一种联合方法，用于检测通过web和多个商店交付的移动应用程序图标中隐藏的数据

IF 2.3 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Social Network Analysis and Mining Pub Date : 2023-09-14 DOI:10.1007/s13278-023-01121-9

Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli

{"title":"一种联合方法，用于检测通过web和多个商店交付的移动应用程序图标中隐藏的数据","authors":"Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli","doi":"10.1007/s13278-023-01121-9","DOIUrl":null,"url":null,"abstract":"Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.","PeriodicalId":21842,"journal":{"name":"Social Network Analysis and Mining","volume":"29 1","pages":"0"},"PeriodicalIF":2.3000,"publicationDate":"2023-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple stores\",\"authors\":\"Nunziato Cassavia, Luca Caviglione, Massimo Guarascio, Angelica Liguori, Giuseppe Manco, Marco Zuppelli\",\"doi\":\"10.1007/s13278-023-01121-9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.\",\"PeriodicalId\":21842,\"journal\":{\"name\":\"Social Network Analysis and Mining\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":2.3000,\"publicationDate\":\"2023-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Social Network Analysis and Mining\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s13278-023-01121-9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Social Network Analysis and Mining","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s13278-023-01121-9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

越来越多的恶意软件利用信息隐藏技术来掩盖额外的攻击阶段或绕过实施安全的框架。随着移动生态系统的日益扩散，这一趋势愈演愈烈，许多威胁行为者现在将脚本或配置数据隐藏在高分辨率图标中。即使机器学习已被证明在检测各种隐藏的有效载荷方面是有效的，现代移动场景在可扩展性和隐私方面也提出了进一步的挑战。实际上，可以从多个商店或直接从Web或社交媒体检索应用程序。因此，本文介绍了一种基于联邦学习的方法来揭示隐藏在移动应用程序捆绑的高分辨率图标中的信息。具体来说，使用多个节点来减轻不同隐私法规的影响，缺乏全面的数据集，或者由分布式存储和非官方存储库引起的计算负担。仿真结果表明，我们的方法达到了与集中式蓝图相似的性能。此外，联邦学习证明了它在处理简单的“混淆”方案(如Base64编码和zip压缩)方面的有效性，攻击者使用这些方案来避免检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple stores

Abstract An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Social Network Analysis and Mining COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

5.70

自引率

14.30%

发文量

141

期刊介绍： Social Network Analysis and Mining (SNAM) is a multidisciplinary journal serving researchers and practitioners in academia and industry. It is the main venue for a wide range of researchers and readers from computer science, network science, social sciences, mathematical sciences, medical and biological sciences, financial, management and political sciences. We solicit experimental and theoretical work on social network analysis and mining using a wide range of techniques from social sciences, mathematics, statistics, physics, network science and computer science. The main areas covered by SNAM include: (1) data mining advances on the discovery and analysis of communities, personalization for solitary activities (e.g. search) and social activities (e.g. discovery of potential friends), the analysis of user behavior in open forums (e.g. conventional sites, blogs and forums) and in commercial platforms (e.g. e-auctions), and the associated security and privacy-preservation challenges; (2) social network modeling, construction of scalable and customizable social network infrastructure, identification and discovery of complex, dynamics, growth, and evolution patterns using machine learning and data mining approaches or multi-agent based simulation; (3) social network analysis and mining for open source intelligence and homeland security. Papers should elaborate on data mining and machine learning or related methods, issues associated to data preparation and pattern interpretation, both for conventional data (usage logs, query logs, document collections) and for multimedia data (pictures and their annotations, multi-channel usage data). Topics include but are not limited to: Applications of social network in business engineering, scientific and medical domains, homeland security, terrorism and criminology, fraud detection, public sector, politics, and case studies.