Quantifying and improving the efficiency of hardware-based mobile malware detectors
作者: Vijay Janapa Reddi , Mohit Tiwari , Mikhail Kazdagli
关键词:
摘要: Hardware-based malware detectors (HMDs) are a key emerging technology to build trustworthy systems, especially mobile platforms. Quantifying the efficacy of HMDs against malicious adversaries is thus an important problem. The challenge lies in that real-world adapts defenses, evades being run experimental settings, and hides behind benign applications. Thus, realizing potential as small battery-efficient line defense requires rigorous foundation for evaluating HMDs. We introduce Sherlock — white-box methodology quantifies HMD's ability detect identify reason why. first deconstructs into atomic, orthogonal actions synthesize diverse suite. then drives both programs with real user-inputs, compares their executions determine operating range, i.e., smallest HMD can detect. show three case studies using not only quantify HMDs' ranges but design better detectors. First, information about concrete actions, we discrete-wavelet transform based unsupervised outperforms prior work on power transforms by 24.7% (AUC metric). Second, training supervised Sherlock's dataset yields 12.5% than past approaches train ad-hoc subsets malware. Finally, shows why instance detectable. This surprising new result obfuscation techniques used evade static analyses makes them more detectable
acm.org
sci-hub.st 参考文章(31)
Erika Chin, David Wagner, Bifocals: Analyzing WebView Vulnerabilities in Android Applications workshop on information security applications. pp. 138- 159 ,(2013) , 10.1007/978-3-319-05149-9_9
John Mark Agosta, Denver Dash, Abraham Bachrach, Eve Schooler, Jaideep Chandrashekar, Alex Newman, Branislav Kveton, When gossip is good: distributed probabilistic inference for detection of slow network intrusions national conference on artificial intelligence. pp. 1115- 1122 ,(2006)
Yinglian Xie, Hyang-Ah Kim, David R. O’Hallaron, Michael K. Reiter, Hui Zhang, Seurat: A Pointillist Approach to Anomaly Detection recent advances in intrusion detection. pp. 238- 257 ,(2004) , 10.1007/978-3-540-30143-1_13
Dan Pelleg, Andrew W. Moore, X-means: Extending K-means with Efficient Estimation of the Number of Clusters international conference on machine learning. pp. 727- 734 ,(2000)
Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, Mathias Fischer, Taxonomy and Survey of Collaborative Intrusion Detection ACM Computing Surveys. ,vol. 47, pp. 55- ,(2015) , 10.1145/2716260
Robert E. Schapire, Yoav Freund, Boosting: Foundations and Algorithms ,(2012)
Yousra Aafer, Wenliang Du, Heng Yin, DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. pp. 86- 103 ,(2013) , 10.1007/978-3-319-04283-1_6
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Robin Sommer, Vern Paxson, Outside the Closed World: On Using Machine Learning for Network Intrusion Detection ieee symposium on security and privacy. pp. 305- 316 ,(2010) , 10.1109/SP.2010.25
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223