Nowadays cloud architecture is widely applied on the internet.New malware aiming at the privacy data stealing or crypto currency mining is threatening the security of cloud platforms.In view of the problems with exist...Nowadays cloud architecture is widely applied on the internet.New malware aiming at the privacy data stealing or crypto currency mining is threatening the security of cloud platforms.In view of the problems with existing application behavior monitoring methods such as coarse-grained analysis,high performance overhead and lack of applicability,this paper proposes a new fine-grained binary program monitoring and analysis method based on multiple system level components,which is used to detect the possible privacy leakage of applications installed on cloud platforms.It can be used online in cloud platform environments for fine-grained automated analysis of target programs,ensuring the stability and continuity of program execution.We combine the external interception and internal instrumentation and design a variety of optimization schemes to further reduce the impact of fine-grained analysis on the performance of target programs,enabling it to be employed in actual environments.The experimental results show that the proposed method is feasible and can achieve the acceptable analysis performance while consuming a small amount of system resources.The optimization schemes can go beyond traditional dynamic instrumentation methods with better analytical performance and can be more applicable to online analysis on cloud platforms.展开更多
Modern mobile devices provide a wide variety of services.Users are able to access these services for many sensitive tasks relating to their everyday lives(e.g.,finance,home,or contacts).However,these services also pro...Modern mobile devices provide a wide variety of services.Users are able to access these services for many sensitive tasks relating to their everyday lives(e.g.,finance,home,or contacts).However,these services also provide new attack surfaces to attackers.Many efforts have been devoted to protecting mobile users from privacy leakage.In this work,we study state-of-the-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.展开更多
It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide preci...It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.展开更多
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new ...A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.展开更多
基金This work is supported by the National Natural Science Foundation of China(General Program,Grant No.61572253,YZ,http://www.nsfc.gov.cn)the Innovation Program for Graduate Students of Jiangsu Province,China(Grant No.KYLX16_0384,JP,http://jyt.jiangsu.gov.cn).
文摘Nowadays cloud architecture is widely applied on the internet.New malware aiming at the privacy data stealing or crypto currency mining is threatening the security of cloud platforms.In view of the problems with existing application behavior monitoring methods such as coarse-grained analysis,high performance overhead and lack of applicability,this paper proposes a new fine-grained binary program monitoring and analysis method based on multiple system level components,which is used to detect the possible privacy leakage of applications installed on cloud platforms.It can be used online in cloud platform environments for fine-grained automated analysis of target programs,ensuring the stability and continuity of program execution.We combine the external interception and internal instrumentation and design a variety of optimization schemes to further reduce the impact of fine-grained analysis on the performance of target programs,enabling it to be employed in actual environments.The experimental results show that the proposed method is feasible and can achieve the acceptable analysis performance while consuming a small amount of system resources.The optimization schemes can go beyond traditional dynamic instrumentation methods with better analytical performance and can be more applicable to online analysis on cloud platforms.
基金This work is supported by the Science and Technology Commission of Shanghai Municipality(No.15511103003)the National Natural Science Foundation of China(No.61602121)the Open Project of Beijing Key Laboratory of IoT Information Security Technology(No.J6V0011104)。
文摘Modern mobile devices provide a wide variety of services.Users are able to access these services for many sensitive tasks relating to their everyday lives(e.g.,finance,home,or contacts).However,these services also provide new attack surfaces to attackers.Many efforts have been devoted to protecting mobile users from privacy leakage.In this work,we study state-of-the-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.
基金supported by the National Natural Science Foundation of China(Grant Nos.61672101,U1636119.6186603S,61962059)2018 College Students’Innovation and Entrepreneurship Training Program(D2018127)。
文摘It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.
基金supported in part by National Key R&D Program of China(No.2016QY04W0805)NSFC U1536106,61728209+3 种基金National Top-notch Youth Talents Program of ChinaYouth Innovation Promotion Association CASBeijing Nova Program and a research grant from Ant Financialpartly supported by International Cooperation Program on CyberSecurity,administered by SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,China(No.SNSBBH-2017111036).
文摘A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.
