Copy-Move Forgery(CMF) is one of the simple and effective operations to create forged digital images.Recently,techniques based on Scale Invariant Features Transform(SIFT) are widely used to detect CMF.Various approach...Copy-Move Forgery(CMF) is one of the simple and effective operations to create forged digital images.Recently,techniques based on Scale Invariant Features Transform(SIFT) are widely used to detect CMF.Various approaches under the SIFT-based framework are the most acceptable ways to CMF detection due to their robust performance.However,for some CMF images,these approaches cannot produce satisfactory detection results.For instance,the number of the matched keypoints may be too less to prove an image to be a CMF image or to generate an accurate result.Sometimes these approaches may even produce error results.According to our observations,one of the reasons is that detection results produced by the SIFT-based framework depend highly on parameters whose values are often determined with experiences.These values are only applicable to a few images,which limits their application.To solve the problem,a novel approach named as CMF Detection with Particle Swarm Optimization(CMFDPSO) is proposed in this paper.CMFD-PSO integrates the Particle Swarm Optimization(PSO) algorithm into the SIFT-based framework.It utilizes the PSO algorithm to generate customized parameter values for images,which are used for CMF detection under the SIFT-based framework.Experimental results show that CMFD-PSO has good performance.展开更多
With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Int...With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.展开更多
Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat...Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.展开更多
基金supported in part by the National Natural Science Foundation of China under grant No.(61472429,61070192,91018008,61303074,61170240)Beijing Natural Science Foundation under grant No.4122041+1 种基金National High-Tech Research Development Program of China under grant No.2007AA01Z414National Science and Technology Major Project of China under grant No.2012ZX01039-004
文摘Copy-Move Forgery(CMF) is one of the simple and effective operations to create forged digital images.Recently,techniques based on Scale Invariant Features Transform(SIFT) are widely used to detect CMF.Various approaches under the SIFT-based framework are the most acceptable ways to CMF detection due to their robust performance.However,for some CMF images,these approaches cannot produce satisfactory detection results.For instance,the number of the matched keypoints may be too less to prove an image to be a CMF image or to generate an accurate result.Sometimes these approaches may even produce error results.According to our observations,one of the reasons is that detection results produced by the SIFT-based framework depend highly on parameters whose values are often determined with experiences.These values are only applicable to a few images,which limits their application.To solve the problem,a novel approach named as CMF Detection with Particle Swarm Optimization(CMFDPSO) is proposed in this paper.CMFD-PSO integrates the Particle Swarm Optimization(PSO) algorithm into the SIFT-based framework.It utilizes the PSO algorithm to generate customized parameter values for images,which are used for CMF detection under the SIFT-based framework.Experimental results show that CMFD-PSO has good performance.
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China (Nos. 61161140320 and 61233016)Intel Research Council with the title of Security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.
