Analysis of Bayesian classification-based approaches for Android malware detection

Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.

Android Malware Detection: an Eigenspace Analysis Approach

The battle to mitigate Android malware has become more critical with the emergence of new strains incorporating increasingly sophisticated evasion techniques, in turn necessitating more advanced detection capabilities. Hence, in this paper we propose and evaluate a machine learning based approach based on eigenspace analysis for Android malware detection using features derived from static analysis characterization of Android applications. Empirical evaluation with a dataset of real malware and benign samples show that detection rate of over 96% with a very low false positive rate is achievable using the proposed method.

Dynalog: an automated dynamic analysis framework for characterizing android applications

Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.

A profile-based tool for finding pipeline parallelism in sequential programs

Traditional static analysis fails to auto-parallelize programs with a complex control and data flow. Furthermore, thread-level parallelism in such programs is often restricted to pipeline parallelism, which can be hard to discover by a programmer. In this paper we propose a tool that, based on profiling information, helps the programmer to discover parallelism. The programmer hand-picks the code transformations from among the proposed candidates which are then applied by automatic code transformation techniques.

This paper contributes to the literature by presenting a profiling tool for discovering thread-level parallelism. We track dependencies at the whole-data structure level rather than at the element level or byte level in order to limit the profiling overhead. We perform a thorough analysis of the needs and costs of this technique. Furthermore, we present and validate the belief that programs with complex control and data flow contain significant amounts of exploitable coarse-grain pipeline parallelism in the program’s outer loops. This observation validates our approach to whole-data structure dependencies. As state-of-the-art compilers focus on loops iterating over data structure members, this observation also explains why our approach finds coarse-grain pipeline parallelism in cases that have remained out of reach for state-of-the-art compilers. In cases where traditional compilation techniques do find parallelism, our approach allows to discover higher degrees of parallelism, allowing a 40% speedup over traditional compilation techniques. Moreover, we demonstrate real speedups on multiple hardware platforms.

Inference and Declaration of Independence in Task-Parallel Programs

The inherent difficulty of thread-based shared-memory programming has recently motivated research in high-level, task-parallel programming models. Recent advances of Task-Parallel models add implicit synchronization, where the system automatically detects and satisfies data dependencies among spawned tasks. However, dynamic dependence analysis incurs significant runtime overheads, because the runtime must track task resources and use this information to schedule tasks while avoiding conflicts and races.
We present SCOOP, a compiler that effectively integrates static and dynamic analysis in code generation. SCOOP combines context-sensitive points-to, control-flow, escape, and effect analyses to remove redundant dependence checks at runtime. Our static analysis can work in combination with existing dynamic analyses and task-parallel runtimes that use annotations to specify tasks and their memory footprints. We use our static dependence analysis to detect non-conflicting tasks and an existing dynamic analysis to handle the remaining dependencies. We evaluate the resulting hybrid dependence analysis on a set of task-parallel programs.

Android Malware Detection Using Parallel Machine Learning Classifiers

Mobile malware has continued to grow at an alarming rate despite on-going mitigation efforts. This has been much more prevalent on Android due to being an open platform that is rapidly overtaking other competing platforms in the mobile smart devices market. Recently, a new generation of Android malware families has emerged with advanced evasion capabilities which make them much more difficult to detect using conventional methods. This paper proposes and investigates a parallel machine learning based classification approach for early detection of Android malware. Using real malware samples and benign applications, a composite classification model is developed from parallel combination of heterogeneous classifiers. The empirical evaluation of the model under different combination schemes demonstrates its efficacy and potential to improve detection accuracy. More importantly, by utilizing several classifiers with diverse characteristics, their strengths can be harnessed not only for enhanced Android malware detection but also quicker white box analysis by means of the more interpretable constituent classifiers.

High accuracy android malware detection using ensemble learning

With over 50 billion downloads and more than 1.3 million apps in Google’s official market, Android has continued to gain popularity amongst smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus this paper proposes an approach that utilizes ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3 % to 99% detection accuracy with very low false positive rates.

Analysis of the Steady Flow Characteristics Through a Poppet Valve

This paper describes the flow characteristics in the near throat region of a poppet valve under steady flow conditions. An experimental and theoretical procedure was undertaken to determine the total pressure at the assumed throat region of the valve, and also at a downstream location. Experiments of this type can be used to accurately determine the flow performance of a particular induction system. The static pressure recovery was calculated from the near throat region of the valve to the downstream location and was shown to be dependant on valve lift. Total pressure profiles suggest that for this particular induction system, the majority of pressure loss occurs downstream of the valve for lift/diameter ratios up to 0.1, and upstream of the valve for lift/diameter ratios greater than 0.1. Negligible pressure recovery was shown to exist from the cylindrical periphery of the valve head to the downstream location for all valve lifts, indicating that the flow had probably separated completely from the trailing edge of the valve seating face. The calculated discharge coefficients, based on the geometric throat static pressure measurements on the seating face, were in general less than those determined using the downstream static pressure, by as much as 12% in some instances towards the valves lower mass flow rate range.

Modified stiffened panel analysis methods for laser beam and friction stir welded aircraft panels

The introduction of advanced welding methods as an alternative joining process to riveting in the manufacture of primary aircraft structure has the potential to realize reductions in both manufacturing costs and structural weight. Current design and analysis methods for aircraft panels have been developed and validated for riveted fabrication. For welded panels, considering the buckling collapse design philosophy of aircraft stiffened panels, strength prediction methods considering welding process effects for both local-buckling and post-buckling behaviours must be developed and validated. This article reports on the work undertaken to develop analysis methods for the crippling failure of stiffened panels fabricated using laser beam and friction stir welding. The work assesses modifications to conventional analysis methods and finite-element analysis methods for strength prediction. The analysis work is validated experimentally with welded single stiffener crippling specimens. The experimental programme has demonstrated the potential static strength of laser beam and friction stir welded sheet-stiffener joints for post-buckling panel applications. The work undertaken has demonstrated that the crippling behaviour of welded stiffened panels may be analysed considering standard-buckling behaviour. However, stiffened panel buckling analysis procedures must be altered to account for the weld joint geometry and process altered material properties. © IMechE 2006.

B-type supergiants in the SMC: Chemical compositions and comparison of static and unified models

High-resolution UCLES/AAT spectra are presented for nine B-type supergiants in the SMC, chosen on the basis that they may show varying amounts of nuclear-synthetically processed material mixed to their surface. These spectra have been analysed using a new grid of approximately 12 000 non-LTE line blanketed tlusty model atmospheres to estimate atmospheric parameters and chemical composition. The abundance estimates for O, Mg and Si are in excellent agreement with those deduced from other studies, whilst the low estimate for C may reflect the use of the C II doublet at 4267 Å. The N estimates are approximately an order of magnitude greater than those found in unevolved B-type stars or H II regions but are consistent with the other estimates in AB-type supergiants. These results have been combined with results from a unified model atmosphere analysis of UVES/VLT spectra of B-type supergiants (Trundle et al. 2004, A&A, 417, 217) to discuss the evolutionary status of these objects. For two stars that are in common with those discussed by Trundle et al., we have undertaken a careful comparison in order to try to understand the relative importance of the different uncertainties present in such analyses, including observational errors and the use of static or unified models. We find that even for these relatively luminous supergiants, tlusty models yield atmospheric parameters and chemical compositions similar to those deduced from the unified code fastwind.