共查询到20条相似文献,搜索用时 93 毫秒
1.
Network covert channels are policy-breaking and stealthy communication channels in computer networks. These channels can be used to bypass Internet censorship, to exfiltrate data without raising attention, to allow a safe and stealthy communication for members of political oppositions and for spies, to hide the communication of military units at the battlefield from the enemy, and to provide stealthy communication for today’s malware, especially for botnets. To enhance network covert channels, researchers started to add protocol headers, so-called micro-protocols, to hidden payload in covert channels. Such protocol headers enable fundamental features such as reliability, dynamic routing, proxy capabilities, simultaneous connections, or session management for network covert channels—features which enrich future botnet communications to become more adaptive and more stealthy than nowadays. In this survey, we provide the first overview and categorization of existing micro-protocols. We compare micro-protocol features and present currently uncovered research directions for these protocols. Afterwards, we discuss the significance and the existing means for micro-protocol engineering. Based on our findings, we propose further research directions for micro-protocols. These features include to introduce multi-layer protocol stacks, peer auto-configuration, and peer group communication based on micro-protocols, as well as to develop protocol translation in order to achieve inter-connectivity for currently separated overlay networks. 相似文献
2.
DongQingkuan ChenYuan XiaoGuozhen 《电子科学学刊(英文版)》2004,21(6):467-470
Two types of new subliminal channels are constructed respectively based on provable secure public key cryptosystems and identity recognition in some network applications. Research shows that there are some new characteristics which are in favor of covert communication in our constructions. It is hard to make the subliminal channels free, and the channels have large capacity and high transmission efficiency. We also point out that the hardness to make the channels free is disadvantageous to the warden who tries to thwart the covert communication. 相似文献
3.
As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection. 相似文献
4.
在理想条件下,MIMO雷达分集路径完全独立;而在实际工程中,空间分集路径总是不完全独立,即存在一定的相关性。文章研究了相关路径下Fishler检测器的检测性能及该条件下系统的最优检测性能,分析了Fishler检测器和最优检测器的信号处理方式的本质区别。理论分析和数值仿真证明Fishler检测器可作为空间分集MIMO雷达系统工程实用的次优检测器。 相似文献
5.
6.
Telvis E. Calhoun Xiaojun Cao Yingshu Li Raheem Beyah 《Wireless Communications and Mobile Computing》2012,12(5):393-405
For extremely sensitive applications, it may be advantageous for users to transmit certain types of data covertly over the network. This provides an additional layer of security to that provided by the different layers of the protocol stack. In this paper we present a covert side channel that uses the 802.11 MAC rate switching protocol. The covert channel provides a general method to hide communications within currently deployed 802.11 LANs. The technique uses a one‐time password (OTP) algorithm to ensure high‐entropy randomness of the covert messages. We investigate how the covert side channel affects network throughput under various rate‐switching conditions with UDP‐based and TCP‐based application traffic. We also investigate the covertness of the covert side channel using standardized entropy. The theoretical analysis shows that the maximum covert channel bandwidth is 60 bps. The simulation results show that the impact on network throughput is minimal and increases slightly as the covert channel bandwidth increases. We further show that the channel has 100% accuracy with minimal impact on rate switching entropy for scenarios where rate switching normally occurs. Finally, we present two applications for the covert channel: covert authentication and covert WiFi botnets. Copyright © 2010 John Wiley & Sons, Ltd. 相似文献
7.
8.
Android is currently leading the smartphone segment in terms of market share since its introduction in 2007. Android applications are written in Java using an API designed for mobile apps. Other smartphone platforms, such as Apple’s iOS or Microsoft’s Windows Phone 7, differ greatly in their native application programming model. App developers who want to publish their applications for different platforms are required to re-implement the application using the respective native SDK. In this paper we describe a cross-compilation approach, whereby Android applications are cross-compiled to C for iOS and to C# for Windows Phone 7. We describe different aspects of our cross-compiler, from byte code level cross-compilation to API mapping. A prototype of our cross-compiler called XMLVM is available under an Open Source license. 相似文献
9.
本文针对Android应用中普遍存在的用户隐私窃取问题,提出了基于行为链的应用隐私窃取行为检测方法,该方法能细粒度地定位Android应用中存在的信息泄露源和信息泄露点,利用WxShall算法快速计算信息泄漏源和信息泄露点之间的可达性,自动化地追踪Android应用中存在的隐私信息传递路径,实现了对Android应用中隐私窃取行为的完整检测和分析.对1259款应用检测结果表明,本方法正确性超过95.1%,算法复杂度仅为WarShall算法的5.45%,检测效果优于Androgurad 和Kirin. 相似文献
10.
In order to effectively identify the multiple types of DNS covert channels,the implementation of different sorts of DNS covert channel software was studied,and a detection based on the improved convolutional neural network was proposed.The experimental results,grounded upon the campus network traffic,show that the detection can identify twenty-two kinds of data interaction modes of DNS covert channels and is able to identify the unknown DNS covert channel traffic.The proposed method outperforms the existing methods. 相似文献
11.
12.
Xiaoxiao Ma Bo Yan Guanling Chen Chunhui Zhang Ke Huang Jill Drury Linzhang Wang 《Mobile Networks and Applications》2013,18(1):81-97
The usability of mobile applications is critical for their adoption because of the relatively small screen and awkward (sometimes virtual) keyboard, despite the recent advances of smartphones. Traditional laboratory-based usability testing is often tedious, expensive, and does not reflect real use cases. In this paper, we propose a toolkit that embeds into mobile applications the ability to automatically collect user interface (UI) events as the user interacts with the applications. The events are fine-grained and useful for quantified usability analysis. We have implemented the toolkit on Android devices and we evaluated the toolkit with a real deployed Android application by comparing event analysis (state-machine based) with traditional laboratory testing (expert based). The results show that our toolkit is effective at capturing detailed UI events for accurate usability analysis. 相似文献
13.
针对现有Android恶意代码检测方法容易被绕过的问题,提出了一种强对抗性的Android恶意代码检测方法.首先设计实现了动静态分析相结合的移动应用行为分析方法,该方法能够破除多种反分析技术的干扰,稳定可靠地提取移动应用的权限信息、防护信息和行为信息.然后,从上述信息中提取出能够抵御模拟攻击的能力特征和行为特征,并利用一个基于长短时记忆网络(Long Short-Term Memory,LSTM)的神经网络模型实现恶意代码检测.最后通过实验证明了本文所提出方法的可靠性和先进性. 相似文献
14.
多级安全数据库系统(MLS/DBMS)中并发控制协议并不能彻底消除所有的隐蔽通道.在隐蔽通道无法避免的情况下,已渗透的恶意事务可以利用隐蔽通道泄漏和篡改机密信息.为提高数据库的可生存性,首先分析了MLS/DBMS系统中的隐蔽通道,通过对真实情况的参数模拟和实验分析,结合恶意事务特征和隐蔽通道带宽的异常改变,给出可生存DBMS中的同谋事务和恶意事务的检测,并提出了同谋用户造成隐蔽通道传递性的机理以及恶意噪声事务对其的影响. 相似文献
15.
Android是基于Linux的操作系统,应用程序是由Java语言编写并运行在虚拟机里的,这就造成了Android应用程序很难操作订制的硬件问题.利用Java的JNI机制,使用Android NDK编译环境,使应用程序可以透过Android系统的应用框架层,直接在Linux的文件系统对设备进行操作,解决了上述问题. 相似文献
16.
《Digital Communications & Networks》2022,8(6):1040-1047
In recent years, we have witnessed a surge in mobile devices such as smartphones, tablets, smart watches, etc., most of which are based on the Android operating system. However, because these Android-based mobile devices are becoming increasingly popular, they are now the primary target of mobile malware, which could lead to both privacy leakage and property loss. To address the rapidly deteriorating security issues caused by mobile malware, various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them. Nevertheless, in order to avoid being caught by these malware detection mechanisms, malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications. In this paper, several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them. First, we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks. Then, we specifically focus on the data poisoning attack and evasion attack models, which may mutate various application features, such as API calls, permissions and the class label, to produce adversarial examples. Then, we propose and design a malware detection approach that is resistant to adversarial examples. To observe and investigate how the malware detection system is influenced by the adversarial example attacks, we conduct experiments on some real Android application datasets which are composed of both malware and benign applications. Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks. 相似文献
17.
Seokho Yoon Iickho Song Sun Yong Kim 《Communications, IEEE Transactions on》2004,52(2):187-190
In this letter, we propose a new detector for code acquisition systems in non-Gaussian noise channels. Modeling the acquisition problem as a hypothesis testing problem, a detector is derived for non-Gaussian, symmetric /spl alpha/-stable noise, based on the locally optimum detection technique. Numerical results show that the proposed detector can offer robustness and substantial performance improvement over the conventional schemes in non-Gaussian channels. 相似文献
18.
Non-Gaussian noise is one of the most common noise models observed in wireless channels. This type of noise has severe impact on wireless systems with multiuser detection devices. In this paper, the issue of multiuser detection in non-Gaussian noise multipath channel is addressed. We also pay a close attention to the neural network applications, and propose a new robust neural network detector for multipath impulsive channels. The maximal ratio combining (MRC) technique is adopted to combine the multipath signals. Moreover, we discuss the performance of the proposed multiuser neural network decorrelating detector (NNDD), under class A Middleton model. Furthermore, the performance of the system under power imbalance scenario is shown. We show that the proposed NNDD has magnificent effect on the system performance. The system performance is measured through the bit error rate (BER). It is shown that the proposed robust receiver reduces the impact of the impulsive noise by processing the received signal and clipping the extreme amplitudes. 相似文献
19.
Advances in both telecommunications and Information technology have improved the way users do business online. Android, an open-source mobile operating system, is becoming an attractive target for cyber criminals to exploit due to its predefined permission model. Without classification, the mobile operating system permits installation of mobile applications of all kinds, including Trojans, thus making its trustworthiness into question. In this paper, we present a security system called collaborative policy-based security scheme (CSS) that permits users to customize the access permissions of Android applications during runtime. The proposed CSS security scheme validates the trustworthiness of each application before being installed. The experimental results show that the proposed CSS successfully detects all malicious applications with a run-time overhead of 2.7%.
相似文献20.