scholarly journals MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty

Entropy ◽  
2020 ◽  
Vol 22 (7) ◽  
pp. 792
Author(s):  
Hongli Yuan ◽  
Yongchuan Tang
Keyword(s):  
False Positive Rate ◽  
Regression Function ◽  
Detection Accuracy ◽  
Detection Model ◽  
Android Apps ◽  
Positive Rate ◽  
Android App ◽  
Android Applications ◽  
Malicious Apps ◽  
Static Detection

Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features’ uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU’s Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample’s detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.

A Novel OpenFlow-Based DDoS Flooding Attack Detection and Response Mechanism in Software-Defined Networking

2015 ◽  
Vol 9 (3) ◽  
pp. 21-40 ◽  
Author(s):  
Rui Wang ◽  
Zhiyong Zhang ◽  
Lei Ju ◽  
Zhiping Jia
Keyword(s):  
False Positive Rate ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Response Mechanism ◽  
Ip Traceback ◽  
Detection Model ◽  
Flooding Attack ◽  
Positive Rate

Software-Defined Networking (SDN) and OpenFlow have brought a promising architecture for the future networks. However, there are still a lot of security challenges to SDN. To protect SDN from the Distributed denial-of-service (DDoS) flooding attack, this paper extends the flow entry counters and adds a mark action of OpenFlow, then proposes an entropy-based distributed attack detection model, a novel IP traceback and source filtering response mechanism in SDN with OpenFlow-based Deterministic Packet Marking. It achieves detecting the attack at the destination and filtering the malicious traffic at the source and can be easily implemented in SDN controller program, software or programmable switch, such as Open vSwitch and NetFPGA. The experimental results show that this scheme can detect the attack quickly, achieve a high detection accuracy with a low false positive rate, shield the victim from attack traffic and also avoid the attacker consuming resource and bandwidth on the intermediate links.

Detection of Drive-by Download Attacks Using Machine Learning Approach

2020 ◽  
pp. 1598-1611
Author(s):  
Monther Aldwairi ◽  
Musaab Hasan ◽  
Zayed Balbahaith
Keyword(s):  
Machine Learning ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Web Pages ◽  
Financial Loss ◽  
Detection Model ◽  
Detection Systems ◽  
Novel Approach ◽  
Positive Rate ◽  
Using Data

Drive-by download refers to attacks that automatically download malwares to user's computer without his knowledge or consent. This type of attack is accomplished by exploiting web browsers and plugins vulnerabilities. The damage may include data leakage leading to financial loss. Traditional antivirus and intrusion detection systems are not efficient against such attacks. Researchers proposed plenty of detection approaches mostly passive blacklisting. However, a few proposed dynamic classification techniques, which suffer from clear shortcomings. In this paper, we propose a novel approach to detect drive-by download infected web pages based on extracted features from their source code. We test 23 different machine learning classifiers using data set of 5435 webpages and based on the detection accuracy we selected the top five to build our detection model. The approach is expected to serve as a base for implementing and developing anti drive-by download programs. We develop a graphical user interface program to allow the end user to examine the URL before visiting the website. The Bagged Trees classifier exhibited the highest accuracy of 90.1% and reported 96.24% true positive and 26.07% false positive rate.

Detection of Drive-by Download Attacks Using Machine Learning Approach

2017 ◽  
Vol 11 (4) ◽  
pp. 16-28 ◽  
Author(s):  
Monther Aldwairi ◽  
Musaab Hasan ◽  
Zayed Balbahaith
Keyword(s):  
Machine Learning ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Financial Loss ◽  
Data Set ◽  
Detection Model ◽  
Detection Systems ◽  
Novel Approach ◽  
Positive Rate ◽  
Using Data

Drive-by download refers to attacks that automatically download malwares to user's computer without his knowledge or consent. This type of attack is accomplished by exploiting web browsers and plugins vulnerabilities. The damage may include data leakage leading to financial loss. Traditional antivirus and intrusion detection systems are not efficient against such attacks. Researchers proposed plenty of detection approaches mostly passive blacklisting. However, a few proposed dynamic classification techniques, which suffer from clear shortcomings. In this paper, we propose a novel approach to detect drive-by download infected web pages based on extracted features from their source code. We test 23 different machine learning classifiers using data set of 5435 webpages and based on the detection accuracy we selected the top five to build our detection model. The approach is expected to serve as a base for implementing and developing anti drive-by download programs. We develop a graphical user interface program to allow the end user to examine the URL before visiting the website. The Bagged Trees classifier exhibited the highest accuracy of 90.1% and reported 96.24% true positive and 26.07% false positive rate.

scholarly journals A Modified FlowDroid Based on Chi-Square Test of Permissions

Entropy ◽  
2021 ◽  
Vol 23 (2) ◽  
pp. 174
Author(s):  
Hongzhaoning Kang ◽  
Gang Liu ◽  
Zhengping Wu ◽  
Yumin Tian ◽  
Lizhi Zhang
Keyword(s):  
Detection Efficiency ◽  
False Alarms ◽  
Chi Square ◽  
Secure Storage ◽  
Chi Square Test ◽  
Complex Detection ◽  
Android Applications ◽  
Malicious Apps ◽  
Flow Detection ◽  
Static Detection

Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or breach the secure storage of information. FlowDroid has been extensively studied as a novel and highly precise static taint analysis for Android applications. Aiming at the problem of complex detection and false alarms in FlowDroid, an improved static detection method based on feature permission and risk rating is proposed. Firstly, the Chi-square test is used to extract correlated permissions related to malicious apps, and mutual information is used to cluster the permissions to generate feature permission clusters. Secondly, risk calculation method based on permissions and combinations of permissions are proposed to identify dangerous data flows. Experiments show that this method can significantly improve detection efficiency while maintaining the accuracy of dangerous data flow detection.

scholarly journals Factors that Influence the Android Apps Permissions

2016 ◽  
Vol 1 (2) ◽  
pp. 59
Author(s):  
Normi Sham Awang Abu Bakar ◽  
Iqram Mahmud
Keyword(s):  
Not Given ◽  
Sensitive Data ◽  
Security Issues ◽  
Android Apps ◽  
Android Applications ◽  
Android Market ◽  
Malicious Apps ◽  
The Right ◽  
User Ratings ◽  
Average User

The Android Market is the official (and primary) storefor Android applications. The Market provides users with average user ratings, user reviews, descriptions, screenshots,and permissions to help them select applications. Generally, prior to installation of the apps, users need to agree on the permissions requested by the apps, they are not given any other option. Essentially, users may not aware on some security issues that may arise from the permissions. Some apps request the right to manipulate sensitive data, such as GPS location, photos, calendar, contact, email and files. In this paper, we explain the sources of sensitive data, what the malicious apps can do to the data, and apply the empirical software engineering analysis to find the factors that could potentially influence the permissions in Android apps. In addition, we also highlight top ten most implemented permissions in Android apps and also analyse the permissions for the apps categories in Android.

scholarly journals Efficient Detection of Large-Scale Multimedia Network Information Data Anomalies Based on the Rule-Extracting Matrix Algorithm

2021 ◽  
Vol 2021 ◽  
pp. 1-7
Author(s):  
Jie Zhao
Keyword(s):  
Large Scale ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Network Information ◽  
Matrix Algorithm ◽  
Efficient Detection ◽  
Sample Data ◽  
Multimedia Social Networks ◽  
Positive Rate ◽  
Rule Extracting

With the continuous development of multimedia social networks, online public opinion information is becoming more and more popular. The rule extraction matrix algorithm can effectively improve the probability of information data to be tested. The network information data abnormality detection is realized through the probability calculation, and the prior probability is calculated, to realize the detection of abnormally high network data. Practical results show that the rule-extracting matrix algorithm can effectively control the false positive rate of sample data, the detection accuracy is improved, and it has efficient detection performance.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

scholarly journals An Enhanced Multimedia Video Surveillance Security Using Wavelet Encryption Framework

2020 ◽  
Author(s):  
Velliangiri S
Keyword(s):  
Wavelet Transform ◽  
False Positive Rate ◽  
Digital Data ◽  
Detection Accuracy ◽  
Detection Time ◽  
Arbitrary Permutation ◽  
Secret Keys ◽  
Positive Rate ◽  
Cae System ◽  
Distortion Rate

Multimedia digital data include medical record and financial documents, which are not guaranteed with security. The concerns for security of multimedia digital data is been a widespread issue in the field of cybernetics. With increasing malwares in video payloads, the proposed study aims to reduce the embedding of malwares using Pseudo Arbitrary Permutation based Cellular Automata Encryption (PAP-CAE) System in video payloads. This method reduces the malware attacks and distortion rate by permuting the secret keys with Pseudo arbitrary permutation. Before the application of PAP-CAE, 2D wavelet transform is applied on the multimedia files that compresses the complex files into different scales and position to be transmitted via a network with reduced size. Simultaneously, it performs the process of decryption and decompression to retrieve the original files. The proposed method is evaluated against existing methods to test its efficacy in terms of detection accuracy, detection time of malwares and false positive rate. The result shows that the proposed method is effective against the detection of malwares in multimedia video files.

scholarly journals Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence

2020 ◽  
Vol 10 (21) ◽  
pp. 7673
Author(s):  
Eslam Amer ◽  
Shaker El-Sappagh ◽  
Jong Wan Hu
Keyword(s):  
False Positive Rate ◽  
Heuristic Method ◽  
Semantic Interpretation ◽  
Detection Accuracy ◽  
Behavioral Models ◽  
Proposed Model ◽  
Positive Rate ◽  
Call Sequence ◽  
Proper Interpretation ◽  
Contextual Association

The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware’s mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives.

scholarly journals A Multiclass Detection System for Android Malicious Apps Based on Color Image Features

2020 ◽  
Vol 2020 ◽  
pp. 1-21
Author(s):  
Hua Zhang ◽  
Jiawei Qin ◽  
Boan Zhang ◽  
Hanbing Yan ◽  
Jing Guo ◽  
...  
Keyword(s):  
Color Image ◽  
Detection System ◽  
Binary Classification ◽  
Image Features ◽  
Detection Accuracy ◽  
Visualization Method ◽  
Android Apps ◽  
Malicious Apps ◽  
Color Visualization ◽  
Grayscale Images

The visual recognition of Android malicious applications (Apps) is mainly focused on the binary classification using grayscale images, while the multiclassification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multiclassifier for the Android malicious App families is implemented, which can classify 10 common malicious App families. In order to better understand the behavioral characteristics of malicious Apps, we conduct a comprehensive manual analysis for a large number of malicious Apps and summarize 1695 malicious behavior characteristics as customized features. Compared with the App classifier based on the grayscale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. We use four types of Android App features: classes.dex file, sets of class names, APIs, and customized features as input for App visualization. According to the experimental results, we find out that using the customized features as the color visualization input features can achieve the highest detection accuracy rate, which is 96% in the ten malicious families.

Sign in / Sign up

Export Citation Format

Share Document