EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion

Wei, Wenhong; Wang, Jie; Yan, Zheng; Ding, Wenxiu

doi:10.1016/j.inffus.2021.12.006

Cited by 23 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wei et al [ 37 ] introduced EPMDroid, which is a platform that leverages Intel SGX to guard against Android malware in a privacy-respecting manner. SGX are types of hardware-based trusted execution environments in which an arbitrary program can be executed in isolated and secure environments without compromising its confidentiality, even against privileged access such as OS and BIOS processes.…”

Section: Resultsmentioning

confidence: 99%

Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review

Ehsan

Çatal

Mishra

2022

Sensors

View full text Add to dashboard Cite

Smartphone adaptation in society has been progressing at a very high speed. Having the ability to run on a vast variety of devices, much of the user base possesses an Android phone. Its popularity and flexibility have played a major role in making it a target of different attacks via malware, causing loss to users, both financially and from a privacy perspective. Different malware and their variants are emerging every day, making it a huge challenge to come up with detection and preventive methodologies and tools. Research has spawned in various directions to yield effective malware detection mechanisms. Since malware can adopt different ways to attack and hide, accurate analysis is the key to detecting them. Like any usual mobile app, malware requires permission to take action and use device resources. There are 235 total permissions that the Android app can request on a device. Malware takes advantage of this to request unnecessary permissions, which would enable those to take malicious actions. Since permissions are critical, it is important and challenging to identify if an app is exploiting permissions and causing damage. The focus of this article is to analyze the identified studies that have been conducted with a focus on permission analysis for malware detection. With this perspective, a systematic literature review (SLR) has been produced. Several papers have been retrieved and selected for detailed analysis. Current challenges and different analyses were presented using the identified articles.

show abstract

Section: Resultsmentioning

confidence: 99%

Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review

Ehsan

Çatal

Mishra

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Matching via general crypto or MPC [80,81,169,205,296,303,333,349] (total: 9) Client-side or metadata-based [177,211,366,374] (total: 4) AI via MPC or federated learning [64,122,333,334] (total: 4) Matching in Trusted Execution Environment [95,350,372] (total: 3)…”

Section: Spam Filteringmentioning

confidence: 99%

SoK: Content Moderation for End-to-End Encryption

Scheffler

Mayer

2023

PoPETs

View full text Add to dashboard Cite

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and E2EE data storage is becoming common. These important advances for security and privacy create new content moderation challenges for online services, because services can no longer directly access plaintext content. While ongoing public policy debates about E2EE and content moderation in the United States and European Union emphasize child sexual abuse material and misinformation in messaging and storage, we identify and synthesize a wealth of scholarship that goes far beyond those topics. We bridge literature that is diverse in both content moderation subject matter, such as malware, spam, hate speech, terrorist content, and enterprise policy compliance, as well as intended deployments, including not only privacy-preserving content moderation for messaging, email, and cloud storage, but also private introspection of encrypted web traffic by middleboxes. In this work, we systematize the study of content moderation in E2EE settings. We set out a process pipeline for content moderation, drawing on a broad interdisciplinary literature that is not specific to E2EE. We examine cryptography and policy design choices at all stages of this pipeline, and we suggest areas of future research to fill gaps in literature and better understand possible paths forward.

show abstract

“…For this reason, the benefit of this model, if implemented on mobile devices, will be more clearly understood. EPMDroid 36 is an Intel SGX supported malware detection model. A probabilistic data structure is designed using CuckooTable filters.…”

Section: Related Workmentioning

confidence: 99%

AMD‐CNN: Android malware detection via feature graph and convolutional neural networks

Arslan

Taşyürek

2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Android malware has become a serious threat to mobile device users, and effective detection and defence architectures are needed to solve this problem. Recently, machine learning techniques have been widely used to deal with Android malicious apps. These methods are based on a simple feature set and have difficulty detecting up‐to‐date malware. Therefore, more robust and efficient classification methodologies are needed. In this article, AMD‐CNN, an Android malware detection tool, is proposed, and it uses graphical representations to detect malicious apks. In the first step, the features related to the androidmanifest.xml file are extracted and converted into a vector consisting of one or zero. The feature vector is then converted to 2D‐code images and used in training the CNN network. The model needs low‐resource consumption to run on mobile devices and allow real‐time applications to be analyzed. The experiments with 1920 malicious and benign apks show that the malware detection rate (accuracy) was 96.2% and precision, recall, and F‐score values were 97.9%, 98.2%, and 98.1%, respectively. The average time and memory space to analyze each application are 0.035 s and 3.38 MB. AMD‐CNN is an efficient and robust tool and has advantages over previous studies.

show abstract

EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion

Cited by 23 publications

References 47 publications

Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review

Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review

SoK: Content Moderation for End-to-End Encryption

AMD‐CNN: Android malware detection via feature graph and convolutional neural networks

Contact Info

Product

Resources

About