|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Analysis and Classification of Android Malware
Analysis and Classification of Android MalwareAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Alexander Vetterl. Mobile devices and their application marketplaces drive the entire economy of today’s mobile landscape. Android platforms alone have produced staggering revenues, exceeding five billion USD , which has attracted cybercriminals and increased malware in Android markets at an alarming rate. To better understand this slew of threats, in this talk I first introduce CopperDroid, an automatic VMI based dynamic analysis system to reconstruct the behaviors of Android malware, developed within the Systems Security Research Lab at Royal Holloway, University of London. The novelty of CopperDroid lies in its agnostic approach to identify interesting OS- and high-level Android-specific behaviors often expressed through complex inter-component interactions involving Android objects. CopperDroid’s analysis generates detailed behavioral profiles that abstract a large stream of low-level-often uninteresting-events into concise, high-level semantics, which is well-suited to provide insightful behavioral traits and open the possibility to further research directions. To this end, I then show our research efforts to investigate the efficacy of behavioral profiles of different abstractions to differentiate between families of Android malware. In addition, in a significant departure from traditional classification techniques, we further apply a statistical classification approach to include samples showing poor behavior counts and depict a means to achieve near-perfect accuracy by considering a prediction set of top few matches than a singular choice. Despite the promising results, malware evolves rapidly and it thus becomes hard-if not impossible-to generalize learning models to reflect future, previously-unseen behaviors. I conclude my talk by introducing Transcend, a framework to identify aging classification models in vivo during deployment, much before the machine learning model’s performance starts to degrade. Our approach uses a statistical comparison of samples seen during deployment with those used to train the model, thereby building metrics for prediction quality. I show how Transcend can be used to identify concept drift based on two separate case studies on Android and Windows malware, raising a red flag before the model starts making consistently poor decisions due to out-of-date training. Bio Lorenzo Cavallaro is a Reader (Associate Professor) of Information Security in the School of Mathematics and Information Security at Royal Holloway, University of London. In 2014, he established and is since leading the Systems Security Research Lab (S2Lab, http://s2lab.isg.rhul.ac.uk), whose underpinning research builds on program analysis and machine learning to address threats against the security of computing systems. Prior joining Royal Holloway, University of London in 2012 as a Lecturer (Assistant Professor), Lorenzo held Post-Doctoral (UC Santa Barbara, Vrije Universiteit Amsterdam) and visiting scholar (Stony Brook University) positions, as well as a PhD in Computer Science awarded from the University of Milan in 2008. He sits on the technical program committees of and has published in top-tier and well-known venues (e.g., ACM CCS , NDSS, IEEE TIFS , ACSAC, RAID , USENIX WOOT ) as well as being PI in a number of research projects primarily funded by the UK EPSRC , the EU, Royal Holloway, and McAfee. Lorenzo teaches Malicious Software (undergraduate) and Software Security (graduate), a passion he also nurtured through the participation to (e.g., DEF CON 2008 -09) and co-organization of (e.g., DIMVA 2011 , UCSB iCTF 2008-09, ISG Open Day 2016) CTF -like computer security exercises. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsBiophysical Techniques Lecture Series 2017 Sociology of Intellectuals Reading Group Seminar Sustainability Talks The Cambridge University Energy Network (CUEN) Cambridge Bibliographical Society Inference Group Journal ClubsOther talksThe MHC ligandome of two contagious cancers within the Tasmanian devil population, Devil Facial Tumour 1 and Devil Facial Tumour 2 Modular Algorithm Analysis Sustainability 101: how to frame it, change it and steer it Academic CV Workshop Synthetic Cellularity via Protocell Design of Soft Matter Interfaces |
Lorenzo Cavallaro, Information Security Group (ISG), Royal Holloway, University of London
Tuesday 10 October 2017, 14:00-15:00