Lidong Zhai

Research of android malware detection based on network traffic monitoring

With Android terminal into the life of people, the spread of Android malware seriously affected peoples life. As a result of the Android security flaws, attackers can easily collect private information of users, and the information can be utilized in APT attacks. It is not only a threat to the end user, but also poses a threat to industrial control systems and mobile Internet. In this paper, we propose a network traffic monitoring system used in the detection of Android malware. The system consists of four components: traffic monitoring, traffic anomaly recognition, response processing and cloud storage. The system parses the protocol of data packets and extracts the feature data, then use SVM classification algorithm for data classification, determine whether the network traffic is abnormal, and locate the application that produced abnormal through the correlation analysis. The system not only can automatic response and process the malicious software, but also can generate new security policy from existing information and training data; When training data is reaching a certain amount, it will trigger a new round of training to improve the ability of detection. Finally, we experiment on the system, the experimental results show that our system can effectively detect the Android malware and control the application.

Detection of Android Malicious Apps Based on the Sensitive Behaviors

The number of malicious applications (apps) targeting the Android system has exploded in recent years. The evolution of malware makes it difficult to detect for static analysis tools. Various behavior-based malware detection techniques to mitigate this problem have been proposed. The drawbacks of the existing approaches are: the behavior features extracted from a single source lead to the low detection accuracy and the detection process is too complex. Especially it is unsuitable for smart phones with limited computing power. In this paper, we extract sensitive behavior features from three sources: API calls, native code dynamic execution, and system calls. We propose a sensitive behavior feature vector for representation multi-source behavior features uniformly. Our sensitive behavior representation is able to automatically describe the low-level OS-specific behaviors and high-level application-specific behaviors of an Android malware. Based on the unified behavior feature representation, w e provide a light weight decision function to differentiate a given application benign or malicious. We tested the effectiveness of our approach against real malware and the results of our experiments show that its detection accuracy up to 96% with acceptable performance overhead. For a given threshold t (t=9), we can detect the advanced malware family effectively.

Sinkhole Attack Detection based on Redundancy Mechanism in Wireless Sensor Networks

Abstract Wireless sensor networkshas a bright future because of its low-cost, save-power, and easy implementation .etc. However, its security problems have become hot research topics in many applications. Sinkhole attack is just one of frequently encountered security problems, which is easily combined with other attacks to cause more damage. In order to prevent sinkhole attack, we do some research on it, and one way to detect the sinkhole attack based on the redundancy mechanism is proposed in this paper. For the suspicious nodes, messages are sent to them through multi-paths. By evaluating the replied comprehensively, the attacked nodes are finally confirmed. Lastly, a simulation is performed to test the effectiveness of the method. And the simulation shows that the approach could work to some extent.

A Game Model for Predicting the Attack Path of APT

As a major threat today, how to defense against APT (advanced persistent attack) effectively becomes a major issue for network security. APT is a combination of past attacks, not a new one. Its different from any one of previous attacks. Predicting the attack path of APT exactly would be a breakthrough for the future defense in Internet of things. Firstly, the paper proposes classifications of attack and defense for game model from the perspective of game theory. Then, we present the OAPG model, which uses attack path of APT as the attackers strategy. Finally, according to the Nash equilibrium, we compute the optimal attack path for the attacker and best-response strategies for the defender.

Research of Intrusion Detection System on Android

In this paper, we proposed an intrusion detection system for detecting anomaly on Android smartphones. The intrusion detection system continuously monitors and collects the information of smartphone under normal conditions and attack state. It extracts various features obtained from the Android system, such as the network traffic of smartphones, battery consumption, CPU usage, the amount of running processes and so on. Then, it applies Bayes Classifying Algorithm to determine whether there is an invasion. In order to further analyze the Android system abnormalities and locate malicious software, along with system state monitoring the intrusion detection system monitors the process and network flow of the smartphone. Finally, experiments on the system which was designed in this paper have been carried out. Empirical results suggest that the proposed intrusion detection system is effective in detecting anomaly on Android smartphones.

Control Method of Twitter- and SMS-Based Mobile Botnet

Along with the rapid development of mobile network, the botnet is shifting from traditional network to mobile one. The mobile botnet has already become a focus of future internet security. With wide application of twitter and with its characteristics of real-time, asynchronous and loose coupling communication, the mobile internet becomes a more controllable and more concealed information platform carrier for the mobile botnet. Communication quality of the mobile network SMS service is stable with independent of the communication mechanism. SMS services can provide a stable and robust communication environment for mobile botnet. This paper puts forward a mobile botnet based upon twitter and SMS control. Based on this, the author puts forward two common algorithm for network topologies according to real application environment, and with simulation analysis, the author proves the twitter- and SMS-control-based mobile botnet is superior with its invisibility, robustness and flexibility.

A WORD POSITION-RELATED LDA MODEL

LDA (Latent Dirichlet Allocation) proposed by Blei is a generative probabilistic model of a corpus, where documents are represented as random mixtures over latent topics, and each topic is characterized by a distribution over words, but not the attributes of word positions of every document in the corpus. In this paper, a Word Position-Related LDA Model is proposed taking into account the attributes of word positions of every document in the corpus, where each word is characterized by a distribution over word positions. At the same time, the precision of the topic-words interpretability is improved by integrating the distribution of the word-position and the appropriate word degree, taking into account the different word degree in the different word positions. Finally, a new method, a size-aware word intrusion method is proposed to improve the ability of the topic-words interpretability. Experimental results on the NIPS corpus show that the Word Position-Related LDA Model can improve the precision of the topic-words interpretability. And the average improvement of the precision in the topic-words interpretability is about 9.67%. Also, the size-aware word intrusion method can interpret the topic-words semantic information more comprehensively and more effectively through comparing the different experimental data.

A spatial correlation-based wireless routing algorithm

In this paper, a wireless routing algorithm based on spatial correlation- BSC-RA was proposed. According to the spatial correlation of nodes in wireless sensor networks and the residual power of each node, this algorithm selects the cluster-heads. These cluster-head nodes broadcast their status to other nodes in the network. Each node determines to which cluster it wants to belong and join in it. Then, data acquired by nodes is aggregated by each cluster-head and transmitted to the base station. Simulate result shows that our algorithm is able to distribute energy dissipation evenly throughout the sensor nodes, effectively prolonging the lifetime of the whole network.

Research on Redundant Channel Model Based on Spatial Correlation in IOT

With the widely discussion of IOT (Internet of Things) in many applications recently, more and more attentions have been paid to the security of its security. In this paper, we present a redundant channel model based on spatial correlation in IOT. The proposed model is mainly for attacks which could increase the traffic of the network such as DDos. Firstly, redundant channel is introduced systematically, including the spatial correlation. Then, a control mechanism is put forward for the model. A Matlab simulation is performed to test the availability of the model at last. And the results verify that this model is feasible to a certain degree.

Analysis of Public Sentiment Based on SMS Content

Short message has become to one of the most important communication manners of our daily life. There may be some hot topics contained in short messages differing with the internet. In this paper, we present a method of analysis of public sentiment based on SMS (short message serves) content. The process of discovering short message public sentiment is introduced systematically. After a serial of preprocessing, obtained original data of short message are then used for text mining. We adopt the text mining technique based on the frequent pattern tree, aiming to find some hot topic information from the SMS content, to observe the public sentiment. Experiments show that this method is feasible to a certain degree.