Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Background A. Threat Model
Design Goals and Metrics
Data Collection A. App Design
Data Collection Procedures
Gesture Detection: Design, and Evaluation
Related Work
Conclusion and Future Work
References
All Topics
Computer Science

Curbing mobile malware based on user-transparent hand movements

Profile image of Manar MohamedManar Mohamed

2015, 2015 IEEE International Conference on Pervasive Computing and Communications (PerCom)

Abstract

In this paper, we present a run-time defense to the malware that inspects the presence/absence of certain transparent human gestures exhibited naturally by users prior to accessing a desired resource. Specifically, we focus on the use of transparent gestures to prevent the misuse of three critical smartphone capabilities-the phone calling service, the camera resource and the NFC reading functionality. We show how the underlying natural hand movement gestures associated with the three services, calling, snapping and tapping, can be detected in a robust manner using multiple-motion, position and ambient-sensors and machine learning classifiers. To demonstrate the effectiveness of our approach, we collect data from multiple phone models and multiple users in real-life or near real-life scenarios emulating both benign settings as well as adversarial scenarios. Our results show that the three gestures can be detected with a high overall accuracy, and can be distinguished from one another and from other activities (benign or malicious), serving as a viable malware defense. In the future, we believe that transparent gestures associated with other smartphone services, such as sending SMS or email, can also be integrated with our system.

Related papers

Evaluation of machine learning classifiers for mobile malware detection
Ahmad abdullah

Soft Computing, 2014

Mobile devices have become a significant part of people's lives, leading to an increasing number of users involved with such technology. The rising number of users invites hackers to generate malicious applications. Besides, the security of sensitive data available on mobile devices is taken lightly. Relying on currently developed approaches is not sufficient, given that intelligent malware keeps modifying rapidly and as a result becomes more difficult to detect. In this paper, we propose an alternative solution to evaluating malware detection using the anomaly-based approach with machine learning classifiers. Among the various network traffic features, the four categories selected are basic information, content based, time based and connection based. The evaluation utilizes two datasets: public (i.e. MalGenome) and private (i.e. self-collected). Based on the evaluation results, both the Bayes network and random forest classifiers produced more accurate readings, with a 99.97 % true-positive rate (TPR) as opposed to the multi-layer perceptron with only 93.03 % on the MalGenome dataset. However, this experiment revealed that the k-nearest neighbor classifier efficiently detected the latest Android malware with an 84.57 % truepositive rate higher than other classifiers. Communicated by V. Loia.

View PDFchevron_right
Mobile Cloud Computing systems , Management , and Security ( MCSMS-2016 ) SCREDENT : Sc alable Re al-time Anomalies De tection and N otification of T argeted Malware in Mobile Devices
Sachin Shetty

2016

The ubiquitous availability of Android devices has led to increasing malicious mobile attacks targeting the Android mobile operating system. In recent times, adversaries leverage situational awareness, user and device context to create targeted malware for mobile devices. Several mobile security tools such as Mobile Sandbox, TargetDroid, and ANANAS focus on tailoring the detection schemes for individual users and suffer from scalability by analyzing individual user’s activities. To the best of our knowledge, these tools do not incorporate user group profiling in their automated user-behavior driven dynamic analysis. In addition, adaptive and location-based alerts are not provided to mobile users. We propose SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Mobile Devices, to provide a scalable system to classify, detect, and predict targeted malware in real-time. SCREDENT incorporates behavior-triggering probabilistic models and user grouping t...

View PDFchevron_right
PrePrint: Detection of Mobile Malware in the Wild
Chandramohan Mahinthan

Smartphones have become an essential part of human life and its usage has grown exponentially in the past few years. The growth of smartphone usage can be directly linked to its ability to support third-party applications that are offered through online application markets. Due to its worldwide adoption and widespread popularity, the mobile malware attacks also growing at an alarming rate (http://bit.ly/sbtujI). Malware authors make use of third-party applications to inject malicious content into smartphones and thus compromise phone‟s security. In response, mobile security research has become critical and focused on protecting smartphones from malware attacks and other security threats. In this paper, we present a survey of techniques that are used to detect mobile malware in the wild and discuss the limitations of current techniques and provide some tips to protect smartphones from potential security threats.

View PDFchevron_right
Mobile and Ubiquitous Malware
yl ho

Mobile malware is an increasing threat to the world of handheld devices, which can prove to be costlier than PC viruses in the future. The current method used to combat mobile malware is virus signature matching which is based on the slow process of reverse engineering. This paper studies the growth, spread and generic behaviors of mobile and ubiquitous malware in mobile phones. We extend the works of Bose et al. and Schmidt et al. with an additional feature to reduce the effectiveness of mobile malware propagation. The objective of our work is to investigate the trends and generic behavioral patterns of mobile malware and suggest a generic proof-of-concept model which combines the works of Bose et al. and Schmidt et al. with a new feature to slowdown the spread of known and unknown mobile malware which may share similar behavioral patterns.

View PDFchevron_right
Inferences from Interactions with Smart Devices: Security Leaks and Defenses
Diksha Shukla

2019

We unlock our smart devices such as smartphone several times every day using a pin, password, or graphical pattern if the device is secured by one. The scope and usage of smart devices’ are expanding day by day in our everyday life and hence the need to make them more secure. In the near future, we may need to authenticate ourselves on emerging smart devices such as electronic doors, exercise equipment, power tools, medical devices, and smart TV remote control. While recent research focuses on developing new behavior-based methods to authenticate these smart devices, pin and password still remain primary methods to authenticate a user on a device. Although the recent research exposes the observation-based vulnerabilities, the popular belief is that the direct observation attacks can be thwarted by simple methods that obscure the attacker’s view of the input console (or screen). In this dissertation, we study the users’ hand movement pattern while they type on their smart devices. Th...

View PDFchevron_right
PlaceRaider: Virtual Theft in Physical Spaces with Smartphones
Zahid Rahman

NDSS

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a camera have been understudied. This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote at- tackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable informa- tion). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful urveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.

View PDFchevron_right
Behaviour-based Malware Detection in Mobile AndroidPlatforms Using Machine Learning Algorithms
Pedro R . M . Inácio

J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2021

During the last few years, several approaches have been proposed for detection of Android malware Apps, each usually using its own dataset. Generating a representative Android malware dataset to evaluate malware detection approaches is a challenging task. Recently, the Canadian Institute for Cybersecurity released the CICAndMal2017 dataset, which includes recent and sophisticated Android samples spanning between five distinct categories: Adware, Ransomware, SMS malware, Scareware, and Benign. The best classification result obtained for this dataset was with a Precision of 95.3%, achieved with the Random Forest algorithm, using Permissions and Intents as static features. In this paper, we investigate the usage of nine machine learning algorithms to classify malware in the above mentioned dataset. The comparison of the obtained results is performed with the ones obtained with Random Forest, including performance evaluation (in terms of Precision, Recall, F-Measure, and Accuracy) and resource usage (in terms of execution time and CPU and memory consumption). Besides, we also investigate the use of a non-sliding Bag of System Calls algorithm with the above mentioned machine learning algorithms. It is shown that the Adaboost algorithm, using the Random Forest as a base estimator, leads to the best classification results with an Accuracy of 98.24%, a Precision of 99.31% (for malware), and an F1-Measure of 95.05% (for malware), at the cost of a larger execution time than Random Forest.

View PDFchevron_right
Continuous User Authentication Using Machine Learning and Multi-Finger Mobile Touch Dynamics with a Novel Dataset
Naeem Seliya

arXiv (Cornell University), 2022

As technology grows and evolves rapidly, it is increasingly clear that mobile devices are more commonly used for sensitive matters than ever before. A need to authenticate users continuously is sought after as a single-factor or multifactor authentication may only initially validate a user, which doesn't help if an impostor can bypass this initial validation. The field of touch dynamics emerges as a clear way to non-intrusively collect data about a user and their behaviors in order to develop and make imperative security-related decisions in real time. In this paper we present a novel dataset consisting of tracking 25 users playing two mobile games-Snake.io and Minecraft-each for 10 minutes, along with their relevant gesture data. From this data, we ran machine learning binary classifiersnamely Random Forest and K-Nearest Neighbor-to attempt to authenticate whether a sample of a particular user's actions were genuine. Our strongest model returned an average accuracy of roughly 93% for both games, showing touch dynamics can differentiate users effectively and is a feasible consideration for authentication schemes.

View PDFchevron_right
cHybriDroid: A Machine Learning-Based Hybrid Technique for Securing the Edge Computing
Muhammad Arshad Islam

Security and Communication Networks, 2020

Smart phones are an integral component of the mobile edge computing (MEC) framework. Securing the data stored on mobile devices is very crucial for ensuring the smooth operations of cloud services. A growing number of malicious Android applications demand an in-depth investigation to dissect their malicious intent to design effective malware detection techniques. The contemporary state-of-the-art model suggests that hybrid features based on machine learning (ML) techniques could play a significant role in android malware detection. The selection of application’s features plays a very crucial role to capture the appropriate behavioural patterns of malware instances for a useful classification of mobile applications. In this study, we propose a novel hybrid approach to detect android malware, wherein static features in conjunction with dynamic features of smart phone applications are employed. We collect these hybrid features using permissions, intents, and run-time features (such as ...

View PDFchevron_right

References (26)

  1. W. Augustinowicz. Trojan horse electronic pickpocket demo by identity stronghold. Available online at http://www.youtube.com/watch?v=eEcz0XszEic, June 2011.
  2. M. Ballano. Android threats getting steamy, 2011.
  3. A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral detection of malware on mobile handsets. In Mobile Systems, Applications, and Services (MobiSys), 2008.
  4. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: Behavior- based malware detection system for android. In Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011.
  5. A. Chaugule, Z. Xu, and S. Zhu. A specification based intrusion detection framework for mobile phones. In Applied Cryptography and Network Security (ACNS), 2011.
  6. M. Conti, I. Zachia-Zlatea, and B. Crispo. Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.
  7. F-Secure. Bluetooth-worm:symbos/cabir. Available online at http://www.f-secure.com/v-descs/cabir.shtml.
  8. F-Secure. Worm:symbos/commwarrior. Available online at http://www.f- secure.com/v-descs/commwarrior.shtml.
  9. J. Figura. Machine learning for google android. Available online at http://www.cestina.cz/ obo/vyuka/projekty/figura-ml-for-android.pdf.
  10. J. Han, E. Owusu, L. Nguyen, A. Perrig, and J. Zhang. Accomplice: Location inference using accelerometers on smartphones. In Communi- cation Systems and Networks (COMSNETS), 2012.
  11. S. Kolesnikov-Jessop. Hackers go after the smartphone, 2011. www.nytimes.com/2011/02/14/technology/14iht-srprivacy14.html.
  12. H. Li, D. Ma, N. Saxena, B. Shrestha, and Y. Zhu. Tap-wave-rub: Lightweight malware prevention for smartphones using intuitive human gestures. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013.
  13. P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Conference on Computer and Communications Security, CCS, 2011.
  14. Microsoft. What is user account control?, 2011. http://windows.microsoft.com/en-US/windows-vista/What-is-User- Account-Control.
  15. J. Oberheide, E. Cooke, and F. Jahanian. Cloudav: N-version antivirus in the network cloud. In USENIX Security Symposium, 2008.
  16. J. Oberheide, K. Veeraraghavan, E. Cooke, J. Flinn, and F. Jahanian. Virtualized in-cloud security services for mobile devices. In In Virtual- ization in Mobile Computing, MobiVirt, 2008.
  17. E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. Accessory: Password inference using accelerometers on smartphones. In Mobile Computing Systems & Applications, HotMobile, 2012.
  18. N. L. Petroni, Jr. and M. Hicks. Automated detection of persistent kernel control-flow attacks. In Conference on Computer and Communications Security (CCS), 2007.
  19. F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-driven access control: Rethinking permission granting in modern operating systems. In Symposium on Security and Privacy, 2012.
  20. R. Schlegel, K. Zhang, X. yong Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In Network & Distributed System Security Symposium, 2011.
  21. A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Symposium on Operating Systems Principles (SOSP), 2007.
  22. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer. Detection of ma- licious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report, 2009.
  23. B. Shrestha, N. Saxena, and J. Harrison. Wave-to-access: Protecting sen- sitive mobile device services via a hand waving gesture. In Cryptology and Network Security (CANS). 2013.
  24. R. Templeman, Z. Rahman, D. J. Crandall, and A. Kapadia. Placeraider: Virtual theft in physical spaces with smartphones. In Network & Distributed System Security Symposium, 2013.
  25. D. Venugopal. An efficient signature representation and matching method for mobile devices. In Wireless Internet (WICON), 2006.
  26. M. Ward. Smartphone security put on test, 2010. Available online at http://www.bbc.com/news/technology-10912376.

Related papers

A Non-intrusive Machine Learning Solution for Malware Detection and Data Theft Classification in Smartphones
Sai Venkatesh

Computational Science – ICCS 2021, 2021

Smartphones contain information that is more sensitive and personal than those found on computers and laptops. With an increase in the versatility of smartphone functionality, more data has become vulnerable and exposed to attackers. Successful mobile malware attacks could steal a user's location, photos, or even banking information. Due to a lack of post-attack strategies firms also risk going out of business due to data theft. Thus, there is a need besides just detecting malware intrusion in smartphones but to also identify the data that has been stolen to assess, aid in recovery and prevent future attacks. In this paper, we propose an accessible, non-intrusive machine learning solution to not only detect malware intrusion but also identify the type of data stolen for any app under supervision. We do this with android usage data obtained by utilising publicly available data collection framework-SherLock. We test the performance of our architecture for multiple users on real-world data collected using the same framework. Our architecture exhibits less than 9% inaccuracy in detecting malware and can classify with 83% certainty on the type of data that is being stolen.

View PDFchevron_right
Malware in Motion
Zhiyuan Luo

2022

Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android's Activity Recognition API.

View PDFchevron_right
Behavioral detection of malware on mobile handsets
Pallavi Kaushik

… 6th international conference on Mobile …, 2008

A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an application's actions over time often reveals the malicious intent even when each action alone may appear harmless. Then, we generate a database of malicious behavior signatures by studying more than 25 distinct families of mobile viruses and worms targeting the Symbian OS-the most widely-deployed handset OS-and their variants. Next, we propose a two-stage mapping technique that constructs these signatures at run-time from the monitored system events and API calls in Symbian OS. We discriminate the malicious behavior of malware from the normal behavior of applications by training a classifier based on Support Vector Machines (SVMs). Our evaluation on both simulated and real-world malware samples indicates that behavioral detection can identify current mobile viruses and worms with more than 96% accuracy. We also find that the time and resource overheads of constructing the behavior signatures from lowlevel API calls are acceptably low for their deployment in mobile devices.

View PDFchevron_right
Machine learning algorithms for improving security on touch screen devices: a survey, challenges and new perspectives
Liyana Shuib

Neural Computing and Applications, 2020

Mobile phone touch screen devices are equipped with high processing power and high memory. This led to users not only storing photos or videos but stored sensitive application such as banking applications. As a result of that the security system of the mobile phone touch screen devices becomes sacrosanct. The application of machine learning algorithms in enhancing security on mobile phone touch screen devices is gaining a tremendous popularity in both academia and the industry. However, notwithstanding the growing popularity, up to date no comprehensive survey has been conducted on machine learning algorithms solutions to improve the security of mobile phone touch screen devices. This survey aims to connect this gap by conducting a comprehensive survey on the solutions of machine learning algorithms to improve the security of mobile phone touch screen devices including the analysis and synthesis of the algorithms and methodologies provided for those solutions. This article presents a comprehensive survey and a new taxonomy of the state-of-the-art literature on machine learning algorithms in improving the security of mobile phone touch screen devices. The limitation of the methodology in each article reviewed is pointed out. Challenges of the existing approaches and new perspective of future research directions for developing more accurate and robust solutions to mobile phone touch screen security are discussed. In particular, the survey found that exploring of different aspects of deep learning solutions to improve the security of mobile phone touch screen devices is under-explored.

View PDFchevron_right
TouchAnalyzer: A System for Analyzing User's Touch Behavior on a Smartphone
Yutaka Arakawa, Yuko Hirabe, Hirohiko Suwa, Keiichi Yasumoto, IJCSMC Journal

IJCSMC, 2018

Many research efforts have been made on human context recognition, especially activity recognition using sensors such as accelerometers embedded in smartphones. However, few studies are conducted for recognizing human context while operating smartphones (smartphone operating context or so-context in short). Examples of so-contexts are smoking or eating while operating smartphones and playing a game while in the train. Estimating so-contexts will bring new services such as notification timing optimization and user interface optimization. In this paper, aiming to provide a tool toward so-context estimation, we propose a system that monitors, recognizes and outputs user's touch operations on Android phones. To realize so-context estimation, the system needs to satisfy three requirements: (1) it should work on any android device, (2) it should run in the background of any application, and (3) it should identify touch operations in high-level format and output the identified operations with the detailed information like finger position and movement for so-context recognition. For the above requirements, we developed our proposed system as an Android application which analyzes raw data output by the OS including a time series of points on the screen, and recognizes 7 representative high-level touch operations such as swipe and rotate with information on the number of fingers used, the pressure level and the track between the start-point and the end-point. We evaluated our system and confirmed that it achieved recognition accuracies of 100% for single-or double-finger swipe and single-finger touch operations (swipe), and 98% for two-finger touch operations (pinch, rotate, etc.). Moreover, to show the applicability of our system, we tried to recognize the phone holding style as a so-context from touch operations. As a result, we confirmed that it achieved F-measure of 96.5% for classification among 8 different holding styles.

View PDFchevron_right

Related topics

  • Computer Science
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved