Abstract:Mobile devices are becoming increasingly popular. One reason for their popularity is the availability of a wide range of third-party applications, which enrich the environment and increase usability. There are however privacy concerns centered around these applications -users do not know what private data is leaked by the applications. Previous works to detect privacy leakages are either not accurate enough or require operating system changes, which may not be possible due to users' lack of skills or locked de… Show more
“…Since Drebin has been designed to run directly on the mobile device, its most obvious limitation is the lack of a dynamic analysis. Unfortunately, static analysis has clear limitations, as it is not possible to analyze malicious code that is downloaded or decrypted at runtime, or code that is thoroughly obfuscated [17], [23], [24], [31], [35], [36], [47]. For this reason, considering such attacks would be irrelevant for the scope of our work.…”
Abstract-To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection. However, its security against well-crafted attacks has not only been recently questioned, but it has been shown that machine learning exhibits inherent vulnerabilities that can be exploited to evade detection at test time. In other words, machine learning itself can be the weakest link in a security system. In this paper, we rely upon a previously-proposed attack framework to categorize potential attack scenarios against learning-based malware detection tools, by modeling attackers with different skills and capabilities. We then define and implement a set of corresponding evasion attacks to thoroughly assess the security of Drebin, an Android malware detector. The main contribution of this work is the proposal of a simple and scalable secure-learning paradigm that mitigates the impact of evasion attacks, while only slightly worsening the detection rate in the absence of attack. We finally argue that our secure-learning approach can also be readily applied to other malware detection tasks.
“…Since Drebin has been designed to run directly on the mobile device, its most obvious limitation is the lack of a dynamic analysis. Unfortunately, static analysis has clear limitations, as it is not possible to analyze malicious code that is downloaded or decrypted at runtime, or code that is thoroughly obfuscated [17], [23], [24], [31], [35], [36], [47]. For this reason, considering such attacks would be irrelevant for the scope of our work.…”
Abstract-To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection. However, its security against well-crafted attacks has not only been recently questioned, but it has been shown that machine learning exhibits inherent vulnerabilities that can be exploited to evade detection at test time. In other words, machine learning itself can be the weakest link in a security system. In this paper, we rely upon a previously-proposed attack framework to categorize potential attack scenarios against learning-based malware detection tools, by modeling attackers with different skills and capabilities. We then define and implement a set of corresponding evasion attacks to thoroughly assess the security of Drebin, an Android malware detector. The main contribution of this work is the proposal of a simple and scalable secure-learning paradigm that mitigates the impact of evasion attacks, while only slightly worsening the detection rate in the absence of attack. We finally argue that our secure-learning approach can also be readily applied to other malware detection tasks.
“…Different from the iOS platform where Apple reviews every app for the privacy data access, Android transfers the responsibility to the end users for permission checking [47]. Many researchers have carried out dynamic analysis of suspicious permissions and run-time behaviors on the Android platform [48], [49]. In the static analysis, textbased features, such as app descriptions [14], [16], [31], privacy policy [11], [12], API documents [50], app reviews [51], and source code as text [52], from app markets, are commonly-adopted for predicting the actual app permission usage [53], [54].…”
With Android applications (apps) becoming increasingly popular, there exist huge risks lurking in the app marketplaces as most malicious software attempt to collect users' private information without their awareness. Although these apps request users' authorization for permissions, the users can still face privacy leakage issues due to their limited knowledge in distinguishing permissions. Thus, accurate and automatic permission checking is necessary and important for users' privacy protection. According to previous studies, analyzing app descriptions is a helpful way to examine whether some permissions are required for apps. Different from those studies, we consider app permissions from a more fine-grained perspective and aim at predicting the multiple correspondent permissions to one sentence of app description. In this paper, we propose an end-to-end framework for assessing the consistency between descriptions and permissions, named Assessing Consistency based on neural Network (AC-Net). For evaluation, a new dataset involving the description-to-permission correspondences of 1415 popular Android apps was built. The experiments demonstrate that AC-Net significantly outperforms the state-of-the-art method by over 24.5% in accurately predicting permissions from descriptions. INDEX TERMS Android security, app descriptions, app permissions, consistency assessment, text classification, deep learning.
“…[38] proposed a privacy leakage monitoring system to repackage the software and insert the monitoring logic codes. Similar systems are AppGuard [39] and Uranine [18]. But detection results of the dynamic analysis possibly lagged behind leakage events [40].…”
Section: Related Workmentioning
confidence: 99%
“…It could detect efficiently with high code coverage, but is not applicable to the analysis of apps with multi-thread methods. (2) Dynamic analysis, on the contrary, could avoid the shortcomings of static analysis when monitoring the running state of software [11,15,16,17,18]. It compensates for static analysis in detection accuracy, but costs much more code coverage, and often lags behind leakage events during the detection.…”
Intelligent medical service system integrates wireless internet of things (WIoT), including medical sensors, wireless communications, and middleware techniques, so as to collect and analyze patients’ data to examine their physical conditions by many personal health devices (PHDs) in real time. However, large amount of malicious codes on the Android system can compromise consumers’ privacy, and further threat the hospital management or even the patients’ health. Furthermore, this sensor-rich system keeps generating large amounts of data and saturates the middleware system. To address these challenges, we propose a fog computing security and privacy protection solution. Specifically, first, we design the security and privacy protection framework based on the fog computing to improve tele-health and tele-medicine infrastructure. Then, we propose a context-based privacy leakage detection method based on the combination of dynamic and static information. Experimental results show that the proposed method can achieve higher detection accuracy and lower energy consumption compared with other state-of-art methods.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.