scholarly journals Fuzzy Integral-Based Multi-Classifiers Ensemble for Android Malware Classification

Mathematics ◽  
2021 ◽  
Vol 9 (22) ◽  
pp. 2880
Author(s):  
Altyeb Taha ◽  
Omar Barukab ◽  
Sharaf Malebary
Keyword(s):  
Difficult Problem ◽  
Third Party ◽  
Fuzzy Integral ◽  
User Privacy ◽  
Dynamic Nature ◽  
Android Malware ◽  
Android Apps ◽  
Multiple Classifiers ◽  
Malware Classification ◽  
Security Checks

One of the most commonly used operating systems for smartphones is Android. The open-source nature of the Android operating system and the ability to include third-party Android apps from various markets has led to potential threats to user privacy. Malware developers use sophisticated methods that are intentionally designed to bypass the security checks currently used in smartphones. This makes effective detection of Android malware apps a difficult problem and important issue. This paper proposes a novel fuzzy integral-based multi-classifier ensemble to improve the accuracy of Android malware classification. The proposed approach utilizes the Choquet fuzzy integral as an aggregation function for the purpose of combining and integrating the classification results of several classifiers such as XGBoost, Random Forest, Decision Tree, AdaBoost, and LightGBM. Moreover, the proposed approach utilizes an adaptive fuzzy measure to consider the dynamic nature of the data in each classifier and the consistency and coalescence between each possible subset of classifiers. This enables the proposed approach to aggregate the classification results from the multiple classifiers. The experimental results using the dataset, consisting of 9476 Android goodware apps and 5560 malware Android apps, show that the proposed approach for Android malware classification based on the Choquet fuzzy integral technique outperforms the single classifiers and achieves the highest accuracy of 95.08%.

scholarly journals Deep Learning Based Static Analysis of Malwares in Android Applications

2021 ◽  
Author(s):  
Nivedha K ◽  
Indra Gandhi K ◽  
Shibi S ◽  
Nithesh V ◽  
Ashwin M
Keyword(s):  
Operating System ◽  
Deep Learning ◽  
Open Source ◽  
Text Messages ◽  
Third Party ◽  
Android Application ◽  
Android Malware ◽  
Android Apps ◽  
User Data ◽  
Android Applications

Android is a widely distributed mobile operating system developed especially for mobile devices with touch screens. It is an open source, Google-distributed Linux-based mobile operating system. Since Android is open source, it enables Android devices to be targeted effectively by malware developers. Third-party markets do not search for malicious applications in their databases, so installing Android Application Packages (APKs) from these uncontrolled market places is often risky. Without user’s notice, these malware infected applications gain access to private user data, send text messages that costs the user, or hide malware apk file inside another application. The total number of new samples of Android malware amounted to 482,579 per month as of March 2020. In this paper deep learning approach that focuses on malware detection in android apps to protect data on user devices. We use different static features that are present in an Android application for the implementation of the proposed system. The system extracts various static features and gives them to the classifier for deep learning and shows the results. This proposed system will assist users in checking applications that are not downloaded from the official market.

scholarly journals Analysis of Permissions Correlation for Android Apps Using Statistical SVD Approach

2020 ◽  
Vol 8 (2) ◽  
pp. 10-19
Author(s):  
Zon Nyein Nway
Keyword(s):  
Private Information ◽  
Statistical Technique ◽  
Mobile App ◽  
Third Party ◽  
Risk Level ◽  
Android Malware ◽  
Android Apps ◽  
Android Applications ◽  
Value Decomposition ◽  
Almost All

Nowadays, almost all the users use Android applications in their smart phones for various reasons Since Android is free operating system, android-apps can be easily downloaded via biggest open app stores and third-party mobile app markets. But these applications were not guaranteed whether these are malware apps or not by legitimate organizations. As mobile phones are glued with most of the people, malware applications threaten all of them for their private information. So, the work of analysis for the apps is very important. The proposed system analyzes the correlation patterns of app’s permissions that must be used in all android apps by developers by using a statistical technique called singular value decomposition (SVD). The analysis phase uses the numbers of malware samples 50 to 300 from https://www.kaggle.com/goorax/static-analysis-of-android-malware-of-2017. The proposed system evaluates the risk level (High, Medium, and Low) of Android applications based on the correlation patterns of permissions. The system accuracy is 85% for both malware and goodware applications. Nowadays, almost all the users use Android applications in their smart phones for various reasons Since Android is free operating system, android-apps can be easily downloaded via biggest open app stores and third-party mobile app markets. But these applications were not guaranteed whether these are malware apps or not by legitimate organizations. As mobile phones are glued with most of the people, malware applications threaten all of them for their private information. So, the work of analysis for the apps is very important. The proposed system analyzes the correlation patterns of app’s permissions that must be used in all android apps by developers by using a statistical technique called singular value decomposition (SVD). The analysis phase uses the numbers of malware samples 50 to 300 from https://www.kaggle.com/goorax/static-analysis-of-android-malware-of-2017. The proposed system evaluates the risk level (High, Medium, and Low) of Android applications based on the correlation patterns of permissions. The system accuracy is 85% for both malware and goodware applications.

Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

2020 ◽  
Author(s):  
Alex Akinbi ◽  
Ehizojie Ojie
Keyword(s):  
Preliminary Analysis ◽  
Service Providers ◽  
User Participation ◽  
Memory Storage ◽  
Phone Call ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Android Apps ◽  
User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

scholarly journals Lattice-based remote user authentication from reusable fuzzy signature

2021 ◽  
pp. 1-26
Author(s):  
Yangguang Tian ◽  
Yingjiu Li ◽  
Robert H. Deng ◽  
Binanda Sengupta ◽  
Guomin Yang
Keyword(s):  
Communication Channel ◽  
User Authentication ◽  
Third Party ◽  
Quantum Computers ◽  
User Privacy ◽  
Remote User Authentication ◽  
Security Models ◽  
Authentication Server ◽  
New Construction ◽  
Remote User

In this paper, we introduce a new construction of reusable fuzzy signature based remote user authentication that is secure against quantum computers. We investigate the reusability of fuzzy signature, and we prove that the fuzzy signature schemes provide biometrics reusability (aka. reusable fuzzy signature). We define formal security models for the proposed construction, and we prove that it achieves user authenticity and user privacy. The proposed construction ensures: 1) a user’s biometrics can be securely reused in remote user authentication; 2) a third party having access to the communication channel between a user and the authentication server cannot identify the user.

Enhancing Privacy in PUF-Cash through Multiple Trusted Third Parties and Reinforcement Learning

2022 ◽  
Vol 18 (1) ◽  
pp. 1-26
Author(s):  
Georgios Fragkos ◽  
Cyrus Minwalla ◽  
Eirini Eleni Tsiropoulou ◽  
Jim Plusquellic
Keyword(s):  
User Anonymity ◽  
Third Party ◽  
Security And Privacy ◽  
Machine Learning Techniques ◽  
User Privacy ◽  
Trusted Third Party ◽  
Physical Unclonable Functions ◽  
Learning Techniques ◽  
Direct Contrast ◽  
Debit Cards

Electronic cash ( e-Cash ) is a digital alternative to physical currency such as coins and bank notes. Suitably constructed, e-Cash has the ability to offer an anonymous offline experience much akin to cash, and in direct contrast to traditional forms of payment such as credit and debit cards. Implementing security and privacy within e-Cash, i.e., preserving user anonymity while preventing counterfeiting, fraud, and double spending, is a non-trivial challenge. In this article, we propose major improvements to an e-Cash protocol, termed PUF-Cash, based on physical unclonable functions ( PUFs ). PUF-Cash was created as an offline-first, secure e-Cash scheme that preserved user anonymity in payments. In addition, PUF-Cash supports remote payments; an improvement over traditional currency. In this work, a novel multi-trusted-third-party exchange scheme is introduced, which is responsible for “blinding” Alice’s e-Cash tokens; a feature at the heart of preserving her anonymity. The exchange operations are governed by machine learning techniques which are uniquely applied to optimize user privacy, while remaining resistant to identity-revealing attacks by adversaries and trusted authorities. Federation of the single trusted third party into multiple entities distributes the workload, thereby improving performance and resiliency within the e-Cash system architecture. Experimental results indicate that improvements to PUF-Cash enhance user privacy and scalability.

scholarly journals Privacy-preserving energy storage sharing with blockchain and secure multi-party computation

2021 ◽  
Vol 1 (1) ◽  
pp. 32-50
Author(s):  
Nan Wang ◽  
Sid Chi-Kin Chau ◽  
Yue Zhou
Keyword(s):  
Energy Storage ◽  
Energy Demand ◽  
Empirical Evaluation ◽  
Privacy Preserving ◽  
Third Party ◽  
User Privacy ◽  
External Energy ◽  
Novel Approach ◽  
Significant Cost Reduction ◽  
The Cost

Energy storage provides an effective way of shifting temporal energy demands and supplies, which enables significant cost reduction under time-of-use energy pricing plans. Despite its promising benefits, the cost of present energy storage remains expensive, presenting a major obstacle to practical deployment. A more viable solution to improve the cost-effectiveness is by sharing energy storage, such as community sharing, cloud energy storage and peer-to-peer sharing. However, revealing private energy demand data to an external energy storage operator may compromise user privacy, and is susceptible to data misuses and breaches. In this paper, we explore a novel approach to support energy storage sharing with privacy protection, based on privacy-preserving blockchain and secure multi-party computation. We present an integrated solution to enable privacy-preserving energy storage sharing, such that energy storage service scheduling and cost-sharing can be attained without the knowledge of individual users' demands. It also supports auditing and verification by the grid operator via blockchain. Furthermore, our privacy-preserving solution can safeguard against a majority of dishonest users, who may collude in cheating, without requiring a trusted third-party. We implemented our solution as a smart contract on real-world Ethereum blockchain platform, and provided empirical evaluation in this paper 1 .

Sign in / Sign up

Export Citation Format

Share Document