By the analysis of vulnerabilities of Android native system services,we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server.The ...By the analysis of vulnerabilities of Android native system services,we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server.The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage.In this paper,we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy.Based on the above method,we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services.The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages,all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures(CVE)number(CVE-2020-0363).展开更多
Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with...Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with Adaptive thresholds for iNtelligent Android malware detection),a hybrid intelligent framework designed to mitigate concept drift without retraining.SCAN integrates Gaussian Mixture Models(GMMs)-based clustering with cluster-wise adaptive thresholding and supervised classifiers tailored to each cluster.A key challenge in clusteringbased malware detection is cluster-wise class imbalance,where clusters contain disproportionate distributions of benign and malicious samples.SCAN addresses this issue through adaptive thresholding,which dynamically adjusts the decision boundary of each cluster according to its malicious-to-benign ratio.In the final training stage,four supervised learning algorithms—Random Forest(RF),Support Vector Machine(SVM),k-NN,and XGBoost—are applied within the GMM-defined clusters.We train SCAN on Android applications collected from 2014-2017 and test it with applications from 2018-2023.Experimental results demonstrate that SCAN combined with RF consistently achieves superior performance,with both average accuracy and average F1-score exceeding 91%.These findings confirm SCAN’s robustness to concept drift and highlight its potential as a sustainable and intelligent solution for long-term Android malware detection in the real world.展开更多
Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,suc...Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,such as signature-based and heuristic techniques,often fail to detect new and polymorphic ransomware samples.To address this challenge,we employed various ensemble classifiers,such as Random Forest,Gradient Boosting,Bagging,and AutoML models.We aimed to showcase how AutoML can automate processes such as model selection,feature engineering,and hyperparameter optimization,to minimize manual effort while ensuring or enhancing performance compared to traditional approaches.We used this framework to test it with a publicly available dataset from the Kaggle repository,which contains features for Android ransomware network traffic.The dataset comprises 392,024 flow records,divided into eleven groups.There are ten classes for various ransomware types,including SVpeng,PornDroid,Koler,WannaLocker,and Lockerpin.There is also a class for regular traffic.We applied a three-step procedure to select themost relevant features:filter,wrapper,and embeddedmethods.The Bagging classifier was highly accurate,correctly getting 99.84%of the time.The FLAML AutoML framework was evenmore accurate,correctly getting 99.85%of the time.This is indicative of howwellAutoML performs in improving things with minimal human assistance.Our findings indicate that AutoML is an efficient,scalable,and flexible method to discover Android ransomware,and it will facilitate the development of next-generation intrusion detection systems.展开更多
ECG monitoring in daily life is an important means of treating heart disease. To make it easier for the medical to monitor the ECG of their patients outside the hospital, we designed and developed an ECG monitoring an...ECG monitoring in daily life is an important means of treating heart disease. To make it easier for the medical to monitor the ECG of their patients outside the hospital, we designed and developed an ECG monitoring and alarming system based on Android smart phone. In our system, an ECG device collects the ECG signal and transmits it to an Android phone. The Android phone detects alarms which come from the ECG devices. When alarms occur, Android phone will capture the ECG images and the details about the alarms, and sends them to the cloud Alarm Server (AS). Once received, AS push the messages to doctors’ phone, so the doctors could see the ECG images and alarm details on their mobile phone. In our system, high resolution ECG pictures are transmitted to doctors’ phone in a user-friendly way, which can help doctors keep track of their patient’s condition easily.展开更多
Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Androi...Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.展开更多
Mobile platform develops rapidly in recent years,with its performance and capacity increasing.A large number of virtual reality applications such as 3D simulation and visualization have appeared on mobile platform.How...Mobile platform develops rapidly in recent years,with its performance and capacity increasing.A large number of virtual reality applications such as 3D simulation and visualization have appeared on mobile platform.However,due to restrictions,such as the lack of computing resources and the limited network bandwidth,the virtual reality systems on mobile platform could not have comparable performance as their peers on desktop platform.Taking resource restrictions into consideration,trade-offs have been made regarding the display of virtual reality systems.We propose a unified network scheduling strategy based on asynchronous multi-thread,database cache,prioritization and elimination of overdue requests.This strategy has been tested on the prototype system of virtual reality system on Android.The results demonstrate higher network resource utilization and better user experience.展开更多
基金This work was supported by the National Key R&D Program of China(2023YFB3106800)the National Natural Science Foundation of China(Grant No.62072051).We are overwhelmed in all humbleness and gratefulness to acknowledge my depth to all those who have helped me to put these ideas.
文摘By the analysis of vulnerabilities of Android native system services,we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server.The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage.In this paper,we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy.Based on the above method,we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services.The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages,all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures(CVE)number(CVE-2020-0363).
基金supported in part by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(No.2021R1A2C2012574)in part by the IITP(Institute of Information&Communications Technology Planning&Evaluation)-ITRC(Information Technology Research Center)grant funded by the Korea government(Ministry of Science and ICT)(IITP-2025-RS-2023-00259967).
文摘Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with Adaptive thresholds for iNtelligent Android malware detection),a hybrid intelligent framework designed to mitigate concept drift without retraining.SCAN integrates Gaussian Mixture Models(GMMs)-based clustering with cluster-wise adaptive thresholding and supervised classifiers tailored to each cluster.A key challenge in clusteringbased malware detection is cluster-wise class imbalance,where clusters contain disproportionate distributions of benign and malicious samples.SCAN addresses this issue through adaptive thresholding,which dynamically adjusts the decision boundary of each cluster according to its malicious-to-benign ratio.In the final training stage,four supervised learning algorithms—Random Forest(RF),Support Vector Machine(SVM),k-NN,and XGBoost—are applied within the GMM-defined clusters.We train SCAN on Android applications collected from 2014-2017 and test it with applications from 2018-2023.Experimental results demonstrate that SCAN combined with RF consistently achieves superior performance,with both average accuracy and average F1-score exceeding 91%.These findings confirm SCAN’s robustness to concept drift and highlight its potential as a sustainable and intelligent solution for long-term Android malware detection in the real world.
基金supported through theOngoing Research Funding Program(ORF-2025-498),King Saud University,Riyadh,Saudi Arabia.
文摘Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,such as signature-based and heuristic techniques,often fail to detect new and polymorphic ransomware samples.To address this challenge,we employed various ensemble classifiers,such as Random Forest,Gradient Boosting,Bagging,and AutoML models.We aimed to showcase how AutoML can automate processes such as model selection,feature engineering,and hyperparameter optimization,to minimize manual effort while ensuring or enhancing performance compared to traditional approaches.We used this framework to test it with a publicly available dataset from the Kaggle repository,which contains features for Android ransomware network traffic.The dataset comprises 392,024 flow records,divided into eleven groups.There are ten classes for various ransomware types,including SVpeng,PornDroid,Koler,WannaLocker,and Lockerpin.There is also a class for regular traffic.We applied a three-step procedure to select themost relevant features:filter,wrapper,and embeddedmethods.The Bagging classifier was highly accurate,correctly getting 99.84%of the time.The FLAML AutoML framework was evenmore accurate,correctly getting 99.85%of the time.This is indicative of howwellAutoML performs in improving things with minimal human assistance.Our findings indicate that AutoML is an efficient,scalable,and flexible method to discover Android ransomware,and it will facilitate the development of next-generation intrusion detection systems.
文摘ECG monitoring in daily life is an important means of treating heart disease. To make it easier for the medical to monitor the ECG of their patients outside the hospital, we designed and developed an ECG monitoring and alarming system based on Android smart phone. In our system, an ECG device collects the ECG signal and transmits it to an Android phone. The Android phone detects alarms which come from the ECG devices. When alarms occur, Android phone will capture the ECG images and the details about the alarms, and sends them to the cloud Alarm Server (AS). Once received, AS push the messages to doctors’ phone, so the doctors could see the ECG images and alarm details on their mobile phone. In our system, high resolution ECG pictures are transmitted to doctors’ phone in a user-friendly way, which can help doctors keep track of their patient’s condition easily.
基金supported by National Natural Science Foundation of China(61370195)ZTE Industry-Academia-Research Cooperation Funds
文摘Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.
基金Supported by National Natural Science Foundation of China(Nos.61472010 and 61421062)National Key Technology Support Program(No.2013BAK03B07)+2 种基金National Key Technology R&D Program(2015BAK01B06)Shenzhen Gov Projects(JCYJ20130331144416448)Public Science and Technology Research Funds Projects of Ocean(201505014-3)
文摘Mobile platform develops rapidly in recent years,with its performance and capacity increasing.A large number of virtual reality applications such as 3D simulation and visualization have appeared on mobile platform.However,due to restrictions,such as the lack of computing resources and the limited network bandwidth,the virtual reality systems on mobile platform could not have comparable performance as their peers on desktop platform.Taking resource restrictions into consideration,trade-offs have been made regarding the display of virtual reality systems.We propose a unified network scheduling strategy based on asynchronous multi-thread,database cache,prioritization and elimination of overdue requests.This strategy has been tested on the prototype system of virtual reality system on Android.The results demonstrate higher network resource utilization and better user experience.
