Hybrid-Based Analysis Impact on Ransomware Detection for Android Systems

Android ransomware is one of the most threatening attacks that is increasing at an alarming rate. Ransomware attacks usually target Android users by either locking their devices or encrypting their data files and then requesting them to pay money to unlock the devices or recover the files back. Existing solutions for detecting ransomware mainly use static analysis. However, limited approaches apply dynamic analysis specifically for ransomware detection. Furthermore, the performance of these approaches is either poor or often fails in the presence of code obfuscation techniques or benign applications that use cryptography methods for their APIs usage. Additionally, most of them are unable to detect ransomware attacks at early stages. Therefore, this paper proposes a hybrid detection system that effectively utilizes both static and dynamic analyses to detect ransomware with high accuracy. For the static analysis, the proposed hybrid system considered more than 70 state-of-the-art antivirus engines. For the dynamic analysis, this research explored the existing dynamic tools and conducted an in-depth comparative study to find the proper tool to integrate it in detecting ransomware whenever needed. To evaluate the performance of the proposed hybrid system, we analyzed statically and dynamically over one hundred ransomware samples. These samples originated from 10 different ransomware families. The experiments’ results revealed that static analysis achieved almost half of the detection accuracy—ranging around 40–55%, compared to the dynamic analysis, which reached a 100% accuracy rate. Moreover, this research reports some of the high API classes, methods, and permissions used in these ransomware apps. Finally, some case studies are highlighted, including failed running apps and crypto-ransomware patterns.

Download Full-text

A Novel Immune-Inspired Shellcode Detection Algorithm Based on Hyperellipsoid Detectors

Security and Communication Networks ◽

10.1155/2018/2063089 ◽

2018 ◽

Vol 2018 ◽

pp. 1-10 ◽

Cited By ~ 1

Author(s):

Tianliang Lu ◽

Lu Zhang ◽

Yixian Fu

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Clonal Selection ◽

Detection System ◽

Detection Algorithm ◽

Machine Language ◽

Detection Accuracy ◽

Clonal Selection Algorithm ◽

Selection Algorithm ◽

Negative Selection Algorithm

Shellcodes are machine language codes injected into target programs in the form of network packets or malformed files. Shellcodes can trigger buffer overflow vulnerability and execute malicious instructions. Signature matching technology used by antivirus software or intrusion detection system has low detection rate for unknown or polymorphic shellcodes; to solve such problem, an immune-inspired shellcode detection algorithm was proposed, named ISDA. Static analysis and dynamic analysis were both applied. The shellcodes were disassembled to assembly instructions during static analysis and, for dynamic analysis, the API function sequences of shellcodes were obtained by simulation execution to get the behavioral features of polymorphic shellcodes. The extracted features of shellcodes were encoded to antigens based on n-gram model. Immature detectors become mature after immune tolerance based on negative selection algorithm. To improve nonself space coverage rate, the immune detectors were encoded to hyperellipsoids. To generate better antibody offspring, the detectors were optimized through clonal selection algorithm with genetic mutation. Finally, shellcode samples were collected and tested, and result shows that the proposed method has higher detection accuracy for both nonencoded and polymorphic shellcodes.

Download Full-text

Transcription Alignment of Historical Vietnamese Manuscripts without Human-Annotated Learning Samples

Applied Sciences ◽

10.3390/app11114894 ◽

2021 ◽

Vol 11 (11) ◽

pp. 4894

Author(s):

Anna Scius-Bertrand ◽

Michael Jungo ◽

Beat Wolf ◽

Andreas Fischer ◽

Marc Bui

Keyword(s):

Object Detection ◽

State Of The Art ◽

Positive Impact ◽

Detection System ◽

Training Data ◽

Detection Accuracy ◽

Current State ◽

Alignment Task ◽

Scanned Image ◽

Automatic Transcription

The current state of the art for automatic transcription of historical manuscripts is typically limited by the requirement of human-annotated learning samples, which are are necessary to train specific machine learning models for specific languages and scripts. Transcription alignment is a simpler task that aims to find a correspondence between text in the scanned image and its existing Unicode counterpart, a correspondence which can then be used as training data. The alignment task can be approached with heuristic methods dedicated to certain types of manuscripts, or with weakly trained systems reducing the required amount of annotations. In this article, we propose a novel learning-based alignment method based on fully convolutional object detection that does not require any human annotation at all. Instead, the object detection system is initially trained on synthetic printed pages using a font and then adapted to the real manuscripts by means of self-training. On a dataset of historical Vietnamese handwriting, we demonstrate the feasibility of annotation-free alignment as well as the positive impact of self-training on the character detection accuracy, reaching a detection accuracy of 96.4% with a YOLOv5m model without using any human annotation.

Download Full-text

FastText-Based Intent Detection for Inflected Languages

Information ◽

10.3390/info10050161 ◽

2019 ◽

Vol 10 (5) ◽

pp. 161 ◽

Cited By ~ 4

Author(s):

Kaspars Balodis ◽

Daiga Deksne

Keyword(s):

Neural Network ◽

State Of The Art ◽

Detection System ◽

Detection Accuracy ◽

Word Embeddings ◽

Neural Network Classifier ◽

Dialogue System ◽

Baltic Countries

Intent detection is one of the main tasks of a dialogue system. In this paper, we present our intent detection system that is based on fastText word embeddings and a neural network classifier. We find an improvement in fastText sentence vectorization, which, in some cases, shows a significant increase in intent detection accuracy. We evaluate the system on languages commonly spoken in Baltic countries—Estonian, Latvian, Lithuanian, English, and Russian. The results show that our intent detection system provides state-of-the-art results on three previously published datasets, outperforming many popular services. In addition to this, for Latvian, we explore how the accuracy of intent detection is affected if we normalize the text in advance.

Download Full-text

Runtime Detection Framework for Android Malware

Mobile Information Systems ◽

10.1155/2018/8094314 ◽

2018 ◽

Vol 2018 ◽

pp. 1-15 ◽

Cited By ~ 1

Author(s):

TaeGuen Kim ◽

BooJoong Kang ◽

Eul Gyu Im

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Suffix Tree ◽

Malware Detection ◽

Application Programming Interface ◽

Detection Methods ◽

Detection Accuracy ◽

Dynamic Features ◽

Android Malware ◽

Android Malware Detection

As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework.

Download Full-text

All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis

Security and Communication Networks ◽

10.1155/2019/5278137 ◽

2019 ◽

Vol 2019 ◽

pp. 1-16 ◽

Cited By ~ 1

Author(s):

Mi-Jung Choi ◽

Jiwon Bang ◽

Jongwook Kim ◽

Hajin Kim ◽

Yang-Sae Moon

Keyword(s):

Detection Method ◽

State Of The Art ◽

Experimental Results ◽

Detection Accuracy ◽

Malware Analysis ◽

Integrated Framework ◽

Detection Techniques ◽

Verification Algorithm ◽

Extensive Analysis ◽

Hybrid Detection

Packing is the most common analysis avoidance technique for hiding malware. Also, packing can make it harder for the security researcher to identify the behaviour of malware and increase the analysis time. In order to analyze the packed malware, we need to perform unpacking first to release the packing. In this paper, we focus on unpacking and its related technologies to analyze the packed malware. Through extensive analysis on previous unpacking studies, we pay attention to four important drawbacks: no phase integration, no detection combination, no real-restoration, and no unpacking verification. To resolve these four drawbacks, in this paper, we present an all-in-one structure of the unpacking system that performs packing detection, unpacking (i.e., restoration), and verification phases in an integrated framework. For this, we first greatly increase the packing detection accuracy in the detection phase by combining four existing and new packing detection techniques. We then improve the unpacking phase by using the state-of-the-art static and dynamic unpacking techniques. We also present a verification algorithm evaluating the accuracy of unpacking results. Experimental results show that the proposed all-in-one unpacking system performs all of the three phases well in an integrated framework. In particular, the proposed hybrid detection method is superior to the existing methods, and the system performs unpacking very well up to 100% of restoration accuracy for most of the files except for a few packers.

Download Full-text

3D Object Detection and Instance Segmentation from 3D Range and 2D Color Images

Sensors ◽

10.3390/s21041213 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1213

Author(s):

Xiaoke Shen ◽

Ioannis Stamos

Keyword(s):

Object Detection ◽

State Of The Art ◽

Detection System ◽

Significant Loss ◽

Detection Accuracy ◽

Lighting Conditions ◽

Rgb Images ◽

3D Object Detection ◽

And Robotics ◽

Instance Segmentation

Instance segmentation and object detection are significant problems in the fields of computer vision and robotics. We address those problems by proposing a novel object segmentation and detection system. First, we detect 2D objects based on RGB, depth only, or RGB-D images. A 3D convolutional-based system, named Frustum VoxNet, is proposed. This system generates frustums from 2D detection results, proposes 3D candidate voxelized images for each frustum, and uses a 3D convolutional neural network (CNN) based on these candidates voxelized images to perform the 3D instance segmentation and object detection. Results on the SUN RGB-D dataset show that our RGB-D-based system’s 3D inference is much faster than state-of-the-art methods, without a significant loss of accuracy. At the same time, we can provide segmentation and detection results using depth only images, with accuracy comparable to RGB-D-based systems. This is important since our methods can also work well in low lighting conditions, or with sensors that do not acquire RGB images. Finally, the use of segmentation as part of our pipeline increases detection accuracy, while providing at the same time 3D instance segmentation.

Download Full-text

Multitask Learning with Knowledge Base for Joint Intent Detection and Slot Filling

Applied Sciences ◽

10.3390/app11114887 ◽

2021 ◽

Vol 11 (11) ◽

pp. 4887

Author(s):

Ting He ◽

Xiaohong Xu ◽

Yating Wu ◽

Huazhen Wang ◽

Jian Chen

Keyword(s):

Knowledge Base ◽

Resource Sharing ◽

Short Term Memory ◽

State Of The Art ◽

Detection System ◽

Joint Model ◽

Detection Accuracy ◽

Dialog Systems ◽

Task Oriented ◽

Slot Filling

Intent detection and slot filling are important modules in task-oriented dialog systems. In order to make full use of the relationship between different modules and resource sharing, solving the problem of a lack of semantics, this paper proposes a multitasking learning intent-detection system, based on the knowledge-base and slot-filling joint model. The approach has been used to share information and rich external utility between intent and slot modules in a three-part process. First, this model obtains shared parameters and features between the two modules based on long short-term memory and convolutional neural networks. Second, a knowledge base is introduced into the model to improve its performance. Finally, a weighted-loss function is built to optimize the joint model. Experimental results demonstrate that our model achieves better performance compared with state-of-the-art algorithms on a benchmark Airline Travel Information System (ATIS) dataset and the Snips dataset. Our joint model achieves state-of-the-art results on the benchmark ATIS dataset with a 1.33% intent-detection accuracy improvement, a 0.94% slot filling F value improvement, and with 0.19% and 0.31% improvements respectively on the Snips dataset.

Download Full-text

Expression and Construction of Yeast Expression Vector Containing CsTCTP1 Gene from Cucumber in Yeast Two-Hybrid System

The Open Plant Science Journal ◽

10.2174/1874294701710010055 ◽

2017 ◽

Vol 10 (1) ◽

pp. 55-61

Author(s):

Qiu-Min Chen ◽

Na Cui ◽

Yang Yu ◽

Xiang-Nan Meng ◽

Hai-Yan Fan

Keyword(s):

Hybrid System ◽

Gene Function ◽

Expression Vector ◽

Detection System ◽

Yeast Expression ◽

Yeast Two Hybrid ◽

Bait Protein ◽

Yeast Two Hybrid System ◽

Hybrid Detection ◽

Two Hybrid

Background: The translationally controlled tumor protein (TCTP) was originally found in tumor tissue, and later found in other tissues. Initially, TCTP was considered a kind of growth-associated protein. Recent studies have shown that TCTP has many biological functions. Objective: To verification of CsTCTP1 gene function by yeast two-hybrid system, the pGBKT7- CsTCTP1 yeast expression vector was constructed and cytotoxicity and self-activating activity were detected, which could lay the foundation for further studies on gene function and make a preparation for verification of CsTCTP1 gene function by yeast two-hybrid system. Method: Specific PCR, conventional sequencing, heat shock conversion method and TE/LiAC transformation method. Results: We constructed a yeast expression vector containing the CsTCTP1 gene. The CsTCTP1 coding sequence was inserted into a pGBKT7 vector as a bait protein and then transformed into the Y2HGold yeast stain. Conclusion: We found that CsTCTP1 protein had no cytotoxic effect and could not be self-activated. The constructed bait expression vector can be used in the subsequent yeast two - hybrid detection system.

Download Full-text

Hybrid Intrusion Detection System for DDoS Attacks

Journal of Electrical and Computer Engineering ◽

10.1155/2016/1075648 ◽

2016 ◽

Vol 2016 ◽

pp. 1-8 ◽

Cited By ~ 17

Author(s):

Özge Cepheli ◽

Saliha Büyükçorak ◽

Güneş Karabulut Kurt

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Detection Methods ◽

Detection Accuracy ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Hybrid Detection ◽

Security Problem

Distributed denial-of-service (DDoS) attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS), for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

Download Full-text

Detection of Malicious Spatial-Domain Steganography over Noisy Channels Using Convolutional Neural Networks

Electronic Imaging ◽

10.2352/issn.2470-1173.2020.4.mwsf-076 ◽

2020 ◽

Vol 2020 (4) ◽

pp. 76-1-76-7

Author(s):

Swaroop Shankar Prasad ◽

Ofer Hadar ◽

Ilia Polian

Keyword(s):

State Of The Art ◽

Visual Quality ◽

Channel Noise ◽

Detection Accuracy ◽

Noisy Channel ◽

Noisy Channels ◽

Reliable Transmission ◽

Reliable Detection ◽

Natural Noise ◽

Will Force

Image steganography can have legitimate uses, for example, augmenting an image with a watermark for copyright reasons, but can also be utilized for malicious purposes. We investigate the detection of malicious steganography using neural networkbased classification when images are transmitted through a noisy channel. Noise makes detection harder because the classifier must not only detect perturbations in the image but also decide whether they are due to the malicious steganographic modifications or due to natural noise. Our results show that reliable detection is possible even for state-of-the-art steganographic algorithms that insert stego bits not affecting an image’s visual quality. The detection accuracy is high (above 85%) if the payload, or the amount of the steganographic content in an image, exceeds a certain threshold. At the same time, noise critically affects the steganographic information being transmitted, both through desynchronization (destruction of information which bits of the image contain steganographic information) and by flipping these bits themselves. This will force the adversary to use a redundant encoding with a substantial number of error-correction bits for reliable transmission, making detection feasible even for small payloads.

Download Full-text