Chair of Programming Languages and AI
print
Breadcrumb Navigation
Content

MobSec: Malware and Security in the Mobile Age

Sponsored by EPSRC (EP/L022710/1) and a donation from Intel Security / McAfee Labs UK.

A main theme of the project are mobile applications analyses to extract behavioral information necessary for effective policy enforcement and mobile malware mitigation techniques. The CopperDroid system allows to perform dynamic behavioral analysis of Android malware and presents a unified analysis to characterize low-level OS-specific and high-level Android-specific behaviors. MobSec explores research questions around the automatic, comprehensive, and faithful reconstruction of Android app behaviors, the reliable identification of behaviors triggered by malware embedded in benign applications, event-behavior attributions, and the simulation of complex UI interactions.

We are also concerned with the detection of malicious mobile applications, a particularly challenging task in the mobile landscape that largely sees malware repackaged (and embedded) in benign apps.

Publications

Zeliang Kan, Shae McFadden, Daniel Arp, Feargus Pendlebury, Roberto Jordaney, Johannes Kinder, Fabio Pierazzi, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time (Extended Version). CoRR, abs/2402.01359:2024.
BibTeX URL

@article{tesseract-extended-arxiv,
  author       = {Zeliang Kan and
                  Shae McFadden and
                  Daniel Arp and
                  Feargus Pendlebury and
                  Roberto Jordaney and
                  Johannes Kinder and
                  Fabio Pierazzi and
                  Lorenzo Cavallaro},
  title        = {{TESSERACT:} Eliminating Experimental Bias in Malware Classification
                  across Space and Time (Extended Version)},
  journal      = {CoRR},
  volume       = {abs/2402.01359},
  year         = {2024},
  url          = {https://doi.org/10.48550/arXiv.2402.01359},
  doi          = {10.48550/ARXIV.2402.01359},
}

Lorenzo Cavallaro, Johannes Kinder, Feargus Pendlebury, and Fabio Pierazzi. Are Machine Learning Models for Malware Detection Ready for Prime Time? IEEE Secur. Priv., 21(2):53–56, 2023.
BibTeX URL PDF

@article{spmag23-mlmalware,
  author       = {Lorenzo Cavallaro and
                  Johannes Kinder and
                  Feargus Pendlebury and
                  Fabio Pierazzi},
  title        = {Are Machine Learning Models for Malware Detection Ready for Prime
                  Time?},
  journal      = {{IEEE} Secur. Priv.},
  volume       = {21},
  number       = {2},
  pages        = {53--56},
  year         = {2023},
  url          = {https://doi.org/10.1109/MSEC.2023.3236543},
  doi          = {10.1109/MSEC.2023.3236543},
}

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In 28th USENIX Security Symposium (USENIX Security), pp. 729–746, USENIX Association, 2019.
BibTeX PDF

@inproceedings{usenixsecurity19-tesseract,
  author    = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
  title     = {{TESSERACT}: Eliminating Experimental Bias in Malware Classification across Space and Time},
  booktitle = {28th USENIX Security Symposium (USENIX Security)},
  pages     = {729--746},
  year      = {2019},
  publisher = {USENIX Association},
}

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. Tech. rep. CoRR:abs/1807.07838, arXiv, 2018.
BibTeX URL

@techreport{tesseract-arxiv,
  author      = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
  title       = {{TESSERACT}: Eliminating Experimental Bias in Malware Classification across Space and Time},
  institution = {arXiv},
  number      = {CoRR:abs/1807.07838},
  year        = {2018},
  url         = {https://arxiv.org/abs/1807.07838},
}

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. Enabling Fair ML Evaluations for Security. In Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS), pp. 2264–2266, 2018.
BibTeX PDF

@inproceedings{ccs18poster,
  author    = {Feargus Pendlebury and
               Fabio Pierazzi and
               Roberto Jordaney and
               Johannes Kinder and
               Lorenzo Cavallaro},
  title     = {Enabling Fair {ML} Evaluations for Security},
  booktitle = {Proc. 2018 {ACM} {SIGSAC} Conf. Computer and
               Communications Security (CCS)},
  pages     = {2264--2266},
  year      = {2018},
  doi       = {10.1145/3243734.3278505},
}

Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY), pp. 309–320, ACM, 2017.
BibTeX PDF

@inproceedings{codaspy17-droidsieve,
  author    = {Guillermo Suarez-Tangil and Santanu Kumar Dash and Mansour Ahmadi and Johannes Kinder and Giorgio Giacinto and Lorenzo Cavallaro},
  title     = {{DroidSieve}: Fast and Accurate Classification of Obfuscated Android Malware},
  booktitle = {Proc. 7th ACM Conf. Data and Application Security
               and Privacy (CODASPY)},
  pages     = {309--320},
  publisher = {ACM},
  doi       = {10.1145/3029806.3029825},
  year      = {2017},
}

Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Barometer: Sizing Up Android Applications Through Statistical Evaluation. In 37th IEEE Symp. Security and Privacy (S&P), 2016. Poster.
BibTeX

@conference{sp16poster,
  author    = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
  title     = {Barometer: Sizing Up {Android} Applications Through Statistical Evaluation},
  booktitle = {37th IEEE Symp. Security and Privacy (S\&P)},
  note      = {Poster},
  year      = {2016},
}

Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST), pp. 252–261, 2016.
BibTeX PDF

@inproceedings{most16-droidscribe,
  author    = {Santanu Kumar Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and
            Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro},
  title     = {{DroidScribe}: Classifying Android Malware Based on Runtime Behavior},
  booktitle = {Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST)},
  year      = {2016},
  pages     = {252--261},
  rate      = {28},
}

Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Set-based Classification of Android Malware from Behavioral Abstractions. In 24th USENIX Security Symp. (USENIX Security), August 2015. Poster.
BibTeX

@conference{usenix15poster,
  author    = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
  title     = {Set-based Classification of Android Malware from Behavioral Abstractions},
  booktitle = {24th USENIX Security Symp. (USENIX Security)},
  note      = {Poster},
  month     = aug,
  year      = {2015},
}