Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli
{"title":"一种联合方法,用于检测通过web和多个商店交付的移动应用程序图标中隐藏的数据","authors":"Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli","doi":"10.1007/s13278-023-01121-9","DOIUrl":null,"url":null,"abstract":"Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.","PeriodicalId":21842,"journal":{"name":"Social Network Analysis and Mining","volume":"29 1","pages":"0"},"PeriodicalIF":2.3000,"publicationDate":"2023-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple stores\",\"authors\":\"Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli\",\"doi\":\"10.1007/s13278-023-01121-9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.\",\"PeriodicalId\":21842,\"journal\":{\"name\":\"Social Network Analysis and Mining\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":2.3000,\"publicationDate\":\"2023-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Social Network Analysis and Mining\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s13278-023-01121-9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Social Network Analysis and Mining","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s13278-023-01121-9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple stores
Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.
期刊介绍:
Social Network Analysis and Mining (SNAM) is a multidisciplinary journal serving researchers and practitioners in academia and industry. It is the main venue for a wide range of researchers and readers from computer science, network science, social sciences, mathematical sciences, medical and biological sciences, financial, management and political sciences. We solicit experimental and theoretical work on social network analysis and mining using a wide range of techniques from social sciences, mathematics, statistics, physics, network science and computer science. The main areas covered by SNAM include: (1) data mining advances on the discovery and analysis of communities, personalization for solitary activities (e.g. search) and social activities (e.g. discovery of potential friends), the analysis of user behavior in open forums (e.g. conventional sites, blogs and forums) and in commercial platforms (e.g. e-auctions), and the associated security and privacy-preservation challenges; (2) social network modeling, construction of scalable and customizable social network infrastructure, identification and discovery of complex, dynamics, growth, and evolution patterns using machine learning and data mining approaches or multi-agent based simulation; (3) social network analysis and mining for open source intelligence and homeland security. Papers should elaborate on data mining and machine learning or related methods, issues associated to data preparation and pattern interpretation, both for conventional data (usage logs, query logs, document collections) and for multimedia data (pictures and their annotations, multi-channel usage data). Topics include but are not limited to: Applications of social network in business engineering, scientific and medical domains, homeland security, terrorism and criminology, fraud detection, public sector, politics, and case studies.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
