A3CM: Automatic Capability Annotation for Android Malware

Qiu, Junyang; Zhang, Jun; Luo, Wei; Pan, Lei; Nepal, Surya; Wang, Yu; Xiang, Yang

doi:10.1109/access.2019.2946392

Cited by 38 publications

(39 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, other malware use an obfuscation technique or encrypted methods which cannot be read or decrypted unless the app is executed. A set of papers [28][29][30][31][32][33][34][35][36][37][38][39]42,[46][47][48]50,52,53,[55][56][57]59,62,63,[65][66][67] used static analysis. Details on the static features used by the papers were discussed in Section 4, Features.…”

Section: Static Analysismentioning

confidence: 99%

“…The dynamic and static features are combined and fed to machine learning algorithms, such as Randomforest and KNN for classification. In [29], the authors apply Linear SVM, DT, and DL algorithms. Fene et al [60] utilize the SVM algorithm.…”

Section: Model-basedmentioning

confidence: 99%

“…Then, they use the dictionary search method for classification. In [29], the authors use TF-IDF to represent the frequency of the features.…”

Section: Model-basedmentioning

confidence: 99%

“…In [29,32,35,38,39,42,46,47,50,56,59,60,[63][64][65], a subset of sensitive or suspicious API calls are utilized in their feature set.…”

Section: Static Featuresmentioning

confidence: 99%

See 3 more Smart Citations

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

Section: Static Analysismentioning

confidence: 99%

Section: Model-basedmentioning

confidence: 99%

See 2 more Smart Citations

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

show abstract

“…In the case of malware detection [18], [19], [20], [21] and binary code analysis [22], [23] relevant studies have been actively conducted. However, anti-reversing techniques have not attracted special interest from researchers except for specific topics such as code virtualization [24], [25].…”

Section: Related Workmentioning

confidence: 99%

x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4

et al. 2020

View full text Add to dashboard Cite

In spite of recent remarkable advances in binary code analysis, malware developers are still using complex anti-reversing techniques to make analysis difficult. To protect malware, they use packers, which are (commercial) tools that contain various anti-reverse engineering techniques such as code encryption, anti-debugging, and code virtualization. In this paper, we present x64Unpack: a hybrid emulation scheme that makes it easier to analyze packed executable files and automatically unpacks them in 64-bit Windows environments. The most distinguishable feature of x64Unpack compared to other dynamic analysis tools is that x64Unpack and the target program share virtual memory to support both instruction emulation and direct execution. Emulation runs slow but provides detailed information, whereas direct execution of the code chunk runs very fast and can handle complex cases regarding to operating systems or hardware devices. With x64Unpack, we can monitor major API (Application Programming Interface) function calls or conduct fine-grained analysis at the instruction-level. Furthermore, x64Unpack can detect anti-debugging code chunks, dump memory, and unpack the packed files. To verify the effectiveness of x64Unpack, experiments were conducted on the obfuscation tools: UPX 3.95, MPRESS 2.19, Themida 2.4.6, and VMProtect 3.4. Especially, VMProtect and Themida are considered as some of the most complex commercial packers in 64bit Windows environments. Experimental results show that x64Unpack correctly emulates the packed executable files and successfully produces the unpacked version. Based on this, we provide the detailed analysis results on the obfuscated executable file that was generated by VMProtect 3.4.

show abstract

SDCCP: Control the network using software‐defined networking and end‐to‐end congestion control

Lin

Liao

Wang

et al. 2020

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

The Internet of Things is becoming widely popular in the past decade, which comes with huge amount of data. These magnanimous data, stored in data centers, put forward the new demand for the efficient management of the network. In this article, we propose Software-Defined Congestion Control Plane (SDCCP), a hybrid network control architecture that aims to fully utilize the network while avoiding congestion. SDCCP is based on Software-Defined Networking and CCP, in which the controller collects the network statistics and specifies the behavior of the end-to-end hosts by sending feedback or modifying their transport layer parameters directly. It can also be used to mitigate Distributed Denial of Service attacks and other security problems. In addition, we propose FCA, a Feedback-based Congestion Avoidance algorithm running on SDCCP, which adapts the congestion window based on the feedback from the remote controller. We evaluate SDCCP and FCA in Mininet and the result shows that FCA can achieve high network utilization while keeping the queue length of the routers in a low level. Also, FCA is robust to noncongestion loss, and outperforms other algorithms at high loss rate.

show abstract

A3CM: Automatic Capability Annotation for Android Malware

Cited by 38 publications

References 49 publications

Android Malware Family Classification and Analysis: Current Status and Future Directions

Android Malware Family Classification and Analysis: Current Status and Future Directions

x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4

SDCCP: Control the network using software‐defined networking and end‐to‐end congestion control

Contact Info

Product

Resources

About