Guangwu Hu

Android malware detection based on system call sequences and LSTM

As Android-based mobile devices become increasingly popular, malware detection on Android is very crucial nowadays. In this paper, a novel detection method based on deep learning is proposed to distinguish malware from trusted applications. Considering there is some semantic information in system call sequences as the natural language, we treat one system call sequence as a sentence in the language and construct a classifier based on the Long Short-Term Memory (LSTM) language model. In the classifier, at first two LSTM models are trained respectively by the system call sequences from malware and those from benign applications. Then according to these models, two similarity scores are computed. Finally, the classifier determines whether the application under analysis is malicious or trusted by the greater score. Thorough experiments show that our approach can achieve high efficiency and reach high recall of 96.6% with low false positive rate of 9.3%, which is better than the other methods.

Constrained Random Routing Mechanism for Source Privacy Protection in WSNs

In wireless sensor networks, it is a typical threat to source privacy that an attacker performs backtracing strategy to locate source nodes by analyzing transmission paths. With the popularity of the Internet of Things in recent years, source privacy protection has attracted a lot of attentions. In order to mitigate this threat, many proposals show their merits. However, they fail to get the tradeoff between multi-path transmission and transmission cost. In this paper, we propose a constrained random routing mechanism, which can constantly change routing next-hop instead of a relative fixed route so that attackers cannot analyze routing and trace back to source nodes. First, we design a specific selection domain which is located around the sending node according to the dangerous distance and the wireless communication range. Then sending nodes calculate the selected weights of the candidate nodes according to their offset angles in this domain. Finally, the selected weights help to decide which node will become the next hop. In this way, attackers would be confused by the constantly changing paths. The simulation results prove that our proposal can achieve high routing efficiency in multi-path transmission, while only introducing a controllable energy consumption, end-to-end delay and redundant paths.

Balancing User Profile and Social Network Structure for Anchor Link Inferring Across Multiple Online Social Networks

Along with the popularity of online social network (OSN), more and more OSN users tend to create their accounts in different OSN platforms. Under such circumstances, identifying the same user among different OSNs offers tremendous opportunities for many applications, such as user identification, migration patterns, influence estimation, and expert finding in social media. Different from existing solutions which employ user profile or social network structure alone, in this paper, we proposed a novel joint solution named MapMe, which takes both user profile and social network structure feature into account, so that it can adapt more OSNs with more accurate results. MapMe first calculates user similarity via profile features with the Doc2vec method. Then, it evaluates user similarity by analyzing user’s ego network features. Finally, the profile features and ego network features were combined to measure the similarity of the users. Consequently, MapMe balances the two similarity factors to achieve goals in different platforms and scenarios. Finally, experiments are conducted on the synthetic and real data sets, proving that MapMe outperforms the existing methods with 10% on average.

New deep learning method to detect code injection attacks on hybrid applications

Abstract Mobile phones are becoming increasingly pervasive. Among them, HTML5-based hybrid applications are more and more popular because of their portability on different systems. However these applications suffer from code injection attacks. In this paper, we construct a novel deep learning network, Hybrid Deep Learning Network (HDLN), and use it to detect these attacks. At first, based on our previous work, we extract more features from Abstract Syntax Tree (AST) of JavaScript and employ three methods to select key features. Then we get the feature vectors and train HDLN to distinguish vulnerable applications from normal ones. Finally thorough experiments are done to validate our methods. The results show our detection approach with HDLN achieves 97.55% in accuracy and 97.60% in AUC , which outperforms those with other traditional classifiers and gets higher average precision than other detection methods.