Identifying cyber threats to mobile-IoT applications in edge computing paradigm

Abstract The malware has become an increasing problem for Mobile-Internet of Things applications in edge computing platform. Variants of malware can be identified once their general characteristics are known and overtly malicious behavior can be identified. Some research has been performed using static analysis in order to identify privacy violating malware for IoT in edge computing. Dynamic analysis can be easily evaded as malware can adapt to avoid detection and has performance overheads. The case where an application lies about its intention for requesting a permission or intentionally violates the user’s expectation of an applications behavior is not so well researched. This research extensively explores the fundamental gap in the current literature in terms of mobile malware. We particularly focus on a greater set of permissions which may be leveraged for other purposes, for example by using sensors to record user credentials or monitoring a user’s movements. This research will attempt to identify such scenarios by employing behavioral analysis to determine when and how permissions are used and static and dynamic analysis to determine the behavior of application logic yet to execute. We proposed two-layer detection engine with hybrid feature analysis. Experimental results with real mobile malware IoT data show that our proposed approach with permission related features outperforms other detection engines.

[1]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[2]  Zhenkai Liang,et al.  HookFinder: Identifying and Understanding Malware Hooking Behaviors , 2008, NDSS.

[3]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[4]  Stefan Katzenbeisser,et al.  Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[6]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[7]  Wouter Joosen,et al.  Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..

[8]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[9]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[10]  Xin Zheng,et al.  Secure web applications via automatic partitioning , 2007, SOSP.

[11]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[12]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[13]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[14]  Jacques Klein,et al.  Static analysis of android apps: A systematic literature review , 2017, Inf. Softw. Technol..

[15]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[16]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[17]  Christopher Krügel,et al.  Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.

[18]  Roy H. Campbell,et al.  Cloaker: Hardware Supported Rootkit Concealment , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[20]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..