Poster: Aggregated Machine Learning on Indicators of Compromise in Android Devices
San Miguel, John M.
Kline, Megan E.M.
Hallman, Roger A.
Slayback, Scott M.
Chang, Stefanie S.F.
MetadataShow full item record
Malware mitigation for mobile technology is a long-standing problem for which there is not yet a good solution. In this paper, we focus on identifying malicious applications, and verifying the absence of malicious or vulnerable code in applications that agencies seek to utilize. Our analysis toolbox includes static analysis and permissions risk scoring as pre-installation vetting techniques designed to prevent malware from being installed on devices on an enterprise network. However, dynamic code-loading techniques and changing security requirements mean that applications which previously passed the static analysis verification process, and have been installed on devices, may no longer meet security standards, and may be malicious. To identify these apps, and prevent their future malfeasance, we propose a crowd-sourced behavioral analysis (CSBA) technique, using machine learning to identify anomalous activity by examining patterns in power consumption, network behavior, and sequences of system calls. These techniques apply effectively to a single user’s device over time, as well as to individual devices within an enterprise network.
The article of record as published may be found at http://dx.doi.org/10.1145/3243734.3278494
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
A STATISTICAL ANALYSIS AND ASSESSMENT OF THE IMSI-CATCHING THREAT AGAINST MOBILE SECURITY STANDARDS Johnson, Carmen A. (Monterey, CA; Naval Postgraduate School, 2020-06);International mobile subscriber identity (IMSI) catching is a man-in-the-middle attack that utilizes rogue base stations to intercept the IMSIs of mobile users. Attackers can use software-defined radios (SDR) and open ...
RED TEAM IN A BOX (RTIB): DEVELOPING AUTOMATED TOOLS TO IDENTIFY, ASSESS, AND EXPOSE CYBERSECURITY VULNERABILITIES IN DEPARTMENT OF THE NAVY SYSTEMS Plot, Joseph A. (Monterey, CA; Naval Postgraduate School, 2019-06);The U.S. Navy and Marine Corps manage a vast number of computer systems, both afloat and ashore, many of which are neither directly connected to an external Internet Protocol (IP) network nor updated regularly, but do ...
Multipersona Hypovisors: Securing Mobile Devices through High-Performance Light-Weight Subsystem Isolation Krishnan, Neelima; Hitefield, Seth; Clancy, T. Charles; McGwier, Robert W.; Tront, Joseph G. (Virginia Tech, 2013-06-28);We propose and detail a system called multipersona Hypovisors for providing light-weight isolation for enhancing security on Multipersona mobile devices, particularly with respect to the current memory constraints of these ...