Suarez-Tangil, G;
Dash, SK;
Garcia-Teodoro, P;
Camacho, J;
Cavallaro, L;
(2018)
Anomaly-based exploratory analysis and detection of exploits in android mediaserver.
IET Information Security
, 12
(5)
pp. 404-413.
10.1049/iet-ifs.2017.0460.
Preview |
Text
Dash_2018iet_exploits_segment.pdf - Accepted Version Download (497kB) | Preview |
Abstract
Smartphone platforms are becoming increasingly complex, which gives way to software vulnerabilities difficult to identify and that might allow malware developers to gain unauthorised privileges through technical exploitation. However, the authors maintain that these types of attacks indirectly renders a number of unexpected behaviours in the system that can be profiled. In this work, the authors present CoME , an anomaly-based methodology aiming at detecting software exploitation in Android systems. CoME models the normal behaviour of a given software component or service and it is capable of identifying any unanticipated behaviour. To this end, they first monitor the normal operation of a given exploitable component through lightweight virtual introspection. Then, they use a multivariate analysis approach to estimate the normality model and detect anomalies. They evaluate their system against one of the most critical vulnerable and widely exploited services in Android, i.e. the mediaserver. Results show that the proposed approach can not only provide a meaningful explanatory of discriminant features for illegitimate activities, but can also be used to accurately detect malicious software exploitations at runtime.
| Type: | Article |
|---|---|
| Title: | Anomaly-based exploratory analysis and detection of exploits in android mediaserver |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1049/iet-ifs.2017.0460 |
| Publisher version: | http://dx.doi.org/10.1049/iet-ifs.2017.0460 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Science & Technology, Technology, Computer Science, Information Systems, Computer Science, Theory & Methods, Computer Science, smart phones, computer network security, computer crime, program diagnostics, invasive software, unauthorised privileges, technical exploitation, unexpected behaviours, detecting software exploitation, Android systems, CoME models the normal behaviour, unanticipated behaviour, normal operation, lightweight virtual introspection, multivariate analysis approach, normality model, critical vulnerable services, widely exploited services, malicious software exploitations, smartphone platforms, software vulnerabilities, malware developers, software component, anomaly-based exploratory analysis, Android mediaserver, exploitable component, EVOLUTION, SYSTEMS, SUPPORT |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10056966 |
Archive Staff Only
 |
View Item |
