniques to create controlled running environments to execute testing programs so that their behaviors can be closely observed and analyzed. First, we leverage virtual machines for OS-level sandboxing to detect bots on individual hosts. By cloning the host image to a virtual machine and screening user input on the virtual machine, the detection noise is significantly reduced. We find that a typical bot exhibits three invariant features along its onset: (1) the startup of a bot is automatic without requiring any user actions; (2) a bot must establish a command and control channel with its botmaster; and (3) a bot will perform local or remote attacks sooner or later. These invariants indicate three indispensable phases (startup, preparation, and attack) for a bot attack. Thus, we propose BotTracer to detect these three phases with the assistance of OS-level sandboxing techniques. To validate BotTracer, we implement a prototype of BotTracer based on VMware. The results show that BotTracer can successfully detect all the bots in the experiments. However, BotTracer may slightly degrade the user performance. Furthermore, advanced malware could evade BotTracer by performing virtual machine fingerprinting. Second, to overcome the limitations of OS-level sandboxes, we build Malyzer based on process-level sandboxes for malware detection. The key of Malyzer is to defeat malware anti-detection mechanisms at startup and runtime so that malware behaviors during execution can be accurately captured and distinguished. For analysis, Malyzer always starts a copy, referred to as a shadow process, of any suspicious process in the process-level sandbox by defeating all startup anti-detection mechanisms employed in the suspicious process. To defeat internal runtime anti-detection attempts, Malyzer further makes this shadow process mutually invisible to the original suspicious process. To defeat external anti-detection at- tempts, Malyzer makes as if the shadow process runs on a different machine to the outside. Since ultimately malware will conduct local information harvesting or dispersion, Malyzer constantly monitors the shadow processs behaviors and adopts a hybrid scheme for its behavior analysis. In our experiments, Malyzer can accurately detect all malware samples that employ various anti-detection techniques. Lastly, to detect and contain malicious browser plugins, we develop sePlugin with intraprocess sandboxing techniques. With an intra-process sandbox, only plugins are closely monitored for misbehavior detection without confining the entire process. This further reduces the detection overhead while maintaining transparency to end-users. Based on intra-process sandboxing techniques, we build sePlugin to enhance the security of a browser by enforcing security policies on plugins' accessing requests to the browser's internal objects and external system-level resources, such as file systems and network interfaces. sePlugin deals with both native and .NET-based plugins and its unique design renders it possible xii to work with commodity web browsers without requiring any modifications to the legacy browser architecture or plugin code. We implement sePlugin in Windows XP and IE8.