Consortium Blockchain-Based Malware Detection in Mobile Devices

Consortium Blockchain-Based Malware Detection in Mobile Devices
Consortium Blockchain-Based
Malware Detection in Mobile Devices
MIDHUN P
Class no: 37 S7 BTECH CSE
15/09/2018 Dept. of CSE, MACE Kothamanglam 1

CONTENTS
• Introduction
• CB-MDEE
• Critical feature representation of software
• Multi-feature model of malware family
• Extraction of secure sensitive features

CONTENTS
• Multi-feature detection
• The fact-base of malicious codes based on blockchain
• Experiments of malware detection
• Conclusion
• References

INTRODUCTION
• Malware detection is a challenging issue
• 8,526,221 malicious installation packages,
• 128,886 mobile banking Trojans, and
• 261,214 mobile ransomware Trojans
• Bouncer tool
• Existing malware detection technology
 Static
 Dynamic

INTRODUCTION(contd..)
• Static
 Performance analysis of the control flow and data flow
 Code obfuscation, encryption, and other issues
• Dynamic
 Coverage of its dynamic testing code always is not enough
 The extraction of some features in the existing methods

required high time cost

INTRODUCTION(contd..)
• Blockchain
– distributed computing paradigm
– Public Blockchain
– Private Blockchain
– Consortium Blockchain
• Advantages of Block chain
– high data security
– high efficiency
– low cost

CB-MDEE
• Framework of Consortium Blockchain for Malware
Detection and Evidence Extraction (CB-MDEE) in
mobile devices
• Two parts of mixed chains
– detecting consortium chain by test members
– public chain by users
• Four Layers
– Network layer
– Storage layer
– Service support layer
– Application layer
CB-MDEE(contd..)
• The organization structure of the CB-MDEE
Courtesy : https://ieeexplore.ieee.org/document/8290934/
CB-MDEE(contd..)
• The overall framework of CB-MDEE
CRITICAL FEATURE REPRESENTATION

OF SOFTWARE
Sensitive Behaviour Graph (SBG)
 Android-based system that is driven by events
 To analyse software’s Inter-Component Communications
and use them to describe the behaviour of software
• Definition of SBG
 SBG = (Vd , Vn, E, µ)
Vd and Vn are subsets of the SBG’s node set
 E ⊆ Vn×Vd
 Vd → (ID, EntryType, Para)


OF SOFTWARE (contd..)
Sensitive Behavior Set (SBS)
• Definition
– SBS = {S1, S2, · · · , Sm}
– Where: St = {v|(vt, v) ∈ E ∩ (vt ∈ Vn, v ∈ Vd )} is a set of
secure sensitive methods
– In a SBG, the ith non-sensitive secure method call the set
of all secure sensitive methods


OF SOFTWARE (contd..)
Critical Feature Representation (CFR)
 Mismatch with content type and file extension
 root exploiting database file
• Definition
– CFR = (SBS, F, P)
• F is a 0-1 vector of features from the software installation
package
• P is the permission list of software applications.

MULTI-FEATURE MODEL OF MALWARE

FAMILY
MFM Model
 extract features of malware families
 If same family, critical features is a common structure
 Six tuple representation
• Definition
1. SBSc = { S c 1 , S c 2 , · · · , Scm} is a SBS of the

malware family
2. α : S c i → [0, 1] probability of the sensitive method set in
the malware family

MULTI-FEATURE MODEL OF MALWARE

FAMILY (contd..)
3. F c is the feature of software installation package of
malware family
4. β : f ∈ F c → [0, 1] represents the probability that each
feature in the Fc is in the malware family
5. Pc is the permission list of frequent applications in the
malware family
6. γ :p ∈ P c → d0, 1e represents the probability that each
permission of P c is in the malware family

EXTRACTION OF SECURE SENSITIVE

FEATURES
• Critical features of malware which can be extracted
from
– SBS
– Installation package features
– Permission features


FEATURES (contd..)
SENSITIVE BEHAVIOR SET (SBS)
• based on function names or related marks
a. Dynamic loading function
 load a new APK or jar package during the software
execution
 software can dynamically obtain new function
b. Java language
 dynamically construct and call objects
 improves the flexibility of malware logic


FEATURES (contd..)
c. Encryption and decryption functions
 attackers encrypt malicious loading files in the malware
 which makes it difficult to analyze the security
d. Native Development Kit (NDK)
 use of native codes cannot be limited by software
application permissions
 native nodes can use vulnerabilities of the system to
perform illegal operations
 trying to get root permissions


FEATURES (contd..)
FEATURES OF INSTALLATION PACKAGES
a. decompress the package file
b. traverse all files in the folder
c. determine whether the database file is a root file
according to the MD5 value
d. subroutines in the file (.jar files, .dex files and .apk files)
e. construct the feature vector F of the software installation
package


FEATURES (contd..)
PERMISSION FEATURES
• restrict APIs, resources, and components who have a
limited application accesses
• All permissions that need to be applied for are declared in a
AndroidManifest.xml
• APKParser to process the file
• extract the permission information to form the permission
list P of the software

MULTI-FEATURE DETECTION

THE FACT-BASE OF MALICIOUS CODES

BASED ON BLOCKCHAIN
• Result and information about the detection submit to
the fact-base
• Detection result includes
1. name of the malware
2. FamilyType
3. APK Feature
4. Permission Feature of the malware
5. Transaction hash value of the detection result

THE FACT-BASE OF MALICIOUS CODES

BASED ON BLOCKCHAIN (contd..)
• It can be used as
– the evidence of malicious codes
– to update the feature base of the malware family
• CB-MDEE data block
– Sensitive behavior feature
– installation package feature
– permission feature of software
– Timestamp
– hash value of the previous block

EXPERIMENTS OF MALWARE
DETECTION

CONCLUSION
• framework CB-MMDE through Blockchain

technology
• Analyse multiple features of malware families
• CB-MMDE can effectively detect and classify
known malware
• a higher accuracy
• lower time cost

CONCLUSION
• framework CB-MMDE through Blockchain

technology
• Analyse multiple features of malware families
• CB-MMDE can effectively detect and classify
known malware
• a higher accuracy
• lower time cost

REFERENCES
• [1] R. Uncheck, ‘‘Mobile malware evolution 2016,’’ Kaspersky
Lab., Moscow, Russia, Tech. Rep. 28. Feb. 2017.
• [2] N. J. Percoco and S. Schulte, ‘‘Adventures in BouncerLand—
Failures of automated malware detection within mobile application
markets,’’ Trustwave Holdings, Inc., Chicago, IL, USA, Tech. Rep.
1, 2012.
• [3] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, ‘‘Secure and
efficient time synchronization in heterogeneous sensor networks,’’
IEEE Trans. Veh. Technol., vol. 57, no. 4, pp. 2387–2394, Jul. 2008.
• [4] M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang,
‘‘RiskRanker: Scalable and accurate zero-day Android malware
detection,’’ in Proc. 10th Int. Conf. Mobile Syst., Appl., Services.
Low Wood Bay, U.K., 2012, pp. 281–293.

REFERENCES
• [5] Y. Xiao, X. Du, J. Zhang, and S. Guizani, ‘‘Internet protocol
television (IPTV): The killer application for the next generation
Internet,’’ IEEE Commun. Mag., vol. 45, no. 11, pp. 126–134, Nov.
2007.
• [6] L. Wu, X. Du, and X. Fu, ‘‘Security threats to mobile multimedia
applications: Camera-based attacks on mobile phones,’’ IEEE
Commun. Mag., vol. 52, no. 3, pp. 80–87, Mar. 2014.
• [7] M. Nofer, P. Gomber, O. Hinz, and D. Schiereck, ‘‘Blockchain,’’
Bus. Inf. Syst. Eng., vol. 59, no. 3, pp. 183–187, Mar. 2017.
• [8] J. J. Sikorski, J. Haughton, and M. Kraft, ‘‘Blockchain
technology in the chemical industry: Machine-to-machine electricity
market,’’ Appl. Energy, vol. 195, pp. 234–246, Jun. 2017.

THANK YOU

Consortium Blockchain-Based Malware Detection in Mobile Devices

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Consortium Blockchain-Based Malware Detection in Mobile Devices

Transféré par

Droits d'auteur :

Formats disponibles

Consortium Blockchain-Based Malware Detection in Mobile Devices

15/09/2018 Dept. of CSE, MACE Kothamanglam 1

• Critical feature representation of software

• Multi-feature model of malware family

• Extraction of secure sensitive features

15/09/2018 Dept. of CSE, MACE Kothamanglam 2

• The fact-base of malicious codes based on blockchain

• Experiments of malware detection

15/09/2018 Dept. of CSE, MACE Kothamanglam 3

15/09/2018 Dept. of CSE, MACE Kothamanglam 4

 Code obfuscation, encryption, and other issues

 The extraction of some features in the existing methods

15/09/2018 Dept. of CSE, MACE Kothamanglam 5

15/09/2018 Dept. of CSE, MACE Kothamanglam 6

CRITICAL FEATURE REPRESENTATION

15/09/2018 Dept. of CSE, MACE Kothamanglam 10

CRITICAL FEATURE REPRESENTATION

15/09/2018 Dept. of CSE, MACE Kothamanglam 11

CRITICAL FEATURE REPRESENTATION

15/09/2018 Dept. of CSE, MACE Kothamanglam 12

MULTI-FEATURE MODEL OF MALWARE

1. SBSc = { S c 1 , S c 2 , · · · , Scm} is a SBS of the

15/09/2018 Dept. of CSE, MACE Kothamanglam 13

MULTI-FEATURE MODEL OF MALWARE

15/09/2018 Dept. of CSE, MACE Kothamanglam 14

EXTRACTION OF SECURE SENSITIVE

15/09/2018 Dept. of CSE, MACE Kothamanglam 15

EXTRACTION OF SECURE SENSITIVE

15/09/2018 Dept. of CSE, MACE Kothamanglam 16

EXTRACTION OF SECURE SENSITIVE

15/09/2018 Dept. of CSE, MACE Kothamanglam 17

EXTRACTION OF SECURE SENSITIVE

15/09/2018 Dept. of CSE, MACE Kothamanglam 18

EXTRACTION OF SECURE SENSITIVE

15/09/2018 Dept. of CSE, MACE Kothamanglam 19

15/09/2018 Dept. of CSE, MACE Kothamanglam 20

THE FACT-BASE OF MALICIOUS CODES

15/09/2018 Dept. of CSE, MACE Kothamanglam 21

THE FACT-BASE OF MALICIOUS CODES

15/09/2018 Dept. of CSE, MACE Kothamanglam 22

15/09/2018 Dept. of CSE, MACE Kothamanglam 23

• framework CB-MMDE through Blockchain

15/09/2018 Dept. of CSE, MACE Kothamanglam 24

• framework CB-MMDE through Blockchain

15/09/2018 Dept. of CSE, MACE Kothamanglam 25

15/09/2018 Dept. of CSE, MACE Kothamanglam 26

15/09/2018 Dept. of CSE, MACE Kothamanglam 27

15/09/2018 Dept. of CSE, MACE Kothamanglam 28

Vous aimerez peut-être aussi