2016
DOI: 10.1109/tifs.2015.2510825
|View full text |Cite
|
Sign up to set email alerts
|

Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence

Abstract: International audienceModern malware uses advanced techniques to hide from static and dynamic analysis tools. To achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to locally exchange data. Since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. As a consequence, it is important to investigate how to reveal the presence of m… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
63
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
5
4
1

Relationship

1
9

Authors

Journals

citations
Cited by 120 publications
(63 citation statements)
references
References 45 publications
0
63
0
Order By: Relevance
“…This will enable, not only a quick validation, but also fair comparison between different proposals. As an example, [12] recently proposed an energy consumption based method to detect the usage of several covert channels for app collusion. Authors provide the source code required to implement such covert channels.…”
Section: Resultsmentioning
confidence: 99%
“…This will enable, not only a quick validation, but also fair comparison between different proposals. As an example, [12] recently proposed an energy consumption based method to detect the usage of several covert channels for app collusion. Authors provide the source code required to implement such covert channels.…”
Section: Resultsmentioning
confidence: 99%
“…HANIDPS analyzes the network traffic and compares it with a normal in order to detect a running threat [40]. A similar approach may analyze energy consumption [41] to identify running attacks. Cui et al proposed instead a fuzzing method based on finite state machines.…”
Section: Related Workmentioning
confidence: 99%
“…Thus, any deviation from a defined model or profile of legitimate activities reflected in the WSN network traffic parameters is treated as a symptom of the attack. Such a deviation from normal reference is called an anomaly [14,28].…”
Section: Network Anomaly Detection: the Proposed Approachmentioning
confidence: 99%