Most existing Android malware detection and categorization techniques are static approaches, which suffer from evasion attacks, such as obfuscation. By analyzing program behaviors, dynamic approaches potentially more resilient against these attacks. Yet mostly rely on characterizing system calls subject to system-call This paper presents DroidCat, a novel app classification technique, complement approaches. using diverse set of features based method inter-component communication (ICC)...

A data breach is the intentional or inadvertent exposure of confidential information to unauthorized parties. In digital era, has become one most critical components an enterprise. Data leakage poses serious threats organizations, including significant reputational damage and financial losses. As volume growing exponentially breaches are happening more frequently than ever before, detecting preventing loss pressing security concerns for enterprises. Despite a plethora research efforts on...

Extracting the protocol message format specifications of unknown applications from network traces is important for a variety such as application parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, trace based inference that exploits semantics messages without executable code protocols. ProDecoder on key insight n-grams exhibit highly skewed frequency distribution can be leveraged accurate inference. first discover latent relationship among by...

The Java platform and its third-party libraries provide useful features to facilitate secure coding. However, misusing them can cost developers time effort, as well introduce security vulnerabilities in software. We conducted an empirical study on StackOverflow posts, aiming understand developers' concerns coding, their programming obstacles, insecure coding practices.

Statistics from security firms, research institutions and government organizations show that the number of data-leak instances have grown rapidly in recent years. Among various cases, human mistakes are one main causes data loss. There exist solutions detecting inadvertent sensitive leaks caused by to provide alerts for organizations. A common approach is screen content storage transmission exposed information. Such an usually requires detection operation be conducted secrecy. However, this...

As mobile computing becomes an integral part of the modern user experience, malicious applications have infiltrated open marketplaces for platforms. Malware apps stealthily launch operations to retrieve sensitive or device data abuse system resources. We describe a highly accurate classification approach detecting Android apps. Our method statically extracts data-flow feature on how inputs trigger API invocations, property referred as user-trigger dependence. evaluation with 1433 malware and...

Inter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. However, because of the complexity performing pairwise program analysis on apps, scale existing analyses is too small (e.g., up several hundred) produce concrete security evidence. In this paper, we report our findings in first large-scale...

The number of malware applications targeting the Android operating system has significantly increased in recent years. Malicious pose a significant threat to platform security. We propose ANASTASIA, detect malicious through statically analyzing applications' behaviors. ANASTASIA provides more complete coverage security behaviors when compared state-of-the-art solutions. utilize large extracted features from various behavioral characteristics an application. built Machine Learning-based...

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic calls in massive-sized (e.g., millions LoC) programs is not new. However, hindered by the practical difficulty reducing false positives without compromising analysis quality, this goal has been accomplished. CryptoGuard a set detection algorithms that refine program slices identifying...

Today's phishing websites are constantly evolving to deceive users and evade the detection. In this paper, we perform a measurement study on squatting domains where impersonate trusted entities not only at page content level but also web domain level. To search for pages, scanned five types of over 224 million DNS records identified 657K that likely impersonating 702 popular brands. Then build novel machine learning classifier detect pages from both mobile under domains. A key novelty is our...

A forward-secure encryption scheme protects secret keys from exposure by evolving the with time. Forward security has several unique requirements in hierarchical identity-based (HIBE) scheme: (1) users join dynamically; (2) is joining-time-oblivious; (3) evolve autonomously.We present a scalable HIBE (fs-HIBE) satisfying above properties. We also show how our fs-HIBE can be used to construct public-key broadcast scheme, which secrecy of prior transmissions setting. further generalize into...

Knowledge discovery on social network data can uncover latent trends and produce valuable findings that benefit the welfare of general public. A growing amount research finds networks play a surprisingly powerful role in people's behaviors. Before be released for purposes, needs to anonymized prevent potential re-identification attacks. Most existing anonymization approaches were developed relational data, cannot used handle directly.

During repackaging, malware writers statically inject malcode and modify the control flow to ensure its execution. Repackaged is difficult detect by existing classification techniques, partly because of their behavioral similarities benign apps. By exploring app's internal different behaviors, we propose a new Android repackaged detection technique based on code heterogeneity analysis. Our solution strategically partitions structure an app into multiple dependence-based regions (subsets...

The leak of sensitive data on computer systems poses a serious threat to organizational security. Statistics show that the lack proper encryption files and communications due human errors is one leading causes loss. Organizations need tools identify exposure by screening content in storage transmission, i.e., detect information being stored or transmitted clear. However, detecting challenging transformation content. Transformations (such as insertion deletion) result highly unpredictable...

Recent studies have revealed that control programs running on embedded devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime exploits, due the lack of execution semantics checking. In this work, we propose Orpheus, a security methodology for defending against by enforcing cyber-physical semantics. We address several challenges...

Modern stealthy exploits can achieve attack goals without introducing illegal control flows, e.g., tampering with non-control data and waiting for the modified to propagate alter flow legally. Existing program anomaly detection systems focusing on legal attestation short call sequence verification are inadequate detect such attacks. In this paper, we point out need analyze execution paths discover event correlations in large-scale windows among millions of instructions. We propose an...

Abstract Background Many clinical datasets are intrinsically imbalanced, dominated by overwhelming majority groups. Off-the-shelf machine learning models that optimize the prognosis of patient types (e.g., healthy class) may cause substantial errors on minority prediction class disease and demographic subgroups Black or young patients). In typical one-machine-learning-model-fits-all paradigm, racial age disparities likely to exist, but unreported. addition, some widely used whole-population...

The Java platform provides various cryptographic APIs to facilitate secure coding. However, correctly using these is challenging for developers who lack cybersecurity training. Prior work shows that many misused and consequently introduced vulnerabilities into their software. To eliminate such vulnerabilities, people created tools detect and/or fix API misuses. it still unknown (1) how current are designed misuses, (2) effectively the locate (3) perceive usefulness of tools' outputs. For...

Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-scale command and control. To systematically understand the potential capability of attackers, we investigate feasibility using domain name service (DNS) as a command-and-control channel. We describe quantitatively analyze several techniques that can be used effectively hide malicious DNS activities at network level. Our experimental evaluation makes two-month-long 4.6-GB campus data 1 million names...

Securing the networks of large organizations is technically challenging due to complex configurations and constraints. Managing these requires rigorous comprehensive analysis tools. A network administrator needs identify vulnerable configurations, as well tools for hardening networks. Such usually have dynamic fluidic structures, thus one may incomplete information about connectivity availability hosts. In this paper, we address problem statically performing a assessment set security defense...

The exposure of sensitive data in storage and transmission poses a serious threat to organizational personal security. Data leak detection aims at scanning content (in or transmission) for exposed data. Because the large volume, such screening algorithm needs be scalable timely detection. Our solution uses MapReduce framework detecting content, because it has ability arbitrarily scale utilize public resources task, as Amazon EC2. We design new algorithms computing collection intersection...