MobSec: Malware and Security in the Mobile Age
Sponsored by EPSRC (EP/L022710/1) and a donation from Intel Security / McAfee Labs UK.
A main theme of the project are mobile applications analyses to extract behavioral information necessary for effective policy enforcement and mobile malware mitigation techniques. The CopperDroid system allows to perform dynamic behavioral analysis of Android malware and presents a unified analysis to characterize low-level OS-specific and high-level Android-specific behaviors. MobSec explores research questions around the automatic, comprehensive, and faithful reconstruction of Android app behaviors, the reliable identification of behaviors triggered by malware embedded in benign applications, event-behavior attributions, and the simulation of complex UI interactions.
We are also concerned with the detection of malicious mobile applications, a particularly challenging task in the mobile landscape that largely sees malware repackaged (and embedded) in benign apps.
Publications
Lorenzo Cavallaro, Johannes Kinder, Feargus Pendlebury, and Fabio Pierazzi. Are Machine Learning Models for Malware Detection Ready for Prime Time? IEEE Secur. Priv., 21(2):53–56, 2023.
BibTeX URL PDF
@article{spmag23-mlmalware,
author = {Lorenzo Cavallaro and Johannes Kinder and Feargus Pendlebury and Fabio Pierazzi},
title = {Are Machine Learning Models for Malware Detection Ready for Prime Time?},
journal = {IEEE Secur. Priv.},
volume = {21},
number = {2},
pages = {53--56},
year = {2023},
doi = {10.1109/MSEC.2023.3236543},
url = {https://doi.org/10.1109/MSEC.2023.3236543}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In 28th USENIX Security Symposium (USENIX Security), pp. 729–746, USENIX Association, 2019.
BibTeX PDF
@inproceedings{usenixsecurity19-tesseract,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time},
booktitle = {28th USENIX Security Symposium (USENIX Security)},
pages = {729--746},
publisher = {USENIX Association},
year = {2019}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. Tech. rep. CoRR:abs/1807.07838, arXiv, 2018.
BibTeX URL
@techreport{tesseract-arxiv,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time},
number = {CoRR:abs/1807.07838},
year = {2018},
institution = {arXiv},
url = {https://arxiv.org/abs/1807.07838}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. Enabling Fair ML Evaluations for Security. In Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS), pp. 2264–2266, 2018.
BibTeX PDF
@inproceedings{ccs18poster,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {Enabling Fair ML Evaluations for Security},
booktitle = {Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS)},
pages = {2264--2266},
year = {2018},
doi = {10.1145/3243734.3278505}
}
Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY), pp. 309–320, ACM, 2017.
BibTeX PDF
@inproceedings{codaspy17-droidsieve,
author = {Guillermo Suarez-Tangil and Santanu Kumar Dash and Mansour Ahmadi and Johannes Kinder and Giorgio Giacinto and Lorenzo Cavallaro},
title = {DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware},
booktitle = {Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY)},
pages = {309--320},
publisher = {ACM},
year = {2017},
doi = {10.1145/3029806.3029825}
}
Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Barometer: Sizing Up Android Applications Through Statistical Evaluation. In 37th IEEE Symp. Security and Privacy (S&P), 2016. Poster.
BibTeX
@conference{sp16poster,
author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
title = {Barometer: Sizing Up Android Applications Through Statistical Evaluation},
booktitle = {37th IEEE Symp. Security and Privacy (S\&P)},
year = {2016},
note = {Poster}
}
Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST), pp. 252–261, 2016.
BibTeX PDF
@inproceedings{most16-droidscribe,
author = {Santanu Kumar Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro},
title = {DroidScribe: Classifying Android Malware Based on Runtime Behavior},
booktitle = {Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST)},
pages = {252--261},
year = {2016}
}
Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Set-based Classification of Android Malware from Behavioral Abstractions. In 24th USENIX Security Symp. (USENIX Security), August 2015. Poster.
BibTeX
@conference{usenix15poster,
author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
title = {Set-based Classification of Android Malware from Behavioral Abstractions},
booktitle = {24th USENIX Security Symp. (USENIX Security)},
year = {2015},
month = {August},
note = {Poster}
}