Search published articles


Showing 5 results for Malware
RiskMeter: A Tool for Measuring Precise Security Risk Values of Mobile Device Applications
Mahmood Deypir,
Volume 14, Issue 3 (12-2017)
Abstract

Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, functionalities, and facilities make privacy and security issues more critical. Therefore, traditional security mechanism including biometric authentication, data encryption, access control, and etc. are not adequate. Therefore, danger of installing and using malwares must be taken into account in order to provide practical security for end users. Installing new and unknown applications on these devices might lead to security threats. Recently, smartphones and tablets utilize powerful operating system in which security of application is provided by application permissions. Android and BlackBerry are two examples of operating systems which reduce attack surface by using application permissions. In these operating systems, in order to perform malicious activities, an attacker must deceive users to install a malicious app since other ways of intrusion are almost closed. Recent statistics show that Android is the most popular operating system. For installing an app, Android requires the user to grant privileges through the requested permissions. There is a large number of applications (Apps) developed for this operating system which require various permissions based on their functionalities and provided services. Therefore, measuring security risks of applications can help us to make better decision regarding to apps installation and removal. There exists some research regarding to enhance the Android security model and its security risk communication mechanism. In this mobile operating system, security risk values of applications can be computed using their requested permissions. In this study, a new software tool is designed and implemented to measure security risk values of mobile applications. This tool benefits from a new metric to compute the risk values. This risk metric exploits statistics of permission usages in known malwares and goodwares. However, they can be simply extended to other features of Android apps including static and dynamic ones. Moreover, we have attempted to give a better definition of permission criticality to aim users for making best decision in new apps installation or previously installed ones removal. In fact, we have designated a new formulation to assign higher risk values to permissions with a higher usage in malwares and very lower usage in benign apps. The idea is quite simple but produces interesting results. That is, the security risk of a permission is directly related to the difference of its usage in malicious and non-malicious apps. Given risk values of permissions, one can compute risk of an Android app based on its permission list. Since the proposed measurement compute the risk values of permissions according to simple statistics of known malwares and useful Android apps, they have good explainability. Users can be informed regarding to danger about approving risky permissions and they can make reasonable decisions based on total risk score of an app which can be simply computed using security risks of its requested permissions. In order to purpose the metric, we have analyzed requested permissions of large number of malicious and ordinary applications. Moreover, for realistic evaluations, we have constructed two new datasets of applications belonging to an Iranian market and new malwares. Experimental evaluations on real known malwares and benign apps reveal the superiority of the proposed criterion with respect to previously proposed method in terms of assigning higher risk values to malwares and lower risk values to the benign applications.    


Malware Detection using Classification of Variable-Length Sequences
Fatemeh Hosseini, Mitra Mirzarezaee, Arash Sharifi,
Volume 16, Issue 2 (9-2019)
Abstract
In this paper, a novel method based on the graph is proposed to classify the sequence of variable length as feature extraction. The proposed method overcomes the problems of the traditional graph with variable length of data, without fixing length of sequences, by determining the most frequent instructions and insertion the rest of instructions on the set of “other”, save speed and memory. According to features and the similarities of them, a score is given to each sample and that is used for classification. To improve the results, the method is not used alone, but in the two approaches, this method is combined with other existing Technique to get better results. In the first approach, which can be considered as a feature extraction, extracted features from scoring techniques (Hidden Markov Model, simple substitution distance and similarity graph) on op-code sequences, hexadecimal sequences and system calls are combined at classifier input. The second approach consists of two steps, in the first step; the scores which obtained from each of the scoring Technique are given to the three support vector machine. The outcomes are combined according to the weight of each Technique and the final decision is taken based on the majority vote. Among the components of the support vector machine, when given a higher weight in the similarity graph method (the proposed method), the result is better, Because the similarity graph method is more accurate than the other two methods. Then, in the second section, considering the strengths and benefits of each classifier, classifier outputs are combined and the majority voting is used. Three methods have been tested for group combinations, including Ensemble Averaging, Bagging, and Boosting. Ensemble Averaging consisting of the combination of four classifiers of random forests, a support vector machine (as obtained in the previous section), K nearest neighbors and naive Bayes, and the final decision is taken based on the majority vote; therefore, it is used as the proposed method. The proposed approach could detect metamorphic malware from Vxheaven set and also determines categories of malware with accuracy of 97%, while the SSD and HMM methods under the same conditions could detect malware with an accuracy of 84% and 80% respectively.
 


Detecting Ransomware and Identifying their Families Using Sequence Mining in Dynamic Analysis
Hamid Darabian, Sattar Hashemi, Sajad Homayoon, Karamollah Bagherifard,
Volume 18, Issue 3 (12-2021)
Abstract
Nowadays, crypto-ransomware is considered as one of the most threats in cybersecurity. Crypto ransomware removes data access by encrypting valuable data and requests a ransom payment to allow data decryption. The number of Crypto ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the goodware types and other types of ransomware to protect users' machines from ransomware-based attacks. Most published works considered System File and process behavior to identify ransomware which depend on how quickly and accurately system logs can be obtained and mined to detect abnormalities. Due to the severity of irreparable damage of ransomware attacks, timely detection of ransomware is of great importance. This paper focuses on the early detection of ransomware samples by analyzing behavioral logs of programs executing on the operating system before the malicious program destroy all the files. Sequential Pattern Mining is utilized to find Maximal Sequential Patterns of activities within different ransomware families as candidate features for classification. First, we prepare our test environment to execute and collect activity logs of 572 TeslaCrypt samples, 535 Cerber ransomware, and 517 Locky ransomware samples. Our testbed has the capability to be used in other projects where the automatic execution of malware samples is essential. Then, we extracted valuable features from the output of the Sequence Mining technique to train a classification algorithm for detecting ransomware samples. 99% accuracy in detecting ransomware instances from benign samples and 96.5% accuracy in detecting family of a given ransomware sample proves the usefulness and practicality of our proposed methods in detecting ransomware samples.

Detecting Android malware with offloading approach in cloud computing
Masoume Ghasemi, Abbas Horri, Dr Mohammad Ehsan Basiri,
Volume 21, Issue 3 (12-2024)
Abstract
Today, the mobile phone is one of the smart devices that have become a necessity in everyday life and are used for various tasks such as shopping, banking, communicating with friends, family, etc. In recent years, the Android operating system has been able to gain more popularity than other mobile phone operating systems. The number of software related to this operating system is also expanding at a remarkable speed. Unfortunately, this issue is not hidden from the profit-seeking people, and the production of malware of this operating system has also grown in parallel with its development. Third-party Android app stores that have emerged in recent years have become a very strong source of malware distribution, as these stores have weak to non-existent measures to prevent malicious apps from being uploaded and distributed to users' devices. Therefore, one of the challenges that programmers are dealing with in this field is to find solutions to establish security in these types of devices, in such a way that it provides powerful security analysis capabilities while consuming few resources on the device itself.
Software products such as Lookout, Norton, and Comodo Mobile Security mainly use signature-based methods to detect malware threats. However, malware attackers use techniques such as repackaging and obfuscation to circumvent signatures and defeat attempts to analyze their internal mechanisms. The ever-increasing sophistication of Android malware requires new defense techniques that can protect users against new threats while not using up all of a mobile device's processing and storage resources. Therefore, in the current research, a computational offloading method is presented in the cloud structure to identify Android malware.
The solution proposed by this research first extracts the features of Android applications during installation and execution on the mobile phone, then sends these extracted features to the cloud servers. On the cloud server side, these features are analyzed and using machine learning algorithms, malware is distinguished from clean programs. The proposed approach is trained and tested using the Drebin dataset. The obtained results show that the proposed approach has achieved 96.44% accuracy for malware detection.

A Deep Learning Based Method for Android Malware Detection
Mr. Ali Olyaei Torqabeh, Dr. Abbas Rasoolzadegan,
Volume 22, Issue 4 (3-2026)
Abstract
The Android operating system, an open-source platform supported by Google, has become a cornerstone of modern technology due to its widespread adoption in diverse devices, including smartphones, smart TVs, and wearables. This extensive reach has established Android as a dominant force in the global market but simultaneously made it a primary target for malware developers. The growing sophistication and frequency of mobile malware attacks pose significant challenges for users and Android app distribution platforms. These attacks exploit the open nature of the Android ecosystem and increasingly employ advanced techniques such as obfuscation, rendering traditional detection methods less effective. In response to these challenges, this study introduces an innovative approach to malware detection leveraging image and audio processing in combination with deep learning techniques. Our proposed methodology addresses the limitations of existing methods by providing a scalable, high-accuracy solution suitable for industrial deployment. The research is based on static analysis. During the static analysis, executable file bytes are transformed into audio signals, and features extracted from these signals are used to train a deep learning model. This model achieved an impressive accuracy of 99.3%, with a precision of 99.8% and a recall of 99.1%. The novelty of our approach lies in its ability to detect obfuscated malware, a critical and challenging aspect of modern malware detection. By mapping executable files to the audio domain in static analysis, our method effectively reduces computational complexity while enhancing detection accuracy. The proposed framework was validated on a diverse and comprehensive dataset, showcasing its capability to distinguish between benign and malicious applications with high reliability. Furthermore, the method's design ensures practical applicability in real-world scenarios, particularly in app distribution platforms where rapid and accurate malware detection is crucial. This research contributes a novel, efficient, and scalable malware detection solution that addresses the challenges posed by obfuscation and computational demands. The proposed framework not only advances the state-of-the-art in Android malware detection but also lays the groundwork for future research exploring hybrid analysis techniques and real-time detection capabilities.
 
Page 1 from 1     

© 2015 All Rights Reserved | Signal and Data Processing