TTLed Random Walks for Collaborative Monitoring

Fifth IEEE International Symposium on Network Computing and Applications (NCA'06), 2006

The widespread uses of large-scale distributed systems, e.g., Grid networks and distributed storage systems, raise the possibilities of large-scale attacks on such systems. Although current technology for detecting worms and viruses in the Internet can be applied, few existing systems support fast propagation of alerts during the attack itself. This paper proposes and studies a new system towards this problem. The system, called "Contag-Alert", uses contagion spreading behavior, somewhat like the spread of fads in society, in order to spread alerts. ContagAlert is able to propagate an alert while the attack is in progress, while at the same time suppressing disruptive signals generated by adversaries or false positives. The core contagion protocols in the system are completely localized, involving simple threshold checks at each node, but resulting in desired emergent threshold behavior at the network scale. Signals with too few sources fail to spread, and signals exceeding the threshold propagate across the entire network. Contagion protocols can be analyzed using bootstrap percolation models. We also present experimental results from contagion protocols running in a wide variety of topologies. Finally, we present experiments based on two reallife applications: Internet worm attacks and DoS attacks on p2p systems.

2012

Mobile phones are integral to everyday life with emails, social networking, online banking and other applications; however, the wealth of private information accessible increases economic incentives for attackers. Compared with fixed networks, mobile malware can replicate through both long range messaging and short range radio technologies; the former can be filtered by the network operator but determining the best method of containing short range malware is an open problem. While global software updates are sometimes ...

With the highly emerging use of smart phones, now a days we able to perform various tasks, as the cashless services are increasing day by day, sensitive application such as banking related app. But there rising danger due to malware attack, its quite difficult and challenge to detect new malware. In this article we present secured framework against application installation attacks on mobile network platform, in this we applied parallel processing of three approaches i.e. user feedback filter,signature based detection filter and permission based filter.This system use naïve based classifier to find out the probability of malware

2005

International Journal of Information Security, 2016

Users leverage mobile devices for their daily Internet needs by running various mobile applications (apps) such as social networking, e-mailing, news-reading, and video/audio streaming. Mobile device have become major targets for malicious apps due to their heavy network activity and is a research challenge in the current era. The majority of the research reported in the literature is focused on host-based systems rather than the network-based; unable to detect malicious activities occurring on mobile device through the Internet. This paper presents a detection app model for classification of apps. We investigate the accuracy of various machine learning models, in the context of known and unknown apps, benign and normal apps, with or without encrypted message-based app, and operating system version independence of classification. The best resulted machine learning(ML)-based model is embedded into the detection app for efficient and effective detection. We collect a dataset of network activities of 18 different malware families-based apps and 14 genuine apps and use it to develop ML-based detectors. We show that, it is possible to detect malicious app using network traces with the traditional ML techniques, and results revealed the accuracy (95-99.9 %) in detection of apps in different scenarios. The model proposed is proved efficient and suitable for mobile devices. Due to the widespread penetration of Android OS into the market, it has become the main target for the attackers. Hence, the proposed system is deployed on Android environment.

Mobile applications (or apps) are rapidly growing in number and variety. These apps provide useful features, but also bring certain privacy and security risks. For example, malicious authors may attach destructive payloads to legitimate apps to create so-called "piggybacked" apps and advertise them in various app markets to infect unsuspecting users. To detect them, existing approaches typically employ pair-wise comparison, which unfortunately has limited scalability. In this paper, we present a fast and scalable approach to detect these apps in existing Android markets. Based on the fact that the attached payload is not an integral part of a given app's primary functionality, we propose a module decoupling technique to partition an app's code into primary and non-primary modules. Also, noticing that piggybacked apps share the same primary modules as the original apps, we develop a feature fingerprint technique to extract various semantic features (from primary modules) and convert them into feature vectors. We then construct a metric space and propose a linearithmic search algorithm (with O(n log n) time complexity) to efficiently and scalably detect piggybacked apps. We have implemented a prototype and used it to study 84, 767 apps collected from various Android markets in 2011. Our results show that the processing of these apps takes less than nine hours on a single machine. In addition, among these markets, piggybacked apps range from 0.97% to 2.7% (the official Android Market has 1%). Further investigation shows that they are mainly used to steal ad revenue from the original developers and implant malicious payloads (e.g., for remote bot control). These results demonstrate the effectiveness and scalability of our approach.

2016

The ubiquitous availability of Android devices has led to increasing malicious mobile attacks targeting the Android mobile operating system. In recent times, adversaries leverage situational awareness, user and device context to create targeted malware for mobile devices. Several mobile security tools such as Mobile Sandbox, TargetDroid, and ANANAS focus on tailoring the detection schemes for individual users and suffer from scalability by analyzing individual user’s activities. To the best of our knowledge, these tools do not incorporate user group profiling in their automated user-behavior driven dynamic analysis. In addition, adaptive and location-based alerts are not provided to mobile users. We propose SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Mobile Devices, to provide a scalable system to classify, detect, and predict targeted malware in real-time. SCREDENT incorporates behavior-triggering probabilistic models and user grouping t...

2007

Botnets allow adversaries to wage attacks on unprecedented scales at unprecedented rates, motivation for which is no longer just malice but profits instead. The longer botnets go undetected, the higher those profits. I present in this thesis an architecture that leverages collaborative networks of peers in order to detect bots across the same. Not only is this architecture both automated and rapid, it is also high in true positives and low in false positives. Moreover, it accepts as realities insecurities in today's systems, tolerating bugs, complexity, monocultures, and interconnectivity alike. This architecture embodies my own definition of anomalous behavior: I say a system's behavior is anomalous if it correlates all too well with other networked, but otherwise independent, systems' behavior. I provide empirical validation that collaborative detection of bots can indeed work. I validate my ideas in both simulation and the wild. Through simulations with traces of 9 variants of worms and 25 non-worms, I find that two peers, upon exchanging summaries of system calls recently executed, can decide that they are, more likely than not, both executing the same worm as often as 97% of the time. I deploy an actual prototype of my architecture to a network of 29 systems with which I monitor and analyze 10,776 processes, inclusive of 511 unique non-worms (873 if unique versions constitute unique non-worms). Using that data, I expose the utility of temporal consistency (similarity over time in worms' and non-worms' invocations of system calls) in collaborative detection. I identify properties with which to distinguish non-worms from worms 99% of the time. I find that a collaborative network, using patterns of system calls and simple heuristics, can detect worms running on multiple hosts. And I find that collaboration among peers significantly reduces the risk of false positives because of the unlikely, simultaneous appearance across peers of non-worm processes with worm-like properties.

2009

Computers & Security, 2014

With the increasing usage of smartphones a plethora of security solutions are being designed and developed. Many of the security solutions fail to cope with advanced attacks and are not aways properly designed for smartphone platforms. Therefore, there is a need for a methodology to evaluate their effectiveness. Since the Android operating system has the highest market share today, we decided to focus on it in this study in which we review some of the state-of-the-art security solutions for Android-based smartphones. In addition, we present a set of evaluation criteria aiming at evaluating security mechanisms that are specifically designed for Android-based smartphones. We believe that the proposed framework will help security solution designers develop more effective solutions and assist security experts evaluate the effectiveness of security solutions for Android-based smartphones.