Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis

Ly Hoang Tuan; Nguyen Tan Cam; Van-Hau Pham

doi:10.1007/s10586-017-1364-8

Detect Sensitive Data Leakage via Inter-application on Android by Using Static Analysis and Dynamic Analysis

Information Science and Applications 2017 - Lecture Notes in Electrical Engineering ◽

10.1007/978-981-10-4154-9_35 ◽

2017 ◽

pp. 298-305

Author(s):

Nguyen Tan Cam ◽

Van-Hau Pham ◽

Tuan Nguyen

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Sensitive Data

Download Full-text

Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽

10.1186/s42400-021-00083-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Roee S. Leon ◽

Michael Kiperberg ◽

Anat Anatey Leon Zabag ◽

Nezer Jacob Zaidenberg

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Cyber Security ◽

Malware Analysis ◽

Analysis Tools ◽

Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Download Full-text

Linear Static Analysis and Dynamic Analysis of a Mono-tyre Bike Wheel Inner-Hub Design Using Finite Element Analysis

Techno-Societal 2018 ◽

10.1007/978-3-030-16962-6_19 ◽

2019 ◽

pp. 183-193

Author(s):

Akash Sah ◽

Pradeep V. Jadhav ◽

Manoranjan Singh

Keyword(s):

Finite Element Analysis ◽

Finite Element ◽

Dynamic Analysis ◽

Static Analysis ◽

Element Analysis ◽

Linear Static Analysis

Download Full-text

Investigation of Data Dependencies by Dynamic Analysis of Sapfor

Russian Digital Libraries Journal ◽

10.26907/1562-5419-2020-23-3-473-493 ◽

2020 ◽

Vol 23 (3) ◽

pp. 473-493

Author(s):

Nikita Andreevich Kataev ◽

Alexander Andreevich Smirnov ◽

Andrey Dmitrievich Zhukov

Keyword(s):

Dynamic Analysis ◽

Programming Languages ◽

Static Analysis ◽

Automatic Parallelization ◽

Parallel Execution ◽

Control Flow ◽

Analysis Tool ◽

Data Dependencies ◽

Program Parallelization ◽

Memory Accesses

The use of pointers and indirect memory accesses in the program, as well as the complex control flow are some of the main weaknesses of the static analysis of programs. The program properties investigated by this analysis are too conservative to accurately describe program behavior and hence they prevent parallel execution of the program. The application of dynamic analysis allows us to expand the capabilities of semi-automatic parallelization. In the SAPFOR system (System FOR Automated Parallelization), a dynamic analysis tool has been implemented, based on on the instrumentation of the LLVM representation of an analyzed program, which allows the system to explore programs in both C and Fortran programming languages. The capabilities of the static analysis implemented in SAPFOR are used to reduce the overhead program execution, while maintaining the completeness of the analysis. The use of static analysis allows to reduce the number of analyzed memory accesses and to ignore scalar variables, which can be explored in a static way. The developed tool was tested on performance tests from the NAS Parallel Benchmarks package for C and Fortran languages. The implementation of dynamic analysis, in addition to traditional types of data dependencies (flow, anit, output), allows us to determine privitizable variables and a possibility of pipeline execution of loops. Together with the capabilities of DVM and OpenMP these greatly facilitates program parallelization and simplify insertion of the appropriate compiler directives.

Download Full-text

Hybrid-Based Analysis Impact on Ransomware Detection for Android Systems

Applied Sciences ◽

10.3390/app112210976 ◽

2021 ◽

Vol 11 (22) ◽

pp. 10976

Author(s):

Rana Almohaini ◽

Iman Almomani ◽

Aala AlKhayer

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Hybrid System ◽

State Of The Art ◽

Detection System ◽

Detection Accuracy ◽

Accuracy Rate ◽

Hybrid Detection ◽

Dynamic Analyses ◽

Data Files

Android ransomware is one of the most threatening attacks that is increasing at an alarming rate. Ransomware attacks usually target Android users by either locking their devices or encrypting their data files and then requesting them to pay money to unlock the devices or recover the files back. Existing solutions for detecting ransomware mainly use static analysis. However, limited approaches apply dynamic analysis specifically for ransomware detection. Furthermore, the performance of these approaches is either poor or often fails in the presence of code obfuscation techniques or benign applications that use cryptography methods for their APIs usage. Additionally, most of them are unable to detect ransomware attacks at early stages. Therefore, this paper proposes a hybrid detection system that effectively utilizes both static and dynamic analyses to detect ransomware with high accuracy. For the static analysis, the proposed hybrid system considered more than 70 state-of-the-art antivirus engines. For the dynamic analysis, this research explored the existing dynamic tools and conducted an in-depth comparative study to find the proper tool to integrate it in detecting ransomware whenever needed. To evaluate the performance of the proposed hybrid system, we analyzed statically and dynamically over one hundred ransomware samples. These samples originated from 10 different ransomware families. The experiments’ results revealed that static analysis achieved almost half of the detection accuracy—ranging around 40–55%, compared to the dynamic analysis, which reached a 100% accuracy rate. Moreover, this research reports some of the high API classes, methods, and permissions used in these ransomware apps. Finally, some case studies are highlighted, including failed running apps and crypto-ransomware patterns.

Download Full-text

Analysis and Control of Unknown In-Vehicle Network System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.184-185.1521 ◽

2012 ◽

Vol 184-185 ◽

pp. 1521-1525

Author(s):

Yu En Wu ◽

Yu Hui Hu ◽

Ya Ying Jin ◽

Jun Qiang Xi

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Effective Control ◽

Hybrid Powertrain ◽

Verification Method ◽

Gateway System ◽

Powertrain System ◽

Analytical Protocol ◽

Key Aspects ◽

And Control

A CAN-Bus protocol analysis and verification method with three key aspects which are static analysis, dynamic analysis and verification &control is put forward. Static analysis ascertains the communication information of each node by bus residual method; Synchronous contrast method is put in use to obtain practical and effective control protocol in the dynamic analysis; Verification &control is to verify the correctness of the analytical protocol and to achieve the control of the critical subsystems by bus gateway system. This scheme has been used to analyze a foreign parallel hybrid powertrain system, and it proves the correctness of the designed static analysis and dynamic analysis, the applicability of verification &control.

Download Full-text

A system for detecting third-party tracking through the combination of dynamic analysis and static analysis

IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) ◽

10.1109/infocomwkshps51825.2021.9484564 ◽

2021 ◽

Author(s):

Jingxue Sun ◽

Zhiqiu Huang ◽

Ting Yang ◽

Wengjie Wang ◽

Yuqing Zhang

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Third Party

Download Full-text

Identification of Cryptographic Vulnerability and Malware Detection in Android

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2017070102 ◽

2017 ◽

Vol 11 (3) ◽

pp. 15-28 ◽

Cited By ~ 3

Author(s):

Anjali Kumawat ◽

Anil Kumar Sharma ◽

Sunita Kumawat

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Malware Detection ◽

Android Application ◽

Malicious Attacks ◽

Web Page ◽

Static And Dynamic Analysis ◽

Android System ◽

User Friendly ◽

The Web

Android based Smartphones are nowadays getting more popular. While using Smartphone, user is always concerned about security and malicious attacks, cryptographic vulnerability of the applications. With increase in the number of Android mobiles, Android malwares are also increasing very rapidly. So the authors have proposed the “Identification of cryptographic vulnerability and malware detection in Android” system. They have designed a user friendly android application, through which user and developer can easily test the application whether it is benign or vulnerable. The application will be tested firstly using static analysis and then the dynamic analysis will be carried out. The authors have implemented static and dynamic analysis of android application for vulnerable and malicious app detection. They have also created a web page. User can either use the application or the web page.

Download Full-text

Dynamic analysis of swivel construction method under multi-variable coupling effects

International Journal of Structural Integrity ◽

10.1108/ijsi-10-2018-0074 ◽

2019 ◽

Vol 10 (4) ◽

pp. 580-598

Author(s):

Wang Jiawei ◽

Sun Quansheng

Keyword(s):

Dynamic Analysis ◽

Dynamic Model ◽

Static Analysis ◽

Friction Stress ◽

Construction Method ◽

Coupling Effects ◽

Content Type ◽

Multiple Factors ◽

Real State ◽

Variable Coupling

Purpose Swivel construction is a new bridge construction method, which can minimize the impact on railway and highway traffic. Previous studies were based on single factor and static analysis, which cannot reflect the real state of structures. The purpose of this paper is to establish a dynamic model of the structure and to analyze the situation under multi-variable coupling effects to accurately simulate the real state of the structure. Design/methodology/approach Finite element software ANSYS was used to establish dynamic model of turntable structure and then to analyze the effects of multiple factors on total stress, friction stress and slipping distance of the turntable structure. Findings It is concluded that the unbalanced weight and radius of spherical hinges have great influence on the turntable structure, so the design should be strictly considered. Friction stress and angular acceleration have little effect on the turntable structure. Originality/value This paper provides simulation of the whole process of swivel construction method. Whereas previous studies focused on static analysis, this paper focuses on the dynamic analysis of swivel construction method. The mechanics of the swivel structure under multiple factors was analyzed. According to the analysis results, the design parameters of the turntable structure are optimized.

Download Full-text

Progressive Collapse Assessment: A review of the current energy-based Alternate Load Path (ALP) method

MATEC Web of Conferences ◽

10.1051/matecconf/201925802012 ◽

2019 ◽

Vol 258 ◽

pp. 02012 ◽

Cited By ~ 1

Author(s):

Nur Ezzaryn Asnawi Subki ◽

Hazrina Mansor ◽

Yazmin Sahol Hamid ◽

Gerard Parke

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Progressive Collapse ◽

Structural Response ◽

Steel Frame ◽

Collapse Mechanism ◽

Load Path ◽

Acceptance Criterion ◽

Current Energy ◽

Collapse Assessment

The Alternate Load Path (ALP) is a useful method that has generated a considerable recent research interest for the assessment of progressive collapse. The outcome of the ALP analysis can be assessed either using the force-based approach or the energy-based approach. The Unified Facilities Criteria (UFC- 4- 023-03) of progressive collapse guideline - have outlined that the force-based approach can either be analysed using static or dynamic analysis. The force-based approach using static analysis is preferable as it does not require a high level of skill and experience to operate the software plus no effort is required in scrutinising the validity of the analysis results output. However, utilising the static approach will eliminate the inertial effect in capturing the actual dynamic response of the collapsed structure. In recent years, the development of the energy-based progressive collapse assessment is attracting widespread interest from researchers in the field; as the approach can produce a similar structural response with the force-based dynamic analysis by only using static analysis. Most of the current energy-based progressive collapse assessments are developed following the requirements which are given in the progressive collapse guidelines provided by the Unified Facilities Criteria. However, little attention is given to the development of the energy-based approach using the Eurocode standards as a base guideline. This article highlights the merits of utilising the energy-based approach against the force-based approach for a collapsed structure and explains the collapse mechanism of a steel frame in the perspective of the energy concept. The state of the art of energy-based progressive collapse assessment for a structural steel frame is reviewed. The comprehensive review will include insights on the development of the energy-based method, assumptions, limitations, acceptance criterion and its applicability with the European standards. Finally, potential research gaps are discussed herein.

Download Full-text