Pub Date : 2019-04-29DOI: 10.1186/s13635-019-0087-1
Suleiman Y. Yerima, Mohammed K. Alzaylaee, Sakir Sezer
This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the generation of events to trigger the user interface and maximize the discovery of the run-time behavioral features. The commonly used event generation approach in most existing Android dynamic analysis systems is the random-based approach implemented with the Monkey tool that comes with the Android SDK. Monkey is utilized in popular dynamic analysis platforms like AASandbox, vetDroid, MobileSandbox, TraceDroid, Andrubis, ANANAS, DynaLog, and HADM. In this paper, we propose and investigate approaches based on stateful event generation and compare their code coverage capabilities with the state-of-the-practice random-based Monkey approach. The two proposed approaches are the state-based method (implemented with DroidBot) and a hybrid approach that combines the state-based and random-based methods. We compare the three different input generation methods on real devices, in terms of their ability to log dynamic behavior features and the impact on various machine learning algorithms that utilize the behavioral features for malware detection. Experiments performed using 17,444 applications show that overall, the proposed methods provide much better code coverage which in turn leads to more accurate machine learning-based malware detection compared to the state-of- the- art approach.
{"title":"Machine learning-based dynamic analysis of Android apps with improved code coverage","authors":"Suleiman Y. Yerima, Mohammed K. Alzaylaee, Sakir Sezer","doi":"10.1186/s13635-019-0087-1","DOIUrl":"https://doi.org/10.1186/s13635-019-0087-1","url":null,"abstract":"This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the generation of events to trigger the user interface and maximize the discovery of the run-time behavioral features. The commonly used event generation approach in most existing Android dynamic analysis systems is the random-based approach implemented with the Monkey tool that comes with the Android SDK. Monkey is utilized in popular dynamic analysis platforms like AASandbox, vetDroid, MobileSandbox, TraceDroid, Andrubis, ANANAS, DynaLog, and HADM. In this paper, we propose and investigate approaches based on stateful event generation and compare their code coverage capabilities with the state-of-the-practice random-based Monkey approach. The two proposed approaches are the state-based method (implemented with DroidBot) and a hybrid approach that combines the state-based and random-based methods. We compare the three different input generation methods on real devices, in terms of their ability to log dynamic behavior features and the impact on various machine learning algorithms that utilize the behavioral features for malware detection. Experiments performed using 17,444 applications show that overall, the proposed methods provide much better code coverage which in turn leads to more accurate machine learning-based malware detection compared to the state-of- the- art approach.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2019-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138506688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With rapid development of the Internet, images are spreading more and more quickly and widely. The phenomenon of image illegal usage emerges frequently, and this has marked impacts on people’s normal life. Therefore, it is of great importance to protect image security and image owner’s rights. At present, most image protection is passive. Most of the time, only when the images had been used illegally and serious adverse consequences had appeared did the image owners discover it. In this paper, a Spark-based real-time proactive image tracking protection model (SRPITP) is proposed to monitor the status of images under protection in real time. Whenever illegal use is found, an alert will be issued to image owners. The model mainly includes image fingerprint extraction module, image crawling module, and image matching module. The experimental results show that in SRPITP, the image matching accuracy rate is above 98.9%, and compared with its stand-alone counterpart, the corresponding time reduction for image extraction and matching are about 58.78% and 61.67%.
{"title":"Spark-based real-time proactive image tracking protection model","authors":"Yahong Hu, Xia Sheng, Jiafa Mao, Kaihui Wang, Danhong Zhong","doi":"10.1186/s13635-019-0086-2","DOIUrl":"https://doi.org/10.1186/s13635-019-0086-2","url":null,"abstract":"With rapid development of the Internet, images are spreading more and more quickly and widely. The phenomenon of image illegal usage emerges frequently, and this has marked impacts on people’s normal life. Therefore, it is of great importance to protect image security and image owner’s rights. At present, most image protection is passive. Most of the time, only when the images had been used illegally and serious adverse consequences had appeared did the image owners discover it. In this paper, a Spark-based real-time proactive image tracking protection model (SRPITP) is proposed to monitor the status of images under protection in real time. Whenever illegal use is found, an alert will be issued to image owners. The model mainly includes image fingerprint extraction module, image crawling module, and image matching module. The experimental results show that in SRPITP, the image matching accuracy rate is above 98.9%, and compared with its stand-alone counterpart, the corresponding time reduction for image extraction and matching are about 58.78% and 61.67%.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2019-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138506686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-03-11DOI: 10.1186/s13635-019-0085-3
F. Knirsch, A. Unterweger, D. Engel
{"title":"Implementing a blockchain from scratch: why, how, and what we learned","authors":"F. Knirsch, A. Unterweger, D. Engel","doi":"10.1186/s13635-019-0085-3","DOIUrl":"https://doi.org/10.1186/s13635-019-0085-3","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2019-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-019-0085-3","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-10-28DOI: 10.1186/s13635-020-00108-9
Matthias Geihs, J. Buchmann
{"title":"ELSA: efficient long-term secure storage of large datasets (full version) ∗","authors":"Matthias Geihs, J. Buchmann","doi":"10.1186/s13635-020-00108-9","DOIUrl":"https://doi.org/10.1186/s13635-020-00108-9","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-020-00108-9","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49498885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-29DOI: 10.1186/s13635-018-0082-y
Hang Cai, K. Venkatasubramanian
{"title":"Detecting data manipulation attacks on physiological sensor measurements in wearable medical systems","authors":"Hang Cai, K. Venkatasubramanian","doi":"10.1186/s13635-018-0082-y","DOIUrl":"https://doi.org/10.1186/s13635-018-0082-y","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0082-y","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42798231","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-20DOI: 10.1186/s13635-018-0083-x
Guangwei Xu, Miaolin Lai, Jing Li, Li Sun, Xiujin Shi
{"title":"A generic integrity verification algorithm of version files for cloud deduplication data storage","authors":"Guangwei Xu, Miaolin Lai, Jing Li, Li Sun, Xiujin Shi","doi":"10.1186/s13635-018-0083-x","DOIUrl":"https://doi.org/10.1186/s13635-018-0083-x","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0083-x","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43095948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-05-02DOI: 10.1186/s13635-018-0075-x
Julio Navarro, V. Legrand, A. Deruyver, P. Parrend
{"title":"OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks","authors":"Julio Navarro, V. Legrand, A. Deruyver, P. Parrend","doi":"10.1186/s13635-018-0075-x","DOIUrl":"https://doi.org/10.1186/s13635-018-0075-x","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0075-x","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44789279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-27DOI: 10.1186/s13635-018-0076-9
A. Sitek, Z. Kotulski
{"title":"POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions","authors":"A. Sitek, Z. Kotulski","doi":"10.1186/s13635-018-0076-9","DOIUrl":"https://doi.org/10.1186/s13635-018-0076-9","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0076-9","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48298902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-24DOI: 10.1186/s13635-018-0074-y
P. Parrend, Julio Navarro, Fabio Guigou, A. Deruyver, P. Collet
{"title":"Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection","authors":"P. Parrend, Julio Navarro, Fabio Guigou, A. Deruyver, P. Collet","doi":"10.1186/s13635-018-0074-y","DOIUrl":"https://doi.org/10.1186/s13635-018-0074-y","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0074-y","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-13DOI: 10.1186/s13635-018-0073-z
Jonathan Martínez Padilla, Uwe Meyer-Baese, S. Foo
{"title":"Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions","authors":"Jonathan Martínez Padilla, Uwe Meyer-Baese, S. Foo","doi":"10.1186/s13635-018-0073-z","DOIUrl":"https://doi.org/10.1186/s13635-018-0073-z","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2018-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-018-0073-z","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}