The Experts below are selected from a list of 7734 Experts worldwide ranked by ideXlab platform
Anil Somayaji - One of the best experts on this subject based on the ideXlab platform.
-
The Malware author testing challenge
2014 Second Workshop on Anti-malware Testing Research (WATeR), 2014Co-Authors: Tarun Moni, Sameer Salahudeen, Anil SomayajiAbstract:Attackers regularly evaluate anti-Malware Software to see whether or not their Malware will be detected. This attacker-driven anti-Malware testing is something defenders would ideally want to limit. Given that anti-Malware products must be widely distributed to be commercially viable, it is not feasible to prevent attackers from running them. Here we examine whether it may be possible to instead limit the effectiveness of attacker tests. Specifically, we present a game-theoretic model of anti-Malware testing where detection timeliness and coverage are parameters that can be adjusted by anti-Malware providers. The less coverage and the slower the response, the harder it is for attackers to determine whether their Malware will be detected-and the less protection the Software provides to hosts running the anti-Malware Software. While our results are preliminary, they suggest that it is clearly non-optimal for anti-Malware vendors to simply maximize coverage and detection time. As we explain, this result has significant implications for product design and (non-malicious) anti-Malware testing methodologies.
-
ACM Conference on Computer and Communications Security - A clinical study of risk factors related to Malware infections
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13, 2013Co-Authors: Fanny Lalonde Levesque, Jose M Fernandez, Sonia Chiasson, Jude Jacob Nsiempba, Anil SomayajiAbstract:The success of malicious Software (Malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of Malware attack and defense, there has been much less research reporting on how human behavior interacts with both Malware and current Malware defenses. In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-Malware) Software, and Malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security Software through long-term field studies with greater ecological validity than can be achieved through other means.
-
methodology for a field study of anti Malware Software
Financial Cryptography, 2012Co-Authors: Fanny Lalonde Levesque, Carlton R Davis, Jose M Fernandez, Sonia Chiasson, Anil SomayajiAbstract:Anti-Malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-Malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.
-
Financial Cryptography Workshops - Methodology for a field study of anti-Malware Software
Financial Cryptography and Data Security, 2012Co-Authors: Fanny Lalonde Levesque, Carlton R Davis, Jose M Fernandez, Sonia Chiasson, Anil SomayajiAbstract:Anti-Malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-Malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.
Lifei Chen - One of the best experts on this subject based on the ideXlab platform.
-
A Hierarchical Approach for Android Malware Detection Using Authorization-Sensitive Features
Electronics, 2021Co-Authors: Chen Hui, Qingshan Jiang, Li Zhengqiang, Abdur Rasool, Lifei ChenAbstract:Android’s openness has made it a favorite for consumers and developers alike, driving strong app consumption growth. Meanwhile, its popularity also attracts attackers’ attention. Android Malware is continually raising issues for the user’s privacy and security. Hence, it is of great practical value to develop a scientific and versatile system for Android Malware detection. This paper presents a hierarchical approach to design a Malware detection system for Android. It extracts four authorization-sensitive features: basic blocks, permissions, Application Programming Interfaces (APIs), and key functions, and layer-by-layer detects Malware based on the similar module and the proposed deep learning model Convolutional Neural Network and eXtreme Gradient Boosting (CNNXGB). This detection approach focuses not only on classification but also on the details of the similarities between Malware Software. We serialize the key function in light of the sequence of API calls and pick up a similar module that captures the global semantics of Malware. We propose a new method to convert the basic block into a multichannel picture and use Convolutional Neural Network (CNN) to learn features. We extract permissions and API calls based on their called frequency and train the classification model by XGBoost. A dynamic similar module feature library is created based on the extracted features to assess the sample’s behavior. The model is trained by utilizing 11,327 Android samples collected from Github, Google Play, Fdroid, and VirusShare. Promising experimental results demonstrate a higher accuracy of the proposed approach and its potential to detect Android Malware attacks and reduce Android users’ security risks.
-
WI Workshops - Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs
2016 IEEE WIC ACM International Conference on Web Intelligence Workshops (WIW), 2016Co-Authors: Aaron Saas, Lifei Chen, Yanfang YeAbstract:With explosive growth of Android Malware and due to its damage to smart phone users (e.g., stealing user credentials, resource abuse), Android Malware detection is one of the cyber security topics that are of great interests. Currently, the most significant line of defense against Android Malware is anti-Malware Software products, such as Norton, Lookout, and Comodo Mobile Security, which mainly use the signature-based method to recognize threats. However, Malware attackers increasingly employ techniques such as repackaging and obfuscation to bypass signatures and defeat attempts to analyze their inner mechanisms. The increasing sophistication of Android Malware calls for new defensive techniques that are harder to evade, and are capable of protecting users against novel threats. In this paper, we propose a novel dynamic analysis method named Component Traversal that can automatically execute the code routines of each given Android application (app) as completely as possible. Based on the extracted Linux kernel system calls, we further construct the weighted directed graphs and then apply a deep learning framework resting on the graph based features for newly unknown Android Malware detection. A comprehensive experimental study on a real sample collection from Comodo Cloud Security Center is performed to compare various Malware detection approaches. Promising experimental results demonstrate that our proposed method outperforms other alternative Android Malware detection techniques. Our developed system Deep4MalDroid has also been integrated into a commercial Android anti-Malware Software.
-
malicious sequential pattern mining for automatic Malware detection
Expert Systems With Applications, 2016Co-Authors: Yujie Fan, Lifei ChenAbstract:An effective framework using sequence mining technique is proposed for automatic Malware detection.An efficient sequential pattern mining algorithm for discovering discriminative patterns between Malware and benign samples.A new nearest neighbor classifier as the detection module to identify unknown Malware.The strong results of the proposed framework compared with the existing Malware detection methods in detecting new malicious samples. Due to its damage to Internet security, Malware (e.g., virus, worm, trojan) and its detection has caught the attention of both anti-Malware industry and researchers for decades. To protect legitimate users from the attacks, the most significant line of defense against Malware is anti-Malware Software products, which mainly use signature-based method for detection. However, this method fails to recognize new, unseen malicious executables. To solve this problem, in this paper, based on the instruction sequences extracted from the file sample set, we propose an effective sequence mining algorithm to discover malicious sequential patterns, and then All-Nearest-Neighbor (ANN) classifier is constructed for Malware detection based on the discovered patterns. The developed data mining framework composed of the proposed sequential pattern mining method and ANN classifier can well characterize the malicious patterns from the collected file sample set to effectively detect newly unseen Malware samples. A comprehensive experimental study on a real data collection is performed to evaluate our detection framework. Promising experimental results show that our framework outperforms other alternate data mining based detection methods in identifying new malicious executables.
-
Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs
2016 IEEE WIC ACM International Conference on Web Intelligence Workshops (WIW), 2016Co-Authors: Aaron Saas, Lifei Chen, Yanfang YeAbstract:With explosive growth of Android Malware and due to its damage to smart phone users (e.g., stealing user credentials, resource abuse), Android Malware detection is one of the cyber security topics that are of great interests. Currently, the most significant line of defense against Android Malware is anti-Malware Software products, such as Norton, Lookout, and Comodo Mobile Security, which mainly use the signature-based method to recognize threats. However, Malware attackers increasingly employ techniques such as repackaging and obfuscation to bypass signatures and defeat attempts to analyze their inner mechanisms. The increasing sophistication of Android Malware calls for new defensive techniques that are harder to evade, and are capable of protecting users against novel threats. In this paper, we propose a novel dynamic analysis method named Component Traversal that can automatically execute the code routines of each given Android application (app) as completely as possible. Based on the extracted Linux kernel system calls, we further construct the weighted directed graphs and then apply a deep learning framework resting on the graph based features for newly unknown Android Malware detection. A comprehensive experimental study on a real sample collection from Comodo Cloud Security Center is performed to compare various Malware detection approaches. Promising experimental results demonstrate that our proposed method outperforms other alternative Android Malware detection techniques. Our developed system Deep4MalDroid has also been integrated into a commercial Android anti-Malware Software.
Yanfang Ye - One of the best experts on this subject based on the ideXlab platform.
-
WI Workshops - Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs
2016 IEEE WIC ACM International Conference on Web Intelligence Workshops (WIW), 2016Co-Authors: Aaron Saas, Lifei Chen, Yanfang YeAbstract:With explosive growth of Android Malware and due to its damage to smart phone users (e.g., stealing user credentials, resource abuse), Android Malware detection is one of the cyber security topics that are of great interests. Currently, the most significant line of defense against Android Malware is anti-Malware Software products, such as Norton, Lookout, and Comodo Mobile Security, which mainly use the signature-based method to recognize threats. However, Malware attackers increasingly employ techniques such as repackaging and obfuscation to bypass signatures and defeat attempts to analyze their inner mechanisms. The increasing sophistication of Android Malware calls for new defensive techniques that are harder to evade, and are capable of protecting users against novel threats. In this paper, we propose a novel dynamic analysis method named Component Traversal that can automatically execute the code routines of each given Android application (app) as completely as possible. Based on the extracted Linux kernel system calls, we further construct the weighted directed graphs and then apply a deep learning framework resting on the graph based features for newly unknown Android Malware detection. A comprehensive experimental study on a real sample collection from Comodo Cloud Security Center is performed to compare various Malware detection approaches. Promising experimental results demonstrate that our proposed method outperforms other alternative Android Malware detection techniques. Our developed system Deep4MalDroid has also been integrated into a commercial Android anti-Malware Software.
-
Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs
2016 IEEE WIC ACM International Conference on Web Intelligence Workshops (WIW), 2016Co-Authors: Aaron Saas, Lifei Chen, Yanfang YeAbstract:With explosive growth of Android Malware and due to its damage to smart phone users (e.g., stealing user credentials, resource abuse), Android Malware detection is one of the cyber security topics that are of great interests. Currently, the most significant line of defense against Android Malware is anti-Malware Software products, such as Norton, Lookout, and Comodo Mobile Security, which mainly use the signature-based method to recognize threats. However, Malware attackers increasingly employ techniques such as repackaging and obfuscation to bypass signatures and defeat attempts to analyze their inner mechanisms. The increasing sophistication of Android Malware calls for new defensive techniques that are harder to evade, and are capable of protecting users against novel threats. In this paper, we propose a novel dynamic analysis method named Component Traversal that can automatically execute the code routines of each given Android application (app) as completely as possible. Based on the extracted Linux kernel system calls, we further construct the weighted directed graphs and then apply a deep learning framework resting on the graph based features for newly unknown Android Malware detection. A comprehensive experimental study on a real sample collection from Comodo Cloud Security Center is performed to compare various Malware detection approaches. Promising experimental results demonstrate that our proposed method outperforms other alternative Android Malware detection techniques. Our developed system Deep4MalDroid has also been integrated into a commercial Android anti-Malware Software.
Qingshan Jiang - One of the best experts on this subject based on the ideXlab platform.
-
A Hierarchical Approach for Android Malware Detection Using Authorization-Sensitive Features
Electronics, 2021Co-Authors: Chen Hui, Qingshan Jiang, Li Zhengqiang, Abdur Rasool, Lifei ChenAbstract:Android’s openness has made it a favorite for consumers and developers alike, driving strong app consumption growth. Meanwhile, its popularity also attracts attackers’ attention. Android Malware is continually raising issues for the user’s privacy and security. Hence, it is of great practical value to develop a scientific and versatile system for Android Malware detection. This paper presents a hierarchical approach to design a Malware detection system for Android. It extracts four authorization-sensitive features: basic blocks, permissions, Application Programming Interfaces (APIs), and key functions, and layer-by-layer detects Malware based on the similar module and the proposed deep learning model Convolutional Neural Network and eXtreme Gradient Boosting (CNNXGB). This detection approach focuses not only on classification but also on the details of the similarities between Malware Software. We serialize the key function in light of the sequence of API calls and pick up a similar module that captures the global semantics of Malware. We propose a new method to convert the basic block into a multichannel picture and use Convolutional Neural Network (CNN) to learn features. We extract permissions and API calls based on their called frequency and train the classification model by XGBoost. A dynamic similar module feature library is created based on the extracted features to assess the sample’s behavior. The model is trained by utilizing 11,327 Android samples collected from Github, Google Play, Fdroid, and VirusShare. Promising experimental results demonstrate a higher accuracy of the proposed approach and its potential to detect Android Malware attacks and reduce Android users’ security risks.
-
A Similar Module Extraction Approach for Android Malware
DEStech Transactions on Computer Science and Engineering, 2018Co-Authors: Qiao Yanchen, Touhidul Hasan, Qingshan JiangAbstract:Android is the popular mobile operating system, and it has been attracting many developers and Malware Software authors into the field. It is becoming critical to identify the malicious program in the large count of mobile applications, whereas similarity comparison methods have been proposed earlier to detect Malware. However, most of the works focus on detecting malicious program from benign and Malware, and they did not consider the details of similarity between malicious programs. In this paper, we propose an approach based on key function call graph to extract similar module between Malware which could be used to detect malicious programs on Android platform. The proposed method employs Android system API call sequences to construct the similar module between two malicious programs. The experiments on real-world dataset demonstrate that the proposed approach is effective for extracting similar modules between Malware.
Fanny Lalonde Levesque - One of the best experts on this subject based on the ideXlab platform.
-
ACM Conference on Computer and Communications Security - A clinical study of risk factors related to Malware infections
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13, 2013Co-Authors: Fanny Lalonde Levesque, Jose M Fernandez, Sonia Chiasson, Jude Jacob Nsiempba, Anil SomayajiAbstract:The success of malicious Software (Malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of Malware attack and defense, there has been much less research reporting on how human behavior interacts with both Malware and current Malware defenses. In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-Malware) Software, and Malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security Software through long-term field studies with greater ecological validity than can be achieved through other means.
-
methodology for a field study of anti Malware Software
Financial Cryptography, 2012Co-Authors: Fanny Lalonde Levesque, Carlton R Davis, Jose M Fernandez, Sonia Chiasson, Anil SomayajiAbstract:Anti-Malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-Malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.
-
Financial Cryptography Workshops - Methodology for a field study of anti-Malware Software
Financial Cryptography and Data Security, 2012Co-Authors: Fanny Lalonde Levesque, Carlton R Davis, Jose M Fernandez, Sonia Chiasson, Anil SomayajiAbstract:Anti-Malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-Malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.
