A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an application's actions over time often reveals the malicious intent even when each action alone may appear harmless. Then, we generate a database of malicious behavior signatures by studying more than 25 distinct families of mobile viruses and worms targeting the Symbian OS-the most widely-deployed handset OS-and their variants. Next, we propose a two-stage mapping technique that constructs these signatures at run-time from the monitored system events and API calls in Symbian OS. We discriminate the malicious behavior of malware from the normal behavior of applications by training a classifier based on Support Vector Machines (SVMs). Our evaluation on both simulated and real-world malware samples indicates that behavioral detection can identify current mobile viruses and worms with more than 96% accuracy. We also find that the time and resource overheads of constructing the behavior signatures from lowlevel API calls are acceptably low for their deployment in mobile devices.
The weak absorption of shortwave infrared light by skin tissues between 700 and 1500 nm offers an important window for diagnosis by optical means. The strong scattering of shortwave infrared light by the skin, however, presents a challenge to the modelling of light propagation through the skin and the understanding of skin optics. We have measured the collimated and diffuse transmittance and diffuse reflectance of porcine skin dermis samples within 30 h post-mortem. Monte Carlo simulations have been performed to inversely determine the absorption coefficient, scattering coefficient and anisotropy factor of the dermis samples in the spectral range from 900 to 1500 nm. We further analyse the sensitivity of the values of the parameters to the experimental errors and inverse calculation procedures. The state of the cellular integrity of the skin samples following optical measurements was verified using transmission electron microscopy. These results were correlated to study post-mortem effects on the in vitro optical properties of porcine dermis. We concluded that for samples stored within crushed ice for up to 30 h post-mortem the wavelength dependence of optical properties of the dermis remains unchanged while the values of the parameters vary moderately due to modification of the water content of the tissue.
Diffraction imaging of polystyrene spheres and B16F10 mouse melanoma cells embedded in gel has been investigated with a microscope objective. The diffraction images acquired with the objective from a sphere have been shown to be comparable to the Mie theory based projection images of the scattered light if the objective is translated to defocused positions towards the sphere. Using a confocal imaging based method to reconstruct and analyze the 3D structure, we demonstrated that genetic modifications in these cells can induce morphological changes and the modified cells can be used as an experimental model for study of the correlation between 3D morphology features and diffraction image data.
Diffraction images of spheres (left column) and melanoma cells (right column) acquired with an objective.
Control-Flow Integrity (CFI) is an important security property that needs to be enforced to prevent controlflow hijacking attacks. Recent attacks have demonstrated that existing CFI protections for COTS binaries are too permissive, and vulnerable to sophisticated code reusing attacks. Accounting for control flow restrictions imposed at higher levels of semantics is key to increasing CFI precision. In this paper, we aim to provide more stringent protection for virtual function calls in COTS C++ binaries by recovering C++ level semantics. To achieve this goal, we recover C++ semantics, including VTables and virtual callsites. With the extracted C++ semantics, we construct a sound CFI policy and further improve the policy precision by devising two filters, namely "Nested Call Filter" and "Calling Convention Filter". We implement a prototype system called vfGuard, and evaluate its accuracy, precision, effectiveness, coverage and performance overhead against a test set including complex C++ binary modules used by Internet Explorer. Our experiments show a runtime overhead of 18.3% per module. On SpiderMonkey, an open-source JavaScript engine used by Firefox, vfGuard generated 199 call targets per virtual callsite-within the same order of magnitude as those generated from a source code based solution. The policies constructed by vfGuard are sound and of higher precision when compared to state-of-the-art binary-only CFI solutions. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.