{"title":"N-opcode analysis for android malware classification and categorization","authors":"Boojoong Kang, S. Yerima, K. Mclaughlin, S. Sezer","doi":"10.1109/CyberSecPODS.2016.7502343","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502343","url":null,"abstract":"Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115105604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Dynalog: an automated dynamic analysis framework for characterizing android applications","authors":"Mohammed K. Alzaylaee, S. Yerima, S. Sezer","doi":"10.1109/CyberSecPODS.2016.7502337","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502337","url":null,"abstract":"Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"47 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114013156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A mobile forensic investigation into steganography","authors":"C. Burrows, P. B. Zadeh","doi":"10.1109/CyberSecPODS.2016.7502340","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502340","url":null,"abstract":"Mobile devices are becoming a more popular tool to use in day to day life; this means that they can accumulate a sizeable amount of information, which can be used as evidence if the device is involved in a crime. Steganography is one way to conceal data, as it obscures the data as well as concealing that there is hidden content. This paper will investigate different steganography techniques, steganography artefacts created and the forensic investigation tools used in detecting and extracting steganography in mobile devices. A number of steganography techniques will be used to generate different artefacts on two main mobile device platforms, Android and Apple. Furthermore Forensic investigation tools will be employed to detect and possibly reveal the hidden data. Finally a set of mobile forensic investigation policy and guidelines will be developed.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115584055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Exploring web analytics to enhance cyber situational awareness for the protection of online web services","authors":"Cyril Onwubiko","doi":"10.1109/CyberSecPODS.2016.7502355","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502355","url":null,"abstract":"Web Analytics is a tool for monitoring online interactions to digital services, typically focused on entity profiling and analysis for market campaign, user behaviour, site performance and market intelligence. In this research, web analytics is applied for intelligencecentric data gathering and analysis to enhanced cyber situational awareness for monitoring critical online web services. A number of intelligence sources such as web logs, browser fingerprints, mobile and tablet fingerprints and endpoint fingerprint are gathered, fused, analysed in real time for enhanced situational awareness for the protection of online web services.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"1045 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127832846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Goal-based security components for cloud storage security framework: a preliminary study","authors":"F. Yahya, R. Walters, G. Wills","doi":"10.1109/CyberSecPODS.2016.7502338","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502338","url":null,"abstract":"There are a variety of ways to ensure the security of data in the cloud depending on the set of anticipated concerns. Many cloud storage secure data either by encrypting data on transfer, or by encrypting data at rest. These security protections seem very different, and currently there are no common goalbased security components for comparing them. In this paper we investigate the security components forming security, which ensures data are securely protected in cloud storage. We will show security components that were extracted by synthesising existing security frameworks and industry accepted standards to satisfy the concerns for which there is little extant research. The components are also mapped to security concerns happening in the cloud. A triangulation method was applied to investigate the important security components. This exploratory research has been considered by security experts and practitioners who confirmed the proposed framework.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117214109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A countermeasure mechanism for fast scanning malware","authors":"M. Ahmad, Steve Woodhead, D. Gan","doi":"10.1109/CyberSecPODS.2016.7502345","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502345","url":null,"abstract":"This paper presents a cross-layer countermeasure mechanism to detect and contain self-propagating malware. The mechanism uses a detection technique at the network layer and a data-link containment solution to block traffic from an infected host. The concept has been demonstrated using a software prototype. An empirical analysis of network worm propagation has been conducted to test the capabilities of the developed mechanism. The results show that the developed mechanism is effective in containing self-propagating malware with almost no false positives.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134065132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Security in building automation systems - a first analysis","authors":"T. Mundt, Peter Wickboldt","doi":"10.1109/CyberSecPODS.2016.7502336","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502336","url":null,"abstract":"The purpose of building automation systems is to support all house functions, such as controlling lighting, air conditioning, heating, shading, access, and hence, increase comfort, save energy and provide easier administration. Those systems are highly complex and ubiquitous as they have interfaces to many other networks and systems in a building. This increases the risk that attackers use security gaps to affect the entire infrastructure. In this paper we report about a security analysis of building automation systems.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114998467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cyber warfare: terms, issues, laws and controversies","authors":"K. N. Sevis, Ensar Seker","doi":"10.1109/CyberSecPODS.2016.7502348","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502348","url":null,"abstract":"Recent years have shown us the importance of cybersecurity. Especially, when the matter is national security, it is even more essential and crucial. Increasing cyber attacks, especially between countries in governmental level, created a new term cyber warfare. Creating some rules and regulations for this kind of war is necessary therefore international justice systems are working on it continuously. In this paper, we mentioned fundamental terms of cybersecurity, cyber capabilities of some countries, some important cyber attacks in near past, and finally, globally applied cyber warfare law for this attacks.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129390764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aisha Abubakar, P. B. Zadeh, H. Janicke, R. Howley
{"title":"Root cause analysis (RCA) as a preliminary tool into the investigation of identity theft","authors":"Aisha Abubakar, P. B. Zadeh, H. Janicke, R. Howley","doi":"10.1109/CyberSecPODS.2016.7502349","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502349","url":null,"abstract":"Identity theft has been known for some centuries whereby falsified identity documents were misused as well as offences such as impersonating others were common in the society. However, the advent of technology changed the method used for conducting this crime, whereby through the use of the Internet, personal information is can be stolen and misused by criminals. The crime has its causes originating from human error and judgement to failure of computing and networking systems that allow unauthorized access to personal information. In order to provide a better tool of investigating this crime, there is the need to explore the causes of the crime thereby providing a better framework for investigating Identity theft crimes. This study uses Root Cause Analysis (RCA) as a preliminary tool that serves to provide a depicted identification of the causes of Identity theft paving the way into investigating the crime and creating incident response plans.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129561614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Forensic analysis of private browsing","authors":"Mary Geddes, P. B. Zadeh","doi":"10.1109/CyberSecPODS.2016.7502341","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2016.7502341","url":null,"abstract":"Private browsing is popular for many users who wish to keep their internet usage hidden from other users on the same computer. This research examines what artefacts are left on the users' computer using digital forensic tools. The results from this research help inform recommendations for forensic analysts on ways to analyse private browsing artefacts.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115649560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}