1,721,017 research outputs found
Graph-Based Android Malware Detection and Categorization through BERT Transformer
No full textIn this paper, we propose a novel approach to Android malware analysis and categorization that leverages the power of BERT (Bidi-rectional Encoder Representations from Transformers) to classify API call sequences generated from Android API Call Graph. By utilizing the API Call Graph, our approach captures the intricate re-lationships and dependencies between API calls, enabling a deeper understanding of the behavior exhibited by Android malware. Our results show that our approach achieves high accuracy in classi-fying API call sequences as malicious or benign and the method provides a promising solution also for categorizing Android mal-ware and can help mitigate the risks posed by malicious Android applications
Further Insights: Balancing Privacy, Explainability, and Utility in Machine Learning-based Tabular Data Analysis
No full text
Trading-off Privacy, Utility, and Explainability in Deep Learning-based Image Data Analysis
No full textUsing the ACE framework to enforce access and usage control with notifications of revoked access rights
Full text linkThe standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. This work has been partially supported by: the Sweden’sInnovation Agency VINNOVA within the EUREKA CELTIC-NEXTproject CYPRESS; the H2020 project SIFIS-Home (grant agreement952652); and the SSF project SEC4Factory (grant RIT17-0032).</p
MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention
Full text linkAndroid users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been designed to take into account those behaviors characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption
MADAM: A multi-level anomaly detector for android malware
No full textCurrently, in the smartphone market, Android is the platform with the highest share. Due to this popularity and also to its open source nature, Android-based smartphones are now an ideal target for attackers. Since the number of malware designed for Android devices is increasing fast, Android users are looking for security solutions aimed at preventing malicious actions from damaging their smartphones. In this paper, we describe MADAM, a Multi-level Anomaly Detector for Android Malware. MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones. The first prototype of MADAM is able to detect several real malware found in the wild. The device usability is not affected by MADAM due to the low number of false positives generated after the learning phase. © 2012 Springer-Verlag Berlin Heidelberg
Ask a(n)droid to tell you the odds: probabilistic security-by-contract for mobile devices
Full text linkSecurity-by-contract is a paradigm proposed for the secure installation, usage, and monitoring of apps into mobile devices, with the aim of establishing, controlling, and, if necessary, enforcing security-critical behaviors. In this paper, we extend this paradigm with new functionalities allowing for a quantitative estimation of such behaviors, in order to reveal in real time the more and more challenging subtleties of new-generation malware and repackaged apps. The novel paradigm is based on formal means and techniques ranging from statistical analysis to probabilistic model checking. The framework, deployed in the Android environment, is evaluated by examining both its effectiveness with respect to a benchmark of real-world malware and its effect on the execution of genuine, secure apps
- …
