The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and...The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.展开更多
隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法...隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法。在隐私政策分析阶段,基于Bi-GRU-CRF(Bi-directional Gated Recurrent Unit Conditional Random Field)神经网络,通过添加自定义标注库对模型进行增量训练,实现对隐私政策声明中的关键信息的提取;在敏感行为分析阶段,通过对敏感应用程序接口(API)调用进行分类、对输入敏感源列表中已分析过的敏感API调用进行删除,以及对已提取过的敏感路径进行标记的方法来优化IFDS(Interprocedural,Finite,Distributive,Subset)算法,使敏感行为分析结果与隐私政策描述的语言粒度相匹配,并且降低分析结果的冗余,提高分析效率;在一致性分析阶段,将本体之间的语义关系分为等价关系、从属关系和近似关系,并据此定义敏感行为与隐私政策一致性形式化模型,将敏感行为与隐私政策一致的情况分为清晰的表述和模糊的表述,将不一致的情况分为省略的表述、不正确的表述和有歧义的表述,最后根据所提基于语义相似度的一致性分析算法对敏感行为与隐私政策进行一致性分析。实验结果表明,对928个应用程序进行分析,在隐私政策分析正确率为97.34%的情况下,51.4%的Android应用程序存在应用实际敏感行为与隐私政策声明不一致的情况。展开更多
The Android Operating System(AOS)has been evolving since its inception and it has become one of the most widely used operating system for the Internet of Things(IoT).Due to the high popularity and reliability ofAOS fo...The Android Operating System(AOS)has been evolving since its inception and it has become one of the most widely used operating system for the Internet of Things(IoT).Due to the high popularity and reliability ofAOS for IoT,it is a target of many cyber-attacks which can cause compromise of privacy,financial loss,data integrity,unauthorized access,denial of services and so on.The Android-based IoT(AIoT)devices are extremely vulnerable to various malwares due to the open nature and high acceptance of Android in the market.Recently,several detection preventive malwares are developed to conceal their malicious activities from analysis tools.Hence,conventional malware detection techniques could not be applied and innovative countermeasures against such anti-detection malwares are indispensable to secure the AIoT.In this paper,we proposed the novel deep learning-based real-time multiclass malware detection techniques for the AIoT using dynamic analysis.The results show that the proposed technique outperforms existing malware detection techniques and achieves detection accuracy up to 99.87%.展开更多
In social science,health care,digital therapeutics,etc.,smartphone data have played important roles to infer users’daily lives.However,smartphone data col-lection systems could not be used effectively and widely beca...In social science,health care,digital therapeutics,etc.,smartphone data have played important roles to infer users’daily lives.However,smartphone data col-lection systems could not be used effectively and widely because they did not exploit any Internet of Things(IoT)standards(e.g.,oneM2M)and class labeling methods for machine learning(ML)services.Therefore,in this paper,we propose a novel Android IoT lifelog system complying with oneM2M standards to collect various lifelog data in smartphones and provide two manual and automated class labeling methods for inference of users’daily lives.The proposed system consists of an Android IoT client application,an oneM2M-compliant IoT server,and an ML server whose high-level functional architecture was carefully designed to be open,accessible,and internation-ally recognized in accordance with the oneM2M standards.In particular,we explain implementation details of activity diagrams for the Android IoT client application,the primary component of the proposed system.Experimental results verified that this application could work with the oneM2M-compliant IoT server normally and provide corresponding class labels properly.As an application of the proposed system,we also propose motion inference based on three multi-class ML classifiers(i.e.,k nearest neighbors,Naive Bayes,and support vector machine)which were created by using only motion and location data(i.e.,acceleration force,gyroscope rate of rotation,and speed)and motion class labels(i.e.,driving,cycling,running,walking,and stil-ling).When compared with confusion matrices of the ML classifiers,the k nearest neighbors classifier outperformed the other two overall.Furthermore,we evaluated its output quality by analyzing the receiver operating characteristic(ROC)curves with area under the curve(AUC)values.The AUC values of the ROC curves for all motion classes were more than 0.9,and the macro-average and micro-average ROC curves achieved very high AUC values of 0.96 and 0.99,respectively.展开更多
The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Andr...The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.展开更多
文摘The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.
文摘隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法。在隐私政策分析阶段,基于Bi-GRU-CRF(Bi-directional Gated Recurrent Unit Conditional Random Field)神经网络,通过添加自定义标注库对模型进行增量训练,实现对隐私政策声明中的关键信息的提取;在敏感行为分析阶段,通过对敏感应用程序接口(API)调用进行分类、对输入敏感源列表中已分析过的敏感API调用进行删除,以及对已提取过的敏感路径进行标记的方法来优化IFDS(Interprocedural,Finite,Distributive,Subset)算法,使敏感行为分析结果与隐私政策描述的语言粒度相匹配,并且降低分析结果的冗余,提高分析效率;在一致性分析阶段,将本体之间的语义关系分为等价关系、从属关系和近似关系,并据此定义敏感行为与隐私政策一致性形式化模型,将敏感行为与隐私政策一致的情况分为清晰的表述和模糊的表述,将不一致的情况分为省略的表述、不正确的表述和有歧义的表述,最后根据所提基于语义相似度的一致性分析算法对敏感行为与隐私政策进行一致性分析。实验结果表明,对928个应用程序进行分析,在隐私政策分析正确率为97.34%的情况下,51.4%的Android应用程序存在应用实际敏感行为与隐私政策声明不一致的情况。
基金the MSIP and National Research Foundation of South Korea under Grant 2018R1D1A1B07049877.
文摘The Android Operating System(AOS)has been evolving since its inception and it has become one of the most widely used operating system for the Internet of Things(IoT).Due to the high popularity and reliability ofAOS for IoT,it is a target of many cyber-attacks which can cause compromise of privacy,financial loss,data integrity,unauthorized access,denial of services and so on.The Android-based IoT(AIoT)devices are extremely vulnerable to various malwares due to the open nature and high acceptance of Android in the market.Recently,several detection preventive malwares are developed to conceal their malicious activities from analysis tools.Hence,conventional malware detection techniques could not be applied and innovative countermeasures against such anti-detection malwares are indispensable to secure the AIoT.In this paper,we proposed the novel deep learning-based real-time multiclass malware detection techniques for the AIoT using dynamic analysis.The results show that the proposed technique outperforms existing malware detection techniques and achieves detection accuracy up to 99.87%.
文摘In social science,health care,digital therapeutics,etc.,smartphone data have played important roles to infer users’daily lives.However,smartphone data col-lection systems could not be used effectively and widely because they did not exploit any Internet of Things(IoT)standards(e.g.,oneM2M)and class labeling methods for machine learning(ML)services.Therefore,in this paper,we propose a novel Android IoT lifelog system complying with oneM2M standards to collect various lifelog data in smartphones and provide two manual and automated class labeling methods for inference of users’daily lives.The proposed system consists of an Android IoT client application,an oneM2M-compliant IoT server,and an ML server whose high-level functional architecture was carefully designed to be open,accessible,and internation-ally recognized in accordance with the oneM2M standards.In particular,we explain implementation details of activity diagrams for the Android IoT client application,the primary component of the proposed system.Experimental results verified that this application could work with the oneM2M-compliant IoT server normally and provide corresponding class labels properly.As an application of the proposed system,we also propose motion inference based on three multi-class ML classifiers(i.e.,k nearest neighbors,Naive Bayes,and support vector machine)which were created by using only motion and location data(i.e.,acceleration force,gyroscope rate of rotation,and speed)and motion class labels(i.e.,driving,cycling,running,walking,and stil-ling).When compared with confusion matrices of the ML classifiers,the k nearest neighbors classifier outperformed the other two overall.Furthermore,we evaluated its output quality by analyzing the receiver operating characteristic(ROC)curves with area under the curve(AUC)values.The AUC values of the ROC curves for all motion classes were more than 0.9,and the macro-average and micro-average ROC curves achieved very high AUC values of 0.96 and 0.99,respectively.
基金supported by the National Natural Science Foundation of China(62072255)。
文摘The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.