scholarly journals AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 326 ◽  
Author(s):  
Amr Amin ◽  
Amgad Eldessouki ◽  
Menna Tullah Magdy ◽  
Nouran Abdeen ◽  
Hanan Hindy ◽  
...  
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Mobile Applications ◽  
Web Application ◽  
Hybrid Approach ◽  
High Rate ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Static And Dynamic Analysis ◽  
Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

Identification of Cryptographic Vulnerability and Malware Detection in Android

2017 ◽  
Vol 11 (3) ◽  
pp. 15-28 ◽  
Author(s):  
Anjali Kumawat ◽  
Anil Kumar Sharma ◽  
Sunita Kumawat
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Malware Detection ◽  
Android Application ◽  
Malicious Attacks ◽  
Web Page ◽  
Static And Dynamic Analysis ◽  
Android System ◽  
User Friendly ◽  
The Web

Android based Smartphones are nowadays getting more popular. While using Smartphone, user is always concerned about security and malicious attacks, cryptographic vulnerability of the applications. With increase in the number of Android mobiles, Android malwares are also increasing very rapidly. So the authors have proposed the “Identification of cryptographic vulnerability and malware detection in Android” system. They have designed a user friendly android application, through which user and developer can easily test the application whether it is benign or vulnerable. The application will be tested firstly using static analysis and then the dynamic analysis will be carried out. The authors have implemented static and dynamic analysis of android application for vulnerable and malicious app detection. They have also created a web page. User can either use the application or the web page.

Comparison of Static and Dynamic Analysis on KJYF96/8 Mobile Refuge Chamber

2014 ◽  
Vol 670-671 ◽  
pp. 892-895
Author(s):  
An Ning Zhang ◽  
Yu Ming Gu
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Dynamic Pressure ◽  
External Pressure ◽  
Structure Design ◽  
Weighting Method ◽  
Static And Dynamic Analysis ◽  
Finite Element Software ◽  
Pressure Peak ◽  
The Difference

This paper studied the difference between the static analysis and dynamic analysis on the mobile refuge chamber. The structure strength static analysis of KJYF96/8 mobile refuge chamber was made by the finite element software SolidWorks Simulation and the stress cloud chart and the displacement cloud chart were obtained. The corresponding relation between the dynamic analysis result and the static analysis result was obtained based on the comparison with the result of the dynamic analysis. The results indicate that the values of the max stress and displacement by static analysis with a uniform external pressure of the dynamic pressure peak value are greater than those by dynamic analysis. And the weighting method of static analysis can be used in the coal mine mobile refuge chamber structure design process instead of dynamic analysis.

scholarly journals A Neural Network Based Hybrid Approach for Analysing and Detecting Malware Threat in Android Applications

2018 ◽  
Vol 7 (4.6) ◽  
pp. 410
Author(s):  
Hetal Suresh ◽  
Joseph Raymond V
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Static Analysis ◽  
Mobile Phones ◽  
Recurrent Neural Network ◽  
Hybrid Approach ◽  
Sensitive Data ◽  
Social Accounts ◽  
Android Applications ◽  
Do So

Mobile phones has become very integral part in our day to day life. In the digitalized world most of our day to day activities rely on mobile phone like banking activities, wallet payments, credentials, social accounts etc. Our system works in such a way that if there is an advantage to a technology there also exists a disadvantage. Every users have all their private and sensitive data in their mobile phones and download random applications from different platforms like play store, App store etc. There is a huge possibility that the applications downloaded are malicious applications. The existing system provides a solution for detection of such applications with the help of antivirus which has pre-built signatures that can be used to obtain an already existing malware which can be modified and manipulated by the hacker if they tend to do so. In this project, our purpose is to identify the malicious applications using Machine learning. By combining both static analysis and dynamic analysis we can use a Hybrid approach for analysing and detecting malware threats in android applications using Recurrent Neural Network (RNN). The main aim of this project will be to ensure that the application installed is benign, if it is not, it should block such applications and notify the user. 

Dynamic Analysis of a Subsea Spool Under Dropped Container Impact Loads

2020 ◽  
Author(s):  
Zhenhui Liu ◽  
Ragnar Igland ◽  
Sindre Bruaseth ◽  
Luca Ercoli-Malacari
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Impact Analysis ◽  
Oil Field ◽  
Global Model ◽  
Time Range ◽  
Impact Loads ◽  
Static And Dynamic Analysis ◽  
Impact Impulse ◽  
The Impact

Abstract A rigid subsea spool is used to connect the riser of a jacket platform to oil export pipeline in Johan Sverdrup oil field. The location is within the lifting zones of the platform. Consequently, the dropped object hazard has potential high risk and needs to be checked. This paper presents a numerical model on accessing the structural dynamics of subsea spool under the dropped container impact loads by using de-coupled local and global model. The impact impulse was obtained from local impact analysis by Abaqus Explicit solver, in which deformations from container and pipeline are both captured. The global model was built by using inhouse program utilizing ANSYS APDL macros. A simple input file is only needed for end users. The nonlinear pipe and soil interaction is included in a simplified manner. The model comprises of static and dynamic analysis parts. The static analysis captures the in-place configuration and the functional loads. The dynamic analysis is a restart with inherited stress state from static analysis. The impact impulse was applied by point loads in a certain time range. The nonlinear soil stiffness was approached by spring elements (compression only). The dynamic analysis was done in a longer time, ensuring to capture any dynamic effects. The interface loads at the riser stick-out and riser anchor are both extracted and discussed. Concluding remarks have been made accordingly.

Identification of Cryptographic Vulnerability and Malware Detection in Android

2021 ◽  
pp. 58-74
Author(s):  
Anjali Kumawat ◽  
Anil Kumar Sharma ◽  
Sunita Kumawat
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Malware Detection ◽  
Android Application ◽  
Malicious Attacks ◽  
Web Page ◽  
Static And Dynamic Analysis ◽  
Android System ◽  
User Friendly ◽  
The Web

Android based Smartphones are nowadays getting more popular. While using Smartphone, user is always concerned about security and malicious attacks, cryptographic vulnerability of the applications. With increase in the number of Android mobiles, Android malwares are also increasing very rapidly. So the authors have proposed the “Identification of cryptographic vulnerability and malware detection in Android” system. They have designed a user friendly android application, through which user and developer can easily test the application whether it is benign or vulnerable. The application will be tested firstly using static analysis and then the dynamic analysis will be carried out. The authors have implemented static and dynamic analysis of android application for vulnerable and malicious app detection. They have also created a web page. User can either use the application or the web page.

DETECTING SERVER-SIDE ENDPOINTS IN WEB APPLICATIONS BASED ON STATIC ANALYSIS OF CLIENT-SIDE JavaScript CODE

2021 ◽  
pp. 32-54
Author(s):  
D. A. Sigalov ◽  
◽  
A. A. Khashaev ◽  
D. Yu. Gamayunov ◽  
◽  
...  
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Analysis ◽  
Endpoint Detection ◽  
Security Testing ◽  
Application Security ◽  
Server Side ◽  
Dynamic Web ◽  
Client Side

The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

scholarly journals Two Anatomists Are Better than One—Dual-Level Android Malware Detection

Symmetry ◽  
2020 ◽  
Vol 12 (7) ◽  
pp. 1128 ◽  
Author(s):  
Vasileios Kouliaridis ◽  
Georgios Kambourakis ◽  
Dimitris Geneiatakis ◽  
Nektaria Potha
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Web Application ◽  
Classification Performance ◽  
Detection Accuracy ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Dynamic Instrumentation ◽  
Android Malware Detection ◽  
Hybrid Solutions

The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, that is, fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-à-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics.

scholarly journals Static and Dynamic Analysis of a Pump Impeller with a Balancing Device Part I: Static Analysis

2014 ◽  
Vol 19 (3) ◽  
pp. 609-619
Author(s):  
C. Kundera ◽  
V.A. Martsinkovsky
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Performance Parameters ◽  
Static Characteristics ◽  
Pump Impeller ◽  
Static And Dynamic Analysis ◽  
Numerical Example ◽  
Basic Performance ◽  
Simplifying Assumptions ◽  
Impeller Geometry

Abstract This part of the work presents the design and static analysis of an impeller for a single-stage pump. The impeller is directly connected with a balancing device. The impeller needs to have a properly designed system of longitudinal and lateral clearances on both sides. With the simplifying assumptions concerning the flow and distribution of pressure in the longitudinal and lateral clearances, the static analysis involved deriving relationships between the impeller geometry and the basic performance parameters of the pump. A numerical example was used to show the calculation procedure of static characteristics for the predetermined parameters

Sign in / Sign up

Export Citation Format

Share Document