Jan Hendrik Clausen

Static Analysis of Executables for Collaborative Malware Detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Smartphone malware evolution revisited: Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. Android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform1. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

Link prediction on evolving data using tensor factorization

Within the last few years a lot of research has been done on large social and information networks. One of the principal challenges concerning complex networks is link prediction. Most link prediction algorithms are based on the underlying network structure in terms of traditional graph theory. In order to design efficient algorithms for large scale networks, researchers increasingly adapt methods from advanced matrix and tensor computations. This paper proposes a novel approach of link prediction for complex networks by means of multi-way tensors. In addition to structural data we furthermore consider temporal evolution of a network. Our approach applies the canonical Parafac decomposition to reduce tensor dimensionality and to retrieve latent trends. For the development and evaluation of our proposed link prediction algorithm we employed various popular datasets of online social networks like Facebook and Wikipedia. Our results show significant improvements for evolutionary networks in terms of prediction accuracy measured through mean average precision.

Optimization and early-warning in DSL access networks based on simulation

Network providers operate large DSL-based access networks to offer customers Broadband Internet. These networks are observed and managed by Performance Management Systems (PMS), that capture the actual situation to support network administration. In this regard, the administrator can cope with incidents such as link failures or congestion. We present an application for optimization and forecast of traffic distributions in DSL networks as an addition to an existing PMS. This application makes heavy use of simulation. In this way, we give a description of traffic models based on real network performance data reflecting: (I) individual subscribers and (II) an aggregated model for multiple subscribers. Then, we introduce the overall simulation approach based on the Network Security Simulator NeSSi2. The evaluation takes place by a use case for simulation-based verification of applied optimization strategies and a use case for continuous forecast to predict upcoming link congestion.