Jiqiang Liu

A Two-Layered Permission-Based Android Malware Detection Scheme

Android platform has become the main target of the malware developers in the past few years. One of Androids main defense mechanisms against malicious apps is a permission-based access control mechanism. It is a feasible approach to detect a potential malicious application based on the permissions it requested. In this paper, we proposed a two-layered permission based detection scheme for detecting malicious Android applications. Comparing with previous researches, we consider the apps requested permission pairs as the additional condition, and we also consider used permissions to improve detection accuracy. The result of an evaluation, performed using 28548 benign apps and 1536 malicious apps, indicates that a two-layered permission-based detector has high detection rate of malware.

Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation

Attribute-based encryption (ABE) enables an access control mechanism by specifying access control policies among decryption keys and ciphertexts. In this paper, we propose a novel ABE variant, dubbed directly revocable key-policyABEwith verifiable ciphertext delegation (drvuKPABE), which supports direct revocation and verifiable ciphertext delegation. The drvuKPABE offers the following features which are promising in the data sharing applications: (1) it allows the trusted authority to revoke users by solely updating the revocation list while mitigating the interaction with non-revoked users, which is unlikely to indirectly revokable ABE; (2) it allows the third party to update ciphertexts with public information so that those non-revoked users cannot decrypt them; and (3) it enables any auditor (authorized by data owners) to verify whether the untrusted third party updated ciphertexts correctly or not. We formalize the syntax and security properties for drvuKPABE, and propose the construction based on the multilinear maps. Our solution attains the security properties under the ( d + 3 ) -Multilinear Decisional Diffie-Hellman assumption in the random oracle model.

Reducing power consumption in embedding virtual infrastructures

Network virtualization is considered to be not only an enabler to overcome the inflexibility of the current Internet infrastructure but also an enabler to achieve an energy-efficient Future Internet. Virtual network embedding (VNE) is a critical issue in network virtualization technology. This paper explores a joint power-aware node and link resource allocation approach to handle the VNE problem with the objective of minimizing energy consumption. We first present a generalized power consumption model of embedding a VN. Then we formulate the problem as a mixed integer program and propose embedding algorithms. Simulation results demonstrate that the proposed algorithms perform better than the existing algorithms in terms of the power consumption in the overprovisioned scenarios.

Green cloud virtual network provisioning based ant colony optimization

Network virtualization is being regarded as a promising technology to create an ecosystem for cloud computing applications. One critical issue in network virtualization technology is power-efficient virtual network embedding (PE-VNE), which deals with the physical resource allocation to virtual nodes and links of a virtual network while minimizing the energy consumption in the cloud data center. When the node and link constraints (including CPU, memory, network bandwidth, and network delay) are both taken into account, the VN embedding problem is NP-hard, even in the offline case. This paper aims to investigate the ability of the Ant-Colony-Optimization (ACO) technique in handling PE-VNE problem. We propose an ACO-based heuristic PE-VNE algorithm, called E-ACO. E-ACO minimizes the energy consumption by considering the embedding power consumption in the node mapping phase and by making an implicit coordination between the node and link mapping phases. Extensive simulations are conducted to evaluate the performance of the proposed algorithm and investigate different energy-aware link embedding algorithms on the ability of E-ACO.

Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers

Android platform has dominated the markets of smart mobile devices in recent years. The number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android platform has also become the primary target of attackers. The management of the explosively expansive app markets has thus become an important issue. On the one hand, it requires effectively detecting malicious applications (malapps) in order to keep the malapps out of the app market. On the other hand, it needs to automatically categorize a big number of benign apps so as to ease the management, such as correcting an apps category falsely designated by the app developer. In this work, we propose a framework to effectively and efficiently manage a big app market in terms of detecting malapps and categorizing benign apps. We extract 11 types of static features from each app to characterize the behaviors of the app, and employ the ensemble of multiple classifiers, namely, Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Naive Bayes (NB), Classification and Regression Tree (CART) and Random Forest (RF), to detect malapps and to categorize benign apps. An alarm will be triggered if an app is identified as malicious. Otherwise, the benign app will be identified as a specific category. We evaluate the framework on a large app set consisting of 107,327 benign apps as well as 8,701 malapps. The experimental results show that our method achieves the accuracy of 99.39% in the detection of malapps and achieves the best accuracy of 82.93% in the categorization of benign apps. First work to provide a complete solution for automated categorization of apps.Extract 23,74,340 features from each APK file.Use ensemble of multiple classifiers to improve the detection accuracy.Use large data sets containing 107,327 benign apps and 8701 malapps for testing.Reach detection accuracy as 99.39% and categorization accuracy as 82.93%.

Cost-Effective Traffic Assignment for Multipath Routing in Selfish Networks

Multipath routing has long been studied as an important routing strategy in networks. Many multipath routing protocols schedule traffic among multiple paths in order to distribute traffic load. However, existing multipath routing protocols with traffic assignment require that all nodes in the network follow the protocol, which may not always be a valid assumption when the network consists of selfish nodes. In this paper, we propose a traffic assignment scheme to deal with the selfish behavior, which is proved to be strategy-proof. Under our scheme, behaving cooperatively is to the best interest of every node. Extensive evaluations are carried out to show that our scheme has good performance.

Abstracting massive data for lightweight intrusion detection in computer networks

Abstract Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional k-means, are employed to find the exemplars from the audit data. k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD’99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.

Embedding Virtual Infrastructure Based on Genetic Algorithm

The virtual network embedding (VNE) problem deals with the embedding of virtual network (VN) requests in an underlying physical (substrate network) infrastructure. When both the node and link constraints are considered, the VN embedding problem is NP-hard, even in the offline case. The genetic algorithm (GA) is an excellent approach to solving complex problems in optimization with difficult constraints. This paper explores applying GA to handle the VNE problem. We propose two GA-based VNE algorithms and evaluate them by comparing with the existing state-of-the-art VNE algorithms, including PSO-based VNE approaches. Extensive simulation results validate the capability of the proposed GA-based VNE algorithms in terms of the InP long-term revenue and the VN embedding cost.

Towards Robust Green Virtual Cloud Data Center Provisioning

Cloud data center (CDC) network virtualization is being regarded as a promising technology to provide performance guarantee for cloud computing applications. One critical issue in CDC network virtualization technology is virtual data center (VDC) embedding, which deals with the CDC physical resource allocation to virtual nodes (virtual switches and virtual servers) and virtual links of a VDC. When node and link constraints (including CPU, memory, network bandwidth, and network delay) are both taken into account, the VDC embedding problem is NP-hard, even in the offline case. Node heterogeneity and CDC network scale bring challenges to the VDC embedding. This paper aims to embed a VDC in a robust and green way. We propose two effective, computation-efficient and energy-efficient embedding algorithms. Extensive simulations under various network scales and topologies are carried out to compare the proposed algorithms with the existing VDC embedding algorithms in terms of the VDC acceptance ratio, the long-term revenue of the cloud service provider (CSP), the CDC’s long-term energy consumption in light-load CDCs, and in terms of CSPs long-term revenue in heavy-load CDCs.

Characterizing Android apps’ behavior for effective detection of malapps at large scale

Abstract Android malicious applications (malapps) have surged and been sophisticated, posing a great threat to users. How to characterize, understand and detect Android malapps at a large scale is thus a big challenge. In this work, we are motivated to discover the discriminatory and persistent features extracted from Android APK files for automated malapp detection at a large scale. To achieve this goal, firstly we extract a very large number of features from each app and categorize the features into two groups, namely, app-specific features as well as platform-defined features. These feature sets will then be fed into four classifiers (i.e., Logistic Regression, linear SVM, Decision Tree and Random Forest) for the detection of malapps. Secondly, we evaluate the persistence of app-specific and platform-defined features on classification performance with two data sets collected in different time periods. Thirdly, we comprehensively analyze the relevant features selected by Logistic Regression classifier to identify the contributions of each feature set. We conduct extensive experiments on large real-world app sets consisting of 213,256 benign apps collected from six app markets, 4,363 benign apps from Google Play market, and 18,363 malapps. The experimental results and our analysis give insights regarding what discriminatory features are most effective to characterize malapps for building an effective and efficient malapp detection system. With the selected discriminatory features, the Logistic Regression classifier yields the best true positive rate as 96% with a false positive rate as 0.06%.