Sahin Albayrak

An Android Application Sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Googles Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Static Analysis of Executables for Collaborative Malware Detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Agent-based telematic services and telecom applications

he telecommunications market is expanding rapidly and players in that market are facing increasingly stiff competition. The key to commercial success in the telecommunications market will be the provisioning of adequate services, the focus shifting from a purely technological one to one of convenience and usefulness. An important prerequisite is the effective management of basic telecommunications infrastructure supporting the rapid deployment of new services. These future services will determine the market shares to be gained. Not only must their time to market be reduced, but also other requirements need to be fulfilled, for example, dynamic service development and configuration. Due to a demand for permanent availability the motto to be followed is “information anywhere, anytime.” Service maintenance must not interfere with continuous service usage; future services must allow for personalization, meet security demands, and provide management functionality. Furthermore, asynchronous service usage has to be supported as well as demand-driven service combination and integration. Not the least, services must allow for access independent of specific technologies and terminal equipment. Next to the technical requirements, new business models must be developed reflecting the fact that various actors in new roles, for example, content provider or application service provider, will need to cooperate and coordinate in order to provide these future services. Companies will provide integrated solutions with their own and third-party services being bundled on their platforms. These platforms will realize required infrastructure functionality and enable various means of access by addressing influencing factors and developments of the future telecommunications market such as consumer devices (mobile phones, Internet phones, PDAs), networks (GPRS, UMTS), languages and software technologies (Java, Jini), consumer demands and trends like convenience of use, mobility, and ubiquitous computing. Each role participating in the future telecommunications world will have specific requirements to such service platforms. These demands differ in the extent of infrastructure being needed for service usage and provisioning, according to different necessities regarding aspects such as security, personalization, asynchronous usage, mobility, device-independency, and supporting tools.

I tag, you tag: translating tags for advanced user models

Collaborative tagging services (folksonomies) have been among the stars of the Web 2.0 era. They allow their users to label diverse resources with freely chosen keywords (tags). Our studies of two real-world folksonomies unveil that individual users develop highly personalized vocabularies of tags. While these meet individual needs and preferences, the considerable differences between personal tag vocabularies (personomies) impede services such as social search or customized tag recommendation. In this paper, we introduce a novel user-centric tag model that allows us to derive mappings between personal tag vocabularies and the corresponding folksonomies. Using these mappings, we can infer the meaning of user-assigned tags and can predict choices of tags a user may want to assign to new items. Furthermore, our translational approach helps in reducing common problems related to tag ambiguity, synonymous tags, or multilingualism. We evaluate the applicability of our method in tag recommendation and tag-based social search. Extensive experiments show that our translational model improves the prediction accuracy in both scenarios.

Smartphone malware evolution revisited: Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. Android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform1. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

ECG Arrhythmias Recognition System Based on Independent Component Analysis Feature Extraction

Automatic recognition of cardiac arrhythmias is important for diagnosis of cardiac abnormalities. This paper presents a new approach to classification ECG signals based on feature extraction to diagnose heartbeat irregularities. We introduce the independent component analysis (ICA) feature extraction method and propose an over-complete feature extraction method combining ICA basis functions coefficients and wavelet transform coefficients. A set of relevant features are selected from the entire overcomplete features using a relevant feature selection method. The selected features are used to trained a support vector machine classifier to recognize different heartbeat arrhythmias. From computer simulations, the proposed method yields a more satisfactory classification results on the MIT-BIH arrhythmia database than the other existing methods, reaching an overall accuracy of 98.65%

The link prediction problem in bipartite networks

We define and study the link prediction problem in bipartite networks, specializing general link prediction algorithms to the bipartite case. In a graph, a link prediction function of two vertices denotes the similarity or proximity of the vertices. Common link prediction functions for general graphs are defined using paths of length two between two nodes. Since in a bipartite graph adjacency vertices can only be connected by paths of odd lengths, these functions do not apply to bipartite graphs. Instead, a certain class of graph kernels (spectral transformation kernels) can be generalized to bipartite graphs when the positive-semidefinite kernel constraint is relaxed. This generalization is realized by the odd component of the underlying spectral transformation. This construction leads to several new link prediction pseudokernels such as the matrix hyperbolic sine, which we examine for rating graphs, authorship graphs, folksonomies, document-feature networks and other types of bipartite networks.

An agent-based approach for privacy-preserving recommender systems

Recommender Systems are used in various domains to generate personalized information based on personal user data. The ability to preserve the privacy of all participants is an essential requirement of the underlying Information Filtering architectures, because the deployed Recommender Systems have to be accepted by privacy-aware users as well as information and service providers. Existing approaches neglect to address privacy in this multilateral way. We have developed an approach for privacy-preserving Recommender Systems based on Multiagent System technology which enables applications to generate recommendations via various filtering techniques while preserving the privacy of all participants. We describe the main modules of our solution as well as an application we have implemented based on this approach.

Bridging models and systems at runtime to build adaptive user interfaces

Adapting applications and user interfaces at runtime requires a deeper understanding of the underlying design. Models formalize this design, express the underlying concepts and make them accessible to machines. In our work we utilize runtime models to reflect the state of the interactive system (its UI respectively) and to change its underlying configuration. So called executable models combine design information, runtime state, and execution logic. From the perspective of adaptive UIs this allows the dynamic reconfiguration of UIs according to design information and the current state of the application at runtime. Dedicated elements of the model create a causal interconnection between model and user interface and facilitate a continuous information exchange between the two. This creates a feedback loop between model and UI where external stimulations influence the model execution and where projections to the outside allow the dynamic alteration of user interfaces.

Application-level Simulation for Network Security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.