Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy, respectively.
in South Korea. The competition problem was to develop attacks and detection algorithms for CAN, a widely used standard of in-vehicle communication. The participants earned scores when they detect other team's attacks and inject critical or stealth attacks. The most significant difference from the events of Pwn2Own and SINCON is that we held attack and detection competitions simultaneously.The contributions of our competition are listed below:• We used a commercial car in the competition: Hyundai Avante CN7, a model released in 2020. The participants could inject attacks and see the following effects of a real vehicle. • The competition aimed to challenge participant's attacks and detection algorithms concurrently. On the day of the main contest, we captured the CAN traffic while the red team injects attack messages into the car and transmitted the traffic to the rest of the teams' (i.e., blue teams) detection systems. It is the first attempt to contest both attack and detection skills in the same car security contest to the best of our knowledge. • We ran a testbed with real vehicles before the finals, so even individual participants who do not have equipment could use the environment to inject and analyze CAN traffic. We believe this opportunity helped increasing interest in car security to researchers and students. • We could test and compare attack and detect methods of many research teams, including companies and universities in car security field. They showed statistical rulebased approach is effective to detect attacks, and reducing frequency of attack messages helps to avoid detection systems. II. BACKGROUND A. In-vehicle networkMost vehicles have standard protocols, i.e., LIN, CAN, MOST, and FlexRay, to communicate with in-vehicle nodes. In those protocols, the CAN protocol has high-integrity data communications for real-time applications, reliability, and excellent error detection. For such reasons, most common vehicles apply CAN to an in-vehicle network to transmit sensor data between the nodes: Electronic Control Unit (ECU), microcontrollers, and sensors [14]. It has characteristics such as multi-master bus access, bus topology, and message priority. An accessed CAN bus node can transmit CAN message without any configuration Abstract-Cybersecurity competitions can promote the importance of security and discover talented researchers. We hosted the Car Hacking: Attack & Defense Challenge from September 14, 2020 to November 27, 2020, and many security companies and researchers participated. To the best of our knowledge, it is the first competition to contest both attack and detection techniques on an in-vehicle network, specifically Controller Area Network (CAN). The participants developed various injection attacks and high-performance detection algorithms based on the real vehicle environment. Rule-based and ensemble tree-based models dominated the final round. Also, time interval and data byte patterns worked as major features to detect attacks.
Nowadays, using artificial neural networks (ANNs) for network intrusion detection systems (NIDS) is drawing much attention from developers. The capability of ANNs to learn patterns from numerous data helps in detecting attacks on networked systems from large amounts of network data. Moreover, for effectively monitoring a newly emerging networked system consisting of distributed subsystems, such as edge, IoT and fog, recent researches have proposed an ANN-based distributed NIDS, where multiple ANNs are deployed to local gateways. Unfortunately, to meet the incessant demand for high accuracy, ANN-based NIDSes have become complicated and heavy. With local gateways being small and low-end, such ANNs cannot be executed. To solve this problem, some works have proposed optimized algorithms to balance detection accuracy and run-time performance. Kitsune is one of those works that empirically proved its efficiency, but a recent study shows that Kitsune has limitations. In particular, Kitsune fails at identifying host-oriented attacks, which pretend to be benign during packet delivery, but incur malicious behavior on the destination devices. Panop is a novel ANN-based NIDS for distributed network system that aims to detect malicious packets including host-oriented attacks, while remaining lightweight to be executed by low-end devices. For this aim, Panop ANN is designed to comprehensively learn both network and device behaviors related to packet transactions in an IoT network. According to our experiments, Panop is able to detect host-oriented attacks as well as other attacks with fairly high accuracy with little degradation in run-time performance compared to other state-of-the-art NIDS for distributed network environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.