Results 1 - 10
of
86
Crowdroid: Behavior-Based Malware Detection System for Android
"... The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware analysis on this platform an urgent issue. In this paper we capitalize on earlier approaches for dynamic analysis of application behavior as a means f ..."
Abstract
-
Cited by 83 (0 self)
- Add to MetaCart
(Show Context)
The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware analysis on this platform an urgent issue. In this paper we capitalize on earlier approaches for dynamic analysis of application behavior as a means for detecting malware in the Android platform. The detector is embedded in a overall framework for collection of traces from an unlimited number of real users based on crowdsourcing. Our framework has been demonstrated by analyzing the data collected in the central server using two types of data sets: those from artificial malware created for test purposes, and those from real malware found in the wild. The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware. This shows the potential for avoiding the spreading of a detected malware to a larger community.
Towards taming privilege-escalation attacks on Android
- In Proceedings of the 19th Annual Network & Distributed System Security Symposium
, 2012
"... Android’s security framework has been an appealing sub-ject of research in the last few years. Android has been shown to be vulnerable to application-level privilege esca-lation attacks, such as confused deputy attacks, and more recently, attacks by colluding applications. While most of the proposed ..."
Abstract
-
Cited by 78 (8 self)
- Add to MetaCart
(Show Context)
Android’s security framework has been an appealing sub-ject of research in the last few years. Android has been shown to be vulnerable to application-level privilege esca-lation attacks, such as confused deputy attacks, and more recently, attacks by colluding applications. While most of the proposed approaches aim at solving confused deputy at-tacks, there is still no solution that simultaneously addresses collusion attacks. In this paper, we investigate the problem of designing and implementing a practical security framework for Android to protect against confused deputy and collusion attacks. We realize that defeating collusion attacks calls for a rather system-centric solution as opposed to application-dependent policy enforcement. To support our design decisions, we conduct a heuristic analysis of Android’s system behavior (with popular apps) to identify attack patterns, classify dif-ferent adversary models, and point out the challenges to be tackled. Then we propose a solution for a system-centric and policy-driven runtime monitoring of communication chan-nels between applications at multiple layers: 1) at the mid-dleware we control IPCs between applications and indirect communication via Android system components. Moreover, inspired by the approach in QUIRE, we establish semantic links between IPCs and enable the reference monitor to ver-ify the call-chain; 2) at the kernel level we realize mandatory access control on the file system (including Unix domain sockets) and local Internet sockets. To allow for runtime, dynamic low-level policy enforcement, we provide a callback channel between the kernel and the middleware. Finally, we evaluate the efficiency and effectiveness of our framework on known confused deputy and collusion attacks, and discuss future directions. 1.
Thinkair: Dynamic resource allocation and parallel execution in the cloud for mobile code offloading
- in INFOCOM, 2012 Proceedings IEEE. IEEE, 2012
"... Smartphones have exploded in popularity in recent years, becoming ever more sophisticated and capable. As a result, developers worldwide are building increasingly complex appli-cations that require ever increasing amounts of computational power and energy. In this paper we propose ThinkAir, a framew ..."
Abstract
-
Cited by 66 (7 self)
- Add to MetaCart
(Show Context)
Smartphones have exploded in popularity in recent years, becoming ever more sophisticated and capable. As a result, developers worldwide are building increasingly complex appli-cations that require ever increasing amounts of computational power and energy. In this paper we propose ThinkAir, a framework that makes it simple for developers to migrate their smartphone applications to the cloud. ThinkAir exploits the concept of smartphone virtualization in the cloud and provides method-level computation offloading. Advancing on previous work, it focuses on the elasticity and scalability of the cloud and enhances the power of mobile cloud computing by parallelizing method execution using multiple virtual machine (VM) images. We implement ThinkAir and evaluate it with a range of benchmarks starting from simple micro-benchmarks to more complex applications. First, we show that the exe-cution time and energy consumption decrease two orders of magnitude for a N-queens puzzle application and one order of magnitude for a face detection and a virus scan application. We then show that a parallelizable application can invoke multiple VMs to execute in the cloud in a seamless and on-demand manner such as to achieve greater reduction on execution time and energy consumption. We finally use a memory-hungry image combiner tool to demonstrate that applications can dynamically request VMs with more computational power in order to meet their computational requirements. I.
Vision: automated security validation of mobile apps at app markets
- in Proceedings the second international workshop on Mobile cloud computing and services, ser. MCS
"... Smartphones and “app ” markets are raising concerns about how third-party applications may misuse or improperly handle users’ privacy-sensitive data. Fortunately, unlike in the PC world, we have a unique opportunity to improve the security of mobile applications thanks to the centralized nature of a ..."
Abstract
-
Cited by 46 (2 self)
- Add to MetaCart
(Show Context)
Smartphones and “app ” markets are raising concerns about how third-party applications may misuse or improperly handle users’ privacy-sensitive data. Fortunately, unlike in the PC world, we have a unique opportunity to improve the security of mobile applications thanks to the centralized nature of app distribution through popular app markets. Thorough validation of apps applied as part of the app market admission process has the potential to significantly enhance mobile device security. In this paper, we propose AppInspector, an automated security validation system that analyzes apps and generates reports of potential security and privacy violations. We describe our vision for making smartphone apps more secure through automated validation and outline key challenges such as detecting and analyzing security and privacy violations, ensuring thorough test coverage, and scaling to large numbers of apps.
Using probabilistic generative models for ranking risks of android apps
- In ACM CCS
, 2012
"... One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it pre ..."
Abstract
-
Cited by 37 (0 self)
- Add to MetaCart
(Show Context)
One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone ” fashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scor-ing schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Ex-perimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing ap-proaches, and that Naive Bayes models give a promising risk scor-ing approach.
Droidapiminer: Mining api-level features for robust malware detection in android,” in
- Proc. of International Conference on Security and Privacy in Communication Networks (SecureComm),
, 2013
"... ..."
(Show Context)
Drebin: Effective and explainable detection of android malware in your pocket
, 2014
"... Malicious applications pose a threat to the security of the Android platform. The growing amount and diversity of these applications render conventional defenses largely ineffective and thus Android smartphones often remain un-protected from novel malware. In this paper, we propose DREBIN, a lightwe ..."
Abstract
-
Cited by 18 (0 self)
- Add to MetaCart
(Show Context)
Malicious applications pose a threat to the security of the Android platform. The growing amount and diversity of these applications render conventional defenses largely ineffective and thus Android smartphones often remain un-protected from novel malware. In this paper, we propose DREBIN, a lightweight method for detection of Android malware that enables identifying malicious applications di-rectly on the smartphone. As the limited resources impede monitoring applications at run-time, DREBIN performs a broad static analysis, gathering as many features of an ap-plication as possible. These features are embedded in a joint vector space, such that typical patterns indicative for malware can be automatically identified and used for ex-plaining the decisions of our method. In an evaluation with 123,453 applications and 5,560 malware samples DREBIN outperforms several related approaches and detects 94% of the malware with few false alarms, where the explana-tions provided for each detection reveal relevant properties of the detected malware. On five popular smartphones, the method requires 10 seconds for an analysis on average, ren-dering it suitable for checking downloaded applications di-rectly on the device. 1
PlaceRaider: Virtual theft in physical spaces with smartphones
- in Network and Distributed System Security Symposium
, 2013
"... Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘lis ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen ’ for spoken credit card numbers through the micro-phone, or ‘feel ’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see ’ through a camera have been understudied. This paper introduces PlaceRaider, a novel ‘visual malware’ that allows remote attackers to engage in remote reconnais-sance and what we call “virtual theft. ” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial doc-uments, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware. I.
To Offload or Not to Offload? The Bandwidth and Energy Costs of Mobile Cloud Computing
- in Proc. of IEEE Infocom, 2013. 0018-9340 (c) 2015 IEEE. Personal
"... Abstract—The cloud seems to be an excellent companion of mobile systems, to alleviate battery consumption on smartphones and to backup user’s data on-the-fly. Indeed, many recent works focus on frameworks that enable mobile computation offloading to software clones of smartphones on the cloud and on ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
(Show Context)
Abstract—The cloud seems to be an excellent companion of mobile systems, to alleviate battery consumption on smartphones and to backup user’s data on-the-fly. Indeed, many recent works focus on frameworks that enable mobile computation offloading to software clones of smartphones on the cloud and on designing cloud-based backup systems for the data stored in our devices. Both mobile computation offloading and data backup involve communication between the real devices and the cloud. This communication does certainly not come for free. It costs in terms of bandwidth (the traffic overhead to communicate with the cloud) and in terms of energy (computation and use of network interfaces on the device). In this work we study the feasibility of both mobile compu-tation offloading and mobile software/data backups in real-life scenarios. In our study we assume an architecture where each real device is associated to a software clone on the cloud. We consider two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of user’s data and apps is needed. We give a precise evaluation of the feasibility and costs of both off-clones and back-clones in terms of bandwidth and energy consumption on the real device. We achieve this through measurements done on a real testbed of 11 Android smartphones and an equal number of software clones running on the Amazon EC2 public cloud. The smartphones have been used as the primary mobile by the participants for the whole experiment duration. I.
A Survey of Mobile Cloud Computing Application Models
"... Abstract—Smartphones are now capable of supporting a wide range of applications, many of which demand an ever increasing computational power. This poses a challenge because smartphones are resource-constrained devices with limited computation power, memory, storage, and energy. Fortunately, the clou ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Smartphones are now capable of supporting a wide range of applications, many of which demand an ever increasing computational power. This poses a challenge because smartphones are resource-constrained devices with limited computation power, memory, storage, and energy. Fortunately, the cloud computing technology offers virtually unlimited dynamic resources for computation, storage, and service provision. Therefore, researchers envision extending cloud computing services to mobile devices to overcome the smartphones constraints. The challenge in doing so is that the traditional smartphone application models do not support the development of applications that can incorporate cloud computing features and requires specialized mobile cloud application models. This article presents mobile cloud architecture, offloading decision affecting entities, application models classification, the latest mobile cloud application models, their critical analysis and future research directions.
