retroac ve detec on of malware with applica ons to mobile
play

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms - PowerPoint PPT Presentation

Nov 13, 2023 •612 likes •790 views

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson KarlAnders Johansson FatSkunk 1 Market forecast for mobile More smartphones than PCs in 23 years Dominant pla@orms targeted 4G will fuel

  1. Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson Karl‐Anders Johansson FatSkunk 1

  2. Market forecast for mobile • More smartphones than PCs in 2‐3 years – Dominant pla@orms targeted • 4G will fuel apps and mobile Internet use – M‐commerce, M‐voJng, Parental Control, … • Phones are personal , have rich data – Social use makes users more vulnerable • Power limitaJons stymie AnJ Virus products – Power consumpJon increases with # threats • Likely big threats: – Bluetooth viruses, (piracy) trojans, social malware

  3. Trends: Faster, stealthier, smarter kits, recompilers, polymorphism malware oTen installs AV (limit compeJJon) produced by organized crime

  4. Contrast: What the consumer wants Freedom Undo

  5. What makes this challenging 1. Malware masquerades and deceives 2. Malware will not allow itself be erased 3. Malware can catch interrupts 4. Malware can edit system calls/responses 5. Malware is bad, will not cooperate

  6. Main principles • To block detecJon, malware must be ac2ve . • To be acJve, malware needs to be in RAM . • RAM is faster than flash and radio. 6

  7. monolith kernel 1. Swap out all programs (malware may refuse) cache RAM Contact markus@fatskunk.com for more details incl. improvements. 7

  8. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content(malware refuses again) cache RAM Contact markus@fatskunk.com for more details incl. improvements. 8

  9. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content(malware refuses again) cache RAM Contact markus@fatskunk.com for more details incl. improvements. 9

  10. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content (malware refuses again) 3. Compute keyed digest of all RAM cache (access order unknown a priori) RAM Contact markus@fatskunk.com for more details incl. improvements. 10

  11. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content (malware refuses again) 3. Compute keyed digest of all RAM cache (access order unknown a priori) RAM Contact markus@fatskunk.com for more details incl. improvements. 11

  12. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content (malware refuses again) 3. Compute keyed digest of all RAM cache (access order unknown a priori) External verifier provides this RAM Contact markus@fatskunk.com for more details incl. improvements. 12

  13. monolith kernel 1. Swap out all programs (malware may refuse) 2. Overwrite all “free” RAM pseudo‐random content (malware refuses again) 3. Compute keyed digest of all RAM cache (access order unknown a priori) External verifier will Jme this (and check result of computaJon) RAM Contact markus@fatskunk.com for more details incl. improvements. 13

  14. Adversary wants to replace the legiJmate monolith kernel F with a monolith funcJon F’ s.t. F'(x)=F(x) for all x, kernel running in same amount of Jme, where F and F’ do not hand 1. Swap out all programs over control to the same processes (malware may refuse) at the end of their execuJon. 2. Overwrite all “free” RAM pseudo‐random content (malware refuses again) 3. Compute keyed digest of all RAM cache AcJve malware agent can: (access order unknown a priori) 1. Send to flash (incurs delays) 2. Recompute contents (ow!) 3. Get external help (latency) 4. Do all correctly, then cause hand‐over to wrong process 5. Agree to die / get detected 1‐4 will fail RAM Contact markus@fatskunk.com for more details incl. improvements. 14

  15. Some details • Only requirement: know amount/type hardware • Full use of caching (instrucJon + data) • Strategy to maximize penalty for flash access • Two adversarial models: external aoacker or no • SIM card can be used as low‐latency Jmer Contact markus@fatskunk.com for more details incl. improvements. 15

  16. Some stats • Variant implemented ‐ takes <3s on 256MB, 600 MHz Android board • Speedup for mulJ‐core • Detects all acJve malware – retroacJvely • Provable security – no heurisJcs • Suitable for mobile pla@orms • Can be combined with a “secure rsync” Contact markus@fatskunk.com for more details incl. improvements. 16

Recommend

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S. Ocariza, Jr., Karthik PaAabiraman and Ali Mesbah University of British Columbia Most popular

504 views • 37 slides
Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel

Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel

Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel University of Colorado Denver Ins5tute of Informa5cs, Czech Academy of Sciences With Ivan Kasanick, Adam K. Kochanski, Sher Schranz, and Mar5n

1.05k views • 47 slides
Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali Mesbah 1 95% of all websites use JavaScript JavaScript The most popular language on both GitHub and StackOverflow for 4 years 2 Bugs abound

481 views • 35 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Ubiquitous and Mobile Computing CS 528: A Survey of Mobile Malware in the Wild Alex Fortier

Ubiquitous and Mobile Computing CS 528: A Survey of Mobile Malware in the Wild Alex Fortier

Ubiquitous and Mobile Computing CS 528: A Survey of Mobile Malware in the Wild Alex Fortier Computer Science Dept. Worcester Polytechnic Institute (WPI) What is mobile malware? Targeted at Android, iOS, Symbian (discontinued), Windows Phone

507 views • 17 slides
Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki

Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki

Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki Computer Science Dept. Worcester Polytechnic Institute (WPI) 1 Introduction Mobile Malware is fairly recent July 2004 Cabir virus came out on

487 views • 24 slides
WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted Steven Myers Indiana

WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted Steven Myers Indiana

WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted Steven Myers Indiana University Monday, April 4, 2011 MOBILE TO MOBILE MALWARE Bluetooth (Mabir/Cabir/Commwarrior) Vs. MMS (Mabir/Commwarrior) Symbian OS -- Dominant

338 views • 21 slides
Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Xcode 11.4 with iOS 13.4 and Swift 5.2 is here! Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University Instructor: Larry Holder Mobile Applica,on Development in iOS 1 Data Storage Already seen:

616 views • 37 slides
Experiences of of La Landing Machine Le Learning onto Market-Scale Mobile Malware Detection

Experiences of of La Landing Machine Le Learning onto Market-Scale Mobile Malware Detection

Experiences of of La Landing Machine Le Learning onto Market-Scale Mobile Malware Detection Liangyi Gong, Zhenhua Li, Feng Qian, Zifan Zhang, Qi Alfred Chen, Zhiyun Qian, Hao Lin, Yunhao Liu Mobile Malware Detection Android App Markets

424 views • 29 slides
Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect

Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect

Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect physics to detect undesirable routines Guy Stewart VP Engineering Fatskunk Inc. The Malware Problem The Malware Problem Trojans, Rootkits, the

455 views • 18 slides
Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

481 views • 30 slides
ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es PRESENTED BY SAI TEJ KANCHARLA Content Introduc,on Mo,va,on And Threat Model System Overview Invariant Detec,on Invariant

549 views • 26 slides
A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web Alexei Bulazel &amp; Blent Yener River Loop Security Rensselaer Polytechnic Institute (RPI) Introduction Automated dynamic malware analysis is

684 views • 33 slides
Why Protection against Viruses, Bots, and Worms is so hard Malware seen as Mobile Agents Till

Why Protection against Viruses, Bots, and Worms is so hard Malware seen as Mobile Agents Till

Foundations Security in MAS Conclusion Why Protection against Viruses, Bots, and Worms is so hard Malware seen as Mobile Agents Till Drges td@pre-secure.de PRESECURE Consulting GmbH June 20, 2007 Till Drges Protection Malware seen

739 views • 57 slides
Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng'

Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng'

Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng' MEIC/MERC'2015/16' ' ' Nuno'Santos' 1.#APPLICATION#COMPONENTS# Mobile'and'Ubiquitous'Compu,ng'2015/16' Android'Components'

704 views • 35 slides
FlowDroid Alex Mariakakis From CSE 501 again Motivation All sorts of mobile malware exist

FlowDroid Alex Mariakakis From CSE 501 again Motivation All sorts of mobile malware exist

FlowDroid Alex Mariakakis From CSE 501 again Motivation All sorts of mobile malware exist Selling user information to advertisement/ marketing companies Stealing user credentials Premium rate calls and SMS SMS spam

843 views • 17 slides
Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S

Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S

Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S systems Overview of S2S system architecture Modeling contextual informa(on in S2S

977 views • 75 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

570 views • 22 slides
Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H.

Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H.

Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrs Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University # AT&amp;T Labs Research Smart Phone

709 views • 28 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides

More recommend