Aggregated Machine Learning on Indicators of Compromise in Android Devices
Autor: | Megan Kline, Scott M. Slayback, Stefanie S. F. Chang, John San Miguel, Alexis Rogers, Roger A. Hallman |
---|---|
Rok vydání: | 2018 |
Předmět: |
021110 strategic
defence & security studies Computer science business.industry Compromise media_common.quotation_subject 0211 other engineering and technologies 020206 networking & telecommunications 02 engineering and technology Static analysis Machine learning computer.software_genre Toolbox 0202 electrical engineering electronic engineering information engineering Malware Enterprise private network Mobile technology Artificial intelligence Android (operating system) business computer media_common |
Zdroj: | CCS |
DOI: | 10.1145/3243734.3278494 |
Popis: | Malware mitigation for mobile technology is a long-standing problem for which there is not yet a good solution. In this paper, we focus on identifying malicious applications, and verifying the absence of malicious or vulnerable code in applications that agencies seek to utilize. Our analysis toolbox includes static analysis and permissions risk scoring as pre-installation vetting techniques designed to prevent malware from being installed on devices on an enterprise network. However, dynamic code-loading techniques and changing security requirements mean that applications which previously passed the static analysis verification process, and have been installed on devices, may no longer meet security standards, and may be malicious. To identify these apps, and prevent their future malfeasance, we propose a crowd-sourced behavioral analysis (CSBA) technique, using machine learning to identify anomalous activity by examining patterns in power consumption, network behavior, and sequences of system calls. These techniques apply effectively to a single user's device over time, as well as to individual devices within an enterprise network. |
Databáze: | OpenAIRE |
Externí odkaz: |