Security Toolbox for Detecting Novel and Sophisticated Android Malware

Holland, Benjamin; Deering, Tom; Kothari, Suresh; Mathews, Jon; Ranade, Nikhil

doi:10.1109/icse.2015.235

Cited by 8 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ese features included permissions, APIs, and application components. Holland et al [26] and Quan et al [27] adopted pattern match algorithm and the mixed feature to detect malwares.…”

Section: 2mentioning

confidence: 99%

“…In order to effectively detect Android malicious applications, various methods have been proposed. ese methods include the single-feature mechanisms [6][7][8][9][10][11][12][13][14][15][16][17] and the multifeatures fusion mechanisms [18][19][20][21][22][23][24][25][26]. e methods based on a single-feature mechanism usually train a classifier with one type of features which include APIs [8], permissions [6,7], call graphs, images [10], or codes [9,[13][14][15][16][17].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain

Zhao

Tang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Recently, security policies and behaviour detection methods have been proposed to improve the security of blockchain by many researchers. However, these methods cannot discover the source of typical behaviours, such as the malicious applications in the blockchain environment. Android application is an important part of the blockchain operating environment, and machine learning-based Android malware application detection method is significant for blockchain user security. The way of constructing features in these methods determines the performance. The single-feature mechanism, training classifiers with one type of features, cannot detect the malicious applications effectively which exhibit the typical behaviours in various forms. The multifeatures fusion mechanism, constructing mixed features from multiple types of data sources, can cover more kinds of information. However, different types of data sources will interfere with each other in the mixed features constructed by this mechanism. That limits the performance of the model. In order to improve the detection performance of Android malicious applications in complex scenarios, we propose an Android malicious application detection method which includes parallel feature processing and decision mechanism. Our method uses RGB image visualization technology to construct three types of RGB image which are utilized to train different classifiers, respectively, and a decision mechanism is designed to fuse the outputs of subclassifiers through weight analysis. This approach simultaneously extracts different types of features, which preserve application information comprehensively. Different classifiers are trained by these features to guarantee independence of each feature and classifier. On this basis, a comprehensive analysis of many methods is performed on the Android malware dataset, and the results show that our method has better efficiency and adaptability than others.

show abstract

“…ese features included permissions, APIs, and application components. Holland et al [26] and Quan et al [27] adopted pattern match algorithm and the mixed feature to detect malwares.…”

Section: 2mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain

Zhao

Tang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…DARPA used RTing to develop malware to exploit weaknesses in the Android operating system. The goal of the RT was to develop the most sophisticated malware while the blue-team had to find means of intrusion detection and provide defenses against intrusion (Holland, Deering and Kothari, 2015). In a RT/blue-team exercise the time required by each team for their tasks is a useful measure of the challenge to attack or defend the system (Rege et al, 2017).…”

Section: Red-teaming In Network Intrusion Testingmentioning

confidence: 99%

Red‐Teaming as a Research Validation Method for Systems Engineering Thesis Students

Ferris

Camelia

Mattsson

et al. 2022

INCOSE International Symp

View full text Add to dashboard Cite

All research projects need a forward path method for performing the investigation, making findings and reaching conclusions. In addition, project methodology must include methods that test the truth of the knowledge claimed to have been developed through the project. We address the specific issue of validation in thesis projects in systems engineering (SE) programs where the intended outcome is either an application of SE method or an investigation of a topic in SE. We present red-teaming (RTing) as a validation method for results of SE research. We discuss two case studies of thesis projects which used a RTing method to evaluate a proposed method for doing something. From this we discuss the strengths and weaknesses of the RTing method in thesis projects and provide guidelines for use of RTing as a project outcomes evaluation method. We conclude RTing is a useful method to evaluate a thesis project which generates a design or a method because it uses a method not directly influenced by the student's assumptions in the design of the project. The RTing method is constrained by the challenges of finding willing red-team (RT) members, project schedule, and the RT member's knowledge of the subject.

show abstract

“…In this section, we provide the reader with background knowledge about the Atlas [50] program analysis platform. Atlas is a static program analysis platform for C, Java source code, and Java bytecode developed by EnSoft Corp, which can be used to develop custom and sophisticated software analyzers [80]. Before we describe our approach to summary generation, we briey describe the necessary infrastructure for developing FlowMiner that is provided by Atlas.…”

Section: Background: Atlas Program Analysis Platformmentioning

confidence: 99%

Man-machine partial program analysis for malware detection

Deering

View full text Add to dashboard Cite

Static program analysis tools are critical to the eld of software engineering, allowing us to compile, refactor, verify, and understand our code. Because modern software is built on top of reusable libraries and frameworks, whole program analysis is prohibitively expensive, hence tools must instead perform partial program analysis-analysis of a proper subset of a program's implementation. Missing data ow semantics of these components introduce problematic gaps for many use cases, including security-critical analyses. Prior attempts to overcome this, including handwritten models, heuristics, and dynamically-inferred specications, are too coarse for many analysis use cases, introducing inaccuracies.

show abstract

Security Toolbox for Detecting Novel and Sophisticated Android Malware

Cited by 8 publications

References 8 publications

An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain

An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain

Red‐Teaming as a Research Validation Method for Systems Engineering Thesis Students

Man-machine partial program analysis for malware detection

Contact Info

Product

Resources

About