Muutke küpsiste eelistusi

Intelligent Mobile Malware Detection [Kõva köide]

, , , (Charles Darwin University, Australia)
  • Formaat: Hardback, 174 pages, kõrgus x laius: 234x156 mm, kaal: 390 g, 41 Tables, black and white; 30 Line drawings, black and white; 30 Illustrations, black and white
  • Sari: Security, Privacy, and Trust in Mobile Communications
  • Ilmumisaeg: 30-Dec-2022
  • Kirjastus: CRC Press
  • ISBN-10: 0367638711
  • ISBN-13: 9780367638719
Teised raamatud teemal:
Intelligent Mobile Malware DetectionSuurem pilt
  • Formaat: Hardback, 174 pages, kõrgus x laius: 234x156 mm, kaal: 390 g, 41 Tables, black and white; 30 Line drawings, black and white; 30 Illustrations, black and white
  • Sari: Security, Privacy, and Trust in Mobile Communications
  • Ilmumisaeg: 30-Dec-2022
  • Kirjastus: CRC Press
  • ISBN-10: 0367638711
  • ISBN-13: 9780367638719
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367638719.html
Märksõnad:

The popularity of Android mobile phones has attracted cybercriminals to create malware applications that carry out various malicious activities. This book will be highly useful for Android malware researchers, developers, students and cyber security professionals to explore and build defense mechanisms against Android malware.



The popularity of Android mobile phones has caused more cybercriminals to create malware applications that carry out various malicious activities. The attacks, which escalated after the COVID-19 pandemic, proved there is great importance in protecting Android mobile devices from malware attacks. Intelligent Mobile Malware Detection will teach users how to develop intelligent Android malware detection mechanisms by using various graph and stochastic models. The book begins with an introduction to the Android operating system accompanied by the limitations of the state-of-the-art static malware detection mechanisms as well as a detailed presentation of a hybrid malware detection mechanism. The text then presents four different system call-based dynamic Android malware detection mechanisms using graph centrality measures, graph signal processing and graph convolutional networks. Further, it shows how most of the Android malware can be detected by checking the presence of a unique subsequence of system calls in its system call sequence. All the malware detection mechanisms presented in the book are based on the authors' recent research. The experiments are conducted with the latest Android malware samples and the malware samples are collected from public repositories. The source codes are also provided for easy implementation of the mechanisms. This book will be highly useful to Android malware researchers, developers, students and cyber security professionals to explore and build defense mechanisms against the ever-evolving Android malware.

Preface ix
Acknowledgements xi
About the Authors xiii
Symbols xv
1 Internet and Android OS
1(12)
1.1 Android OS
2(2)
1.1.1 Linux kernel
3(1)
1.1.2 Native libraries
3(1)
1.1.3 Android runtime
3(1)
1.1.4 Application framework
3(1)
1.1.5 Application layer
4(1)
1.2 Android Application Development
4(1)
1.3 Google Playstore
5(1)
1.4 Intents and Intent Filters
6(1)
1.5 Android Security
6(2)
1.5.1 Permissions
6(1)
1.5.2 Application sandbox
7(1)
1.5.3 Application signature
7(1)
1.5.4 Data encryption
7(1)
1.6 Internet of Things
8(2)
1.6.1 Architecture of IoT
8(1)
1.6.1.1 Sensor layer
9(1)
1.6.1.2 Gateways and networks
9(1)
1.6.1.3 Management service layer
9(1)
1.6.1.4 Application layer
9(1)
1.7 Android Things
10(1)
1.8 IoT Security
11(1)
1.8.1 Malware Threats in IoT
11(1)
1.9 Conclusion
11(2)
2 Android Malware
13(10)
2.1 PC Malware vs. Android Malware
13(1)
2.2 Trends in Malware
14(2)
2.2.1 Trends in Windows malware
15(1)
2.2.2 Trends in Android malware
15(1)
2.3 Types of Malware Detection Mechanisms
16(1)
2.4 Malware Types
17(2)
2.5 Malware Attacks in Android
19(1)
2.5.1 Drive by download attack
19(1)
2.5.2 Update attack
19(1)
2.5.3 Repacking attack
19(1)
2.6 History of Malware Attacks in Android
19(2)
2.7 Conclusion
21(2)
3 Static Malware Detection
23(20)
3.1 Reverse Engineering and Static Analysis
23(2)
3.1.1 Reverse engineering using Apktool and Dex2jar
23(1)
3.1.2 Static malware analysis tools
24(1)
3.2 Components of Android Application
25(1)
3.3 API Call Analysis
26(3)
3.3.1 API's used by malware applications
27(2)
3.4 API Call-Based Static Detection
29(2)
3.4.1 Mechanisms using the independent occurrence of API
29(1)
3.4.2 Mechanisms Using API Call Graphs
30(1)
3.5 Permission and Intent-Based Static Detection
31(9)
3.5.1 Permission analysis
31(1)
3.5.1.1 Permissions used by the malware applications
32(2)
3.5.1.2 Component-based permission escalation attack
34(2)
3.5.2 Intent-based analysis
36(1)
3.5.2.1 Intents used for malware attacks
36(2)
3.5.2.2 Intent-based vulnerabilities
38(1)
3.5.3 Malware detection using permissions and intents
39(1)
3.6 Opcode-Based Static Detection
40(1)
3.6.1 Malware detection using opcodes
40(1)
3.7 Conclusion
41(2)
4 Dynamic and Hybrid Malware Detection
43(26)
4.1 Emulator-Based Dynamic Analysis
43(1)
4.2 Dynamic Malware Detection Mechanisms
44(6)
4.2.1 System metric and traffic analysis (Category 1)
44(2)
4.2.2 Network packet analysis (Category 2)
46(1)
4.2.3 Sensitive API call analysis (Category 3)
46(1)
4.2.4 System call analysis (Category 4)
47(1)
4.2.4.1 System call frequency or TF-IDF-based methods
47(1)
4.2.4.2 System call dependency graph or markov chain-based methods
48(1)
4.2.4.3 System call phylogeny-based methods
49(1)
4.2.4.4 System call behavior or sequence analysis-based methods
49(1)
4.3 Hybrid Analysis
50(2)
4.3.1 Hybrid detection based on a single classifier (Category 1)
50(1)
4.3.2 Hybrid detection based on ensemble classifiers (Category 2)
51(1)
4.4 Correlation Among Static and Dynamic Features
52(1)
4.4.1 Tree augmented Naive Bayes (TAN) model
52(1)
4.5 Hybrid Analysis with TAN Classifier
53(6)
4.5.1 Dependencies among API calls, permission and system calls
54(1)
4.5.2 Ridge regularized logistic regression (RRLR)
54(2)
4.5.3 Probability estimation
56(1)
4.5.4 Anomaly detection
56(1)
4.5.4.1 App permission analysis
57(1)
4.5.4.2 Static API function call analysis
57(1)
4.5.4.3 System call analysis
58(1)
4.5.5 Malware detection using TAN-based model
58(1)
4.6 Experiments and Analysis
59(6)
4.6.1 Training phase
60(2)
4.6.1.1 Estimation of threshold for Xi, E2.-43
62(1)
4.6.1.2 Conditional probability estimation
62(2)
4.6.2 Evaluation phase
64(1)
4.7 Conclusion
65(4)
5 Detection Using Graph Centrality Measures
69(10)
5.1 Digraph from System Call Sequence
70(1)
5.2 Centrality Measures from System Call Digraph
71(3)
5.3 Malware Detection Phase
74(1)
5.4 Experiments and Analysis
75(3)
5.4.1 Dataset
75(1)
5.4.2 Performance results
76(2)
5.5 Conclusion
78(1)
6 Graph Convolutional Network for Detection
79(12)
6.1 Introduction to GCN
79(1)
6.2 GCN-Based Malware Detection
80(5)
6.2.1 System call graph construction
80(3)
6.2.2 GCN for low dimensional feature representation
83(1)
6.2.3 Training of GCN
84(1)
6.2.4 System call graph classification using GCN
85(1)
6.3 Experiments and Analysis
85(3)
6.3.1 Implementation details
86(2)
6.4 Detection of Emerging Malware
88(1)
6.5 Conclusion
89(2)
7 Graph Signal Processing-Based Detection
91(12)
7.1 Graph Signal Processing and Its Applications
91(1)
7.2 Graph Signals from System Call Sequence
92(3)
7.3 Machine Learning Classification for Malware Detection
95(2)
7.3.1 Construction of low-dimensional feature vectors
96(1)
7.4 Experiments and Analysis
97(3)
7.4.1 Experimental setup
97(2)
7.4.2 Performance analysis with various ML classifiers
99(1)
7.5 Miscellaneous Operations on Graph Signals
100(1)
7.6 Conclusion
100(3)
8 System Call Pattern-Based Detection
103(12)
8.1 Extraction of Patterns From System Call Sequences
103(3)
8.1.1 Representing system call sequence as ergodic Markov chain
104(1)
8.1.2 Computation of information in system call sequence
104(1)
8.1.3 Identification of system call patterns
105(1)
8.2 System call patterns in Walkinwat trojan
106(2)
8.3 Malware Detection and Classification Based on System Call Patterns
108(2)
8.4 Experiments and Analysis
110(3)
8.5 Conclusion
113(2)
9 Conclusions and Future Directions
115(4)
9.1 Recent Malware Attacks
115(1)
9.2 Identifying Exploitation Attacks
116(1)
9.3 Mitigating Emulator Evasion and Code Coverage Problem
117(1)
9.4 Resilience to the Change in System Call Sequence
118(1)
9.5 Collusion Attack
118(1)
Appendix 119(34)
Bibliography 153(20)
Index 173
Dr. Tony Thomas is currently associate professor in the School of Computer Science and Engineering, Kerala University of Digital Sciences, Innovation and Technology, India (formerly IIITM-K). He completed his masters and PhD degrees from IIT Kanpur. After completing his PhD, he carried out his post-doctoral research at the Korea Advanced Institute of Science and Technology. After that, he joined as a researcher at the General Motors Research Lab, Bangalore, India. He later moved to the School of Computer Engineering, Nanyang Technological University, Singapore as a research fellow. In 2011, he joined as an assistant professor at Indian Institute of Information Technology and Management-Kerala (IIITM-K). He is an associate editor and reviewer of several journals. He is a member of the Board of Studies of several universities. His current research interests include: malware analysis, biometrics, cryptography, quantum computation and machine learning applications in cyber security. He has published many research papers, book chapters and books in these domains. He is an author of the book Machine Learning Approaches in Cyber Security Analytics published by Springer.

Dr. Roopak Surendran is currently working as a penetration tester at the Kerala Security Audit and Assurance Centre (K-SAAC) of the Kerala University of Digital Sciences Innovation and Technology. He has done his PhD research in Android malware analysis, which was funded by the Kerala state planning board. Before joining the PhD program, he completed his MPhil degree in computer science with a specialization in cyber security from Indian Institute of Information Technology and Management-Kerala. He published many research papers related to malware analysis and phishing detection. Also, he has developed Python-based tools and sandboxes to protect devices from phishing and malware attacks. His interests include: web application security, mobile application security, malware analysis and phishing detection.

Ms. Teenu S. John holds an MTech degree in computer science with specialization in data security from TocH Institute of Science and Technology under Cochin University of Science and Technology, Kerala, India, and a BTech degree in information technology from the College of Engineering Perumon, under Cochin University of Science and Technology-Kerala, India. She is currently doing her PhD on adversarial malware detection at the Kerala University of Digital Sciences Innovation and Technology, formerly Indian Institute of Information Technology and Management-Kerala (IIITM-K). Her research interests include: malware analysis, machine learning for cyber security, data analytics and cyber threat detection.

Dr. Mamoun Alazab is associate professor at the College of Engineering, IT and Environment, and is the director of the NT Academic Centre for Cyber Security and Innovation (ACCI) at Charles Darwin University, Australia. He received his PhD in computer science from the Federation University of Australia, School of Science, Information Technology and Engineering. He is a cyber security researcher and practitioner with industry and academic experience. Dr. Alazabs research is multidisciplinary focusing on cyber security including current and emerging issues in the cyber environment like cyber-physical systems and Internet of Things, with a focus on cybercrime detection and prevention. He has more than 300 research papers, 11 authored and edited books, as well as 3 patents. As of March 2022, 9256 citations appear on Google. His research over the years has contributed to the development of several successful secure commercial systems. His book, Malware Analysis Using Artificial Intelligence and Deep Learning, reached 40k downloads in about 1 year and was referred to by Microsoft research and Google research. He is the recipient of several prestigious awards including the NT Young Tall Poppy of the Year (2021) from the Australian Institute of Policy and Science (AIPS) and the Japan Society for the Promotion of Science (JSPS) fellowship through the Australian Academy of Science. He worked previously as a senior lecturer (Australian National University) and lecturer (Macquarie University). He is a senior member of the IEEE, and the founding chair of the IEEE Northern Territory (NT) Subsection. He serves as the associate editor of IEEE Transactions on Computational Social Systems, IEEE Transactions on Network and Service Management (TNSM), ACM Digital Threats: Research and Practice, and Complex & Intelligent Systems.