This thesis presents machine-learning based malware detection and post-detection rewriting techniques for mobile and web security problems. In mobile malware detection, we focus on detecting repackaged mobile malware. We design and demonstrate an Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. We describe how flow- and sink-based risk prioritization improves the rewriting scalability. We build an interface prototype with natural language processing, in order to customize apps according to natural language inputs. In web malware detection for Iframe injection, we present a tag-level detection system that aims to detect the injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning algorithms. We design multiple contextual features, considering Iframe style, destination and context properties. / Ph. D. / Our computing systems are vulnerable to different kinds of attacks. Cyber security analysis has been a problem ever since the appearance of telecommunication and electronic computers. In the recent years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs. However, new challenges are emerging as for the mobile security and web security. Mobile malware is on the rise and threatens both data and system integrity in Android. Furthermore, web-based iframe attack is also extensively used by web hackers to distribute malicious content after compromising vulnerable sites.
This thesis presents on malware detection and post-detection rewriting for both mobile and web security. In mobile malware detection, we focus on detecting repackaged mobile malware. We propose a new Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. Our rewriting is based on the flow and sink risk prioritization. To increase the feasibility of rewriting, our work showcases a new application of app customization with a more friendly user interface. In web malware detection for Iframe injection, we developed a tag-level detection system which aims to detect injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning. We design multiple contextual features, considering Iframe style, destination and context properties.
| Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/85013 |
| Date | 13 September 2018 |
| Creators | Tian, Ke |
| Contributors | Computer Science, Yao, Danfeng (Daphne), Tan, Gang, Ramakrishnan, Naren, Meng, Na, Ryder, Barbara G. |
| Publisher | Virginia Tech |
| Source Sets | Virginia Tech Theses and Dissertation |
| Detected Language | English |
| Type | Dissertation |
| Format | ETD, application/pdf |
| Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.002 seconds