Xiaohan Helu scite author profile

Since the concept of IoT (Internet of Things) was proposed, it has digitized the real world and has a wide range of applications. However, with tremendous evolution in data acquisition and transfer, a new type of attack represented by advanced persistent threat (APT) has attracted wide attention. APT organization identification for malware is a method to detect APT attacks. However, most of malware is tailored to the goal, it is complex and changeable, or can be updated very quickly. The traditional analysis method is difficult to obtain the source information of APT organization from the malware in the IoT. To this end, we propose a software genes method to solve this problem. Software gene is binary fragment of specific function or information in the software body. In this paper, different from traditional data flow and instruction flow, a new gene model is proposed which combine with knowledge graph of malware behavior. We fill the processed malware information into the gene model to obtain the APT organization gene pool. Of course, the gene pool should be optimized to include the genetic characteristics of APT. In theory, there genetic characteristics can help us identify malware and APT accurately in the IoT. However, biological genetic similarity algorithms cannot be used directly. A genetic similarity algorithm for APT organization identification of malware will be designed instead. Simulations on real-world dataset corroborate theoretical analysis and reveal the possibility of using genes for malware traceability.

show abstract

DeepAutoD: Research on Distributed Machine Learning Oriented Scalable Mobile Communication Security Unpacking System

Jin

Helu

et al. 2022

IEEE Trans. Netw. Sci. Eng.

View full text Add to dashboard Cite

Salaxy: Enabling USB Debugging Mode Automatically to Control Android Devices

Lu¹,

Helu²,

Jin³

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Android system attackers have proposed various attack schemes to invade users' privacy. One way is to use ADB (Android Debug Bridge) with advanced permissions but low protection. In order to set up an ADB connection successfully, the USB debugging option of the target device must be turned on. However, the existing ADB-based attack schemes have not proposed how to enable the USB debugging, so it couldn't be considered that their attack chain is completable. This paper presents an approach for attacking Android devices by exploiting JavaScript to enable USB debugging automatically in the device's system settings, which fills in the gaps of existing solutions. This method can bypass the security mechanism of USB debugging mode and obtain an ADB connection without the user's authorization. It can also bypass the alerts that ADB Action Monitor displays when sensitive behaviors are detected. Based on AccessibilityService, Auto.js and Scrcpy, an application called Salaxy is designed and implemented to demonstrate the effectiveness of this method. Besides, Salaxy can monitor and manipulate Android devices remotely.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xiaohan Helu

AutoD: Intelligent Blockchain Application Unpacking Based on JNI Layer Deception Call

Research on Intelligent Detection of Command Level Stack Pollution for Binary Program Analysis

Advanced persistent threat organization identification based on software gene of malware

DeepAutoD: Research on Distributed Machine Learning Oriented Scalable Mobile Communication Security Unpacking System

Salaxy: Enabling USB Debugging Mode Automatically to Control Android Devices

Contact Info

Product

Resources

About