1. The document presents HoneypotLabsac, a virtual honeypot framework for Android that aims to learn more about targeted mobile device attacks.
2. The framework allows emulating services like telnet, HTTP, and SMS to collect log data from interactions without compromising the actual device.
3. HoneypotLabsac generates log files of all emulated service connections and SMS messages, stores them on the device, and sends them periodically to a log server for analysis.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
This mid-year 2018 report provides intelligence about how attackers are targeting enterprise customers via device, network, and operating system vulnerabilities on mobile devices. Specifically, it reviews:
- Mobile device threat trends (1 of every 3 devices detect threats)
- Network attacks and rogue access points (66% of attacks are via networks)
- Cryptojacking and the impact on mobile devices
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
This mid-year 2018 report provides intelligence about how attackers are targeting enterprise customers via device, network, and operating system vulnerabilities on mobile devices. Specifically, it reviews:
- Mobile device threat trends (1 of every 3 devices detect threats)
- Network attacks and rogue access points (66% of attacks are via networks)
- Cryptojacking and the impact on mobile devices
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
The development of attack toolkits conforms that cybercrime is driven primarily by financial motivations as noted from the significant profits made by both the developers and buyers. In this paper, an enhanced hybrid attack toolkit mitigation model was designed to tackle the economy of the attack toolkits using different techniques to discredit it. The mitigation looked into Zeus, a common and the most frequently used attack toolkit to discover the hidden information used by the attackers to launch attacks. This information helped in creating honey toolkits, honeybot and honeytokens. Honeybots are used to submit honeytoken to botmasters, who sells to the internet black market. Both the botmasters, his mules and buyers attempts to steal huge amount of money using the stolen credentials which includes both real and honeytokens and will be detected by an attack detector which sends an alert on any transaction involving the honeytokens. A reconfirmation process which is secured using enhanced RC6 cryptosystem is enacted. The reconfirmation message in plain text is securely encrypted into cipher text and transmitted from the bank to the legitimate account owner and vise visa. The result of the crypto analysis carried out on the encrypted text using RC6 encryption algorithm showed that the cipher text is not transparent.
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
The focus of this paper is to identify dominant trends of
information security threats to the Internet 2001 to 2007. This
paper is intended to provide an understanding of the new
emphasis of attacks through use of robotic networks and how
some users and organizations are already preparing a response
using innovative visualization techniques in conjunction with
traditional methods. The scope of research will focus on basic
enterprise level services that are commonly provided by various
corporations; e.g., e-mail, browser applications, wireless and
mobile devices, IP telephony, and online banking. The research
will first review the network infrastructure common to most
corporate organizations and assume basic enterprise components
and functionality in response to the current security threats. The
second emphasis will consider the impact of malware robotic
networks (Botnets and Puppetnets) on the corporate network
infrastructure and how to address these threats with new and
innovative techniques. This approach is pragmatic in application
and focuses on assimilation of existing data to present a
functional rationale of attacks to anticipate and prepare for this
coming year.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
ON THE OPTIMIZATION OF BITTORRENT-LIKE PROTOCOLS FOR INTERACTIVE ON-DEMAND ST...IJCNCJournal
This paper proposes two novel optimized BitTorrent-like protocols for interactive multimedia streaming: the Simple Interactive Streaming Protocol (SISP) and the Exclusive Interactive Streaming Protocol (EISP). The former chiefly seeks a trade-off between playback continuity and data diversity, while the latter is mostly focused on playback continuity. To assure a thorough and up-to-date approach, related work is carefully examined and important open issues, concerning the design of BitTorrent-like algorithms, are analyzed as well. Through simulations, in a variety of near-real file replication scenarios, the novel protocols are evaluated using distinct performance metrics. Among the major findings, the final results show that the two novel proposals are efficient and, besides, focusing on playback continuity ends up being the best design concept to achieve high quality of service. Lastly, avenues for further research are included at the end of this paper as well
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
The development of attack toolkits conforms that cybercrime is driven primarily by financial motivations as noted from the significant profits made by both the developers and buyers. In this paper, an enhanced hybrid attack toolkit mitigation model was designed to tackle the economy of the attack toolkits using different techniques to discredit it. The mitigation looked into Zeus, a common and the most frequently used attack toolkit to discover the hidden information used by the attackers to launch attacks. This information helped in creating honey toolkits, honeybot and honeytokens. Honeybots are used to submit honeytoken to botmasters, who sells to the internet black market. Both the botmasters, his mules and buyers attempts to steal huge amount of money using the stolen credentials which includes both real and honeytokens and will be detected by an attack detector which sends an alert on any transaction involving the honeytokens. A reconfirmation process which is secured using enhanced RC6 cryptosystem is enacted. The reconfirmation message in plain text is securely encrypted into cipher text and transmitted from the bank to the legitimate account owner and vise visa. The result of the crypto analysis carried out on the encrypted text using RC6 encryption algorithm showed that the cipher text is not transparent.
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
The focus of this paper is to identify dominant trends of
information security threats to the Internet 2001 to 2007. This
paper is intended to provide an understanding of the new
emphasis of attacks through use of robotic networks and how
some users and organizations are already preparing a response
using innovative visualization techniques in conjunction with
traditional methods. The scope of research will focus on basic
enterprise level services that are commonly provided by various
corporations; e.g., e-mail, browser applications, wireless and
mobile devices, IP telephony, and online banking. The research
will first review the network infrastructure common to most
corporate organizations and assume basic enterprise components
and functionality in response to the current security threats. The
second emphasis will consider the impact of malware robotic
networks (Botnets and Puppetnets) on the corporate network
infrastructure and how to address these threats with new and
innovative techniques. This approach is pragmatic in application
and focuses on assimilation of existing data to present a
functional rationale of attacks to anticipate and prepare for this
coming year.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
ON THE OPTIMIZATION OF BITTORRENT-LIKE PROTOCOLS FOR INTERACTIVE ON-DEMAND ST...IJCNCJournal
This paper proposes two novel optimized BitTorrent-like protocols for interactive multimedia streaming: the Simple Interactive Streaming Protocol (SISP) and the Exclusive Interactive Streaming Protocol (EISP). The former chiefly seeks a trade-off between playback continuity and data diversity, while the latter is mostly focused on playback continuity. To assure a thorough and up-to-date approach, related work is carefully examined and important open issues, concerning the design of BitTorrent-like algorithms, are analyzed as well. Through simulations, in a variety of near-real file replication scenarios, the novel protocols are evaluated using distinct performance metrics. Among the major findings, the final results show that the two novel proposals are efficient and, besides, focusing on playback continuity ends up being the best design concept to achieve high quality of service. Lastly, avenues for further research are included at the end of this paper as well
A preliminary evaluation of bandwidth allocation model dynamic switchingIJCNCJournal
Bandwidth Allocation Models (BAMs) are used in orde
r to define Bandwidth Constraints (BCs) in a per-
class basis for MPLS/DS-TE networks and effectively
define how network resources like bandwidth are
obtained and shared by applications. The BAMs propo
sed (MAM – Maximum Allocation Model, RDM –
Russian Dolls Model, G-RDM – Generic RDM and AllocT
C-Sharing) attempt to optimize the use of
bandwidth resources on a per-link basis with differ
ent allocation and resource sharing characteristics
. As
such, the adoption of distinct BAMs and/or changes
in network resource demands (network traffic profil
e)
may result in different network traffic allocation
and operational behavior for distinct BAMs. This pa
per
evaluates the resulting network characteristics (li
nk utilization, preemption and flows blocking) of u
sing
BAMs dynamically with different traffic scenarios.
In brief, it is investigated the dynamics of BAM
switching with distinct traffic scenarios. The pape
r presents initially the investigated BAMs in relat
ion to
their behavior and resource allocation characterist
ics. Then, distinct BAMs are compared using differe
nt
traffic scenarios in order to investigate the impac
t of a dynamic change of the BAM configured in the
network. Finally, the paper shows that the adoption
of a dynamic BAM allocation strategy may result in
benefits for network operation in terms of link uti
lization, preemption and flows blocking.
Peak detection using wavelet transformIJCNCJournal
A new work based-wavelet transform is designed to overcome one of the main drawbacks that found in the
present new technologies. Orthogonal Frequency Division Multiplexing (OFDM)is proposed in the
literature to enhance the multimedia resolution. However, the high peak power (PAPR) values will obstruct
such achievements. Therefore, a new proposition is found in this work, making use of the wavelet
transforms methods, and it is divided into three main stages; de-noising stage, thresholding stage and then
the replacement stage.
In order to check the system stages validity; a mathematical model has been built and its checked after
using a MATLAB simulation. A simulated bit error rate (BER) achievement will be compared with our
previously published work, where an enhancement from 8×10-1 to be 5×10-1 is achieved. Moreover, these
results will be compared to the work found in the literature, where we have accomplished around 27%
PAPR extra reduction.
As a result, the BER performance has been improved for the same bandwidth occupancy. Moreover and
due to the de-noise stage, the verification rate has been improved to reach 81%. This is in addition to the
noise immunity enhancement.
Performance comparison of mobile ad hoc network routing protocolsIJCNCJournal
Mobile Ad-hoc Network (MANET) is an infrastructure less and decentralized network which need a robust
dynamic routing protocol. Many routing protocols for such networks have been proposed so far to find
optimized routes from source to the destination and prominent among them are Dynamic Source Routing
(DSR), Ad-hoc On Demand Distance Vector (AODV), and Destination-Sequenced Distance Vector (DSDV)
routing protocols. The performance comparison of these protocols should be considered as the primary
step towards the invention of a new routing protocol. This paper presents a performance comparison of
proactive and reactive routing protocols DSDV, AODV and DSR based on QoS metrics (packet delivery
ratio, average end-to-end delay, throughput, jitter), normalized routing overhead and normalized MAC
overhead by using the NS-2 simulator. The performance comparison is conducted by varying mobility
speed, number of nodes and data rate. The comparison results show that AODV performs optimally well
not the best among all the studied protocols.
Exact network reconstruction from consensus signals and one eigen valueIJCNCJournal
The basic inverse problem in spectral graph theory consists in determining the graph given its eigenvalue
spectrum. In this paper, we are interested in a network of technological agents whose graph is unknown,
communicating by means of a consensus protocol. Recently, the use of artificial noise added to consensus
signals has been proposed to reconstruct the unknown graph, although errors are possible. On the other
hand, some methodologies have been devised to estimate the eigenvalue spectrum, but noise could interfere
with the elaborations. We combine these two techniques in order to simplify calculations and avoid
topological reconstruction errors, using only one eigenvalue. Moreover, we use an high frequency noise to
reconstruct the network, thus it is easy to filter the control signals after the graph identification. Numerical
simulations of several topologies show an exact and robust reconstruction of the graphs.
Analysis of wifi and wimax and wireless network coexistenceIJCNCJournal
Wireless networks are very popular nowadays. Wireless Local Area Network (WLAN) that uses the IEEE 802.11 standard and WiMAX (Worldwide Interoperability for Microwave Access) that uses the IEEE802.16 standard are networks that we want to explore. WiMAX has been developed over 10 years, but it is still unknown by most people. However, compared with WLAN, it has many advantages in transmission speed and coverage area. This paper will introduce these two technologies and make comparisons between WiMAX and WiFi. In addition, wireless network coexistence of WLAN and WiMAX will be explored through simulation. Lastly we want to discuss the future of WiMAX in relation to WiFi.
Comparative performance analysis of different modulation techniques for papr ...IJCNCJournal
One of the most important multi-carrier tran
smission techniques used in the latest wireless com
munication
arena is known as Orthogonal Frequency Division Mul
tiplexing (OFDM). It has several characteristics
such as providing greater immunity to multipath fad
ing & impulse noise, eliminating Inter Symbol
Interference (ISI) & Inter Carrier Interference (IC
I) using a guard interval known as Cyclic Prefix (C
P). A
regular difficulty of OFDM signal is high peak to a
verage power ratio (PAPR) which is defined as the r
atio
of the peak power to the average power of OFDM Sign
al. An improved design of amplitude clipping &
filtering technique of us previously reduced signif
icant amount of PAPR with slightly increase bit err
or rate
(BER) compare to an existing method in case of Quad
rature Phase Shift Keying (QPSK) & Quadrature
Amplitude Modulation (QAM). This paper investigates
a comparative performance analysis of the differen
t
higher order modulation techniques on that design.
Network coding combined with onion routing for anonymous and secure communica...IJCNCJournal
This paper presents a novel scheme that provides high level of security and privacy in a Wireless Mesh
Network (WMN). We combine an approach of Network Coding with multiple layered encryption of onion routing for a WMN. An added superior feature provides higher level of security and privacy. Sensitive network information is confined to 1-hop neighborhood which is available anyways in a wireless medium with nodes using a bivariate polynomial. The only routing information divulged to a relay node is about next hop. No plain text is ever transmitted and all data can only be decrypted by its source and destination.Prior work finds it difficult to enforce encryption with network coding without divulging in complete
routing information,hence losing privacy and anonymity. We compare our scheme with other existing approach for several networks. The preliminary results show this work to provide superior security and anonymity at low overhead cost.
AN EFFICIENT SPECTRUM SHARING METHOD BASED ON GENETIC ALGORITHM IN HETEROGENE...IJCNCJournal
With advances in wireless communication technologies, users can have rich contents not only via wired
networks but also via wireless networks such as Cellular, WiFi, and WiMAX. On the other hand, however, lack of spectrum resources becomes an important problem for future wireless networks. To overcome this problem, dynamic spectrum access technology receives much attention. In this paper, we propose a novel spectrum sharing method based on genetic algorithm in which a WiFi system temporarily uses a spectrum band of WiMAX system in WiFi/WiMAX integrated networks as a typical
heterogeneous wireless network. Finally, we confirm the effectiveness of the proposed method by simulation experiments
In network aggregation using efficient routing techniques for event driven se...IJCNCJournal
Sensors used in applications such as agriculture, weather , etc., monitoring physical parameters like soil moisture, temperature, humidity, will have to sustain their battery power for long intervals of time. In order to accomplish this, parameter which assists in reducing the consumption of power from battery need to be attended to. One of the factors affecting the consumption of energy is transmit and receive power. This energy consumption can be reduced by avoiding unnecessary transmission and reception. Efficient routing techniques and incorporating aggregation whenever possible can save considerable amount of energy. Aggregation reduces repeated transmission of relative values and also reduces lot of computation at the base station. In this paper, the benefits of aggregation over direct transmission in saving the amount of energy consumed is discussed. Routing techniques which assist aggregation are incorporated. Aspects like transmission of average value of sensed data around an area of the network, minimum value in the whole of the network, triggering of event when there is low battery are assimilated.
Comparative analyisis on some possible partnership schemes of global ip excha...IJCNCJournal
IPX (IP eXchange) is GSMA’s proposal for IP interconnection model which supports multi services to offer
end-to-end QoS, security, interoperability, SLAs through a dedicated connection. It provides a commercial
and technical solution to manage IP traffic and follows the GSMA’s 4 key IP interworking principle such as
openness, quality, cascading payments, and efficient connectivity. In order to get global IPX reachability, it
is possible for an IPX provider to build partnership with other global IPX providers in business and
network configuration. There are some possible partnership schemes between IPX providers such as
peering mode, semi-hosted mode, full-hosted mode, or combination between these modes. The
implementation of the schemes will be case-by-case basis with some considerations based on (but not
limited to) IPX Provider’s network asset & coverage, services & features offer, commercial offer, and
customers. For an IPX provider to become competitive in IPX business and become a global IPX hub, some
value added should be considered such as cost efficiency and great network performance. To achieve it, an
IPX provider could implement some strategies such as build network sinergy between them and partners to
develop IPX Service as single offering, offer their customers with bundled access network and services. An
IPX provider should also consider their existing customer-based that can be a benefit to their bargaining
position to other potential IPX provider partners to determine price and business scheme for partnership.
A Secure Data Communication System Using Cryptography and SteganographyIJCNCJournal
The information security has become one of the most significant problems in data communication. So it
becomes an inseparable part of data communication. In order to address this problem, cryptography and
steganography can be combined. This paper proposes a secure communication system. It employs
cryptographic algorithm together with steganography. The jointing of these techniques provides a robust
and strong communication system that able to withstand against attackers. In this paper, the filter bank
cipher is used to encrypt the secret text message, it provide high level of security, scalability and speed.
After that, a discrete wavelet transforms (DWT) based steganography is employed to hide the encrypted
message in the cover image by modifying the wavelet coefficients. The performance of the proposed system
is evaluated using peak signal to noise ratio (PSNR) and histogram analysis. The simulation results show
that, the proposed system provides high level of security.
A child's diet and his nutrition is a growing concern in Mexico. Obesity rates triple in last 3 decades in our
country. Thus, a novel and attractive tool designed for youth is deployed. It has as main objective reduce
this problem in a way friendly and intelligent. It includes a planning system based on propositional logic
named DLVK and a novel architecture that allows us to extend our solution to mobile devices. In this
proposal we consider goal-based agents that use more advanced structured representations and are usually
called planning agents. These agents are supposed to maximize their performance measure. Achieving this
is sometimes simplified if the agent can adopt a goal and aim at satisfying it. Thus, first we present the
well-known problem called The Wumpus world. Second, present an application to assist in the solution of
Nutrition in Mexico. Planning for nourishing using DLVK implemented for mobile devices through the WAP
protocol using GPRS service is deployed. Both problems viewed as a logic program (into DLVK) whose
answer sets corresponds to solutions. Plans correspond to answer sets for these programs, in the spirit of
answer set programming.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
This is a series of articles about shell extensions that enhance high-level features of any operation system. However, such possibilities not only enrich platform but simplify developing trojans, exploits that leads to the new security holes. Mostly this kind of extensions are known as usermode rootkits.
http://hakin9.org/theultimat/
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Taxonomy mobile malware threats and detection techniquescsandit
Since last-decade, smart-phones have gained widespr
ead usage. Mobile devices store personal
details such as contacts and text messages. Due to
this extensive growth, smart-phones are
attracted towards cyber-criminals. In this research
work, we have done a systematic review of
the terms related to malware detection algorithms
and have also summarized behavioral
description of some known mobile malwares in tabula
r form. After careful solicitation of all the
possible methods and algorithms for detection of m
obile-based malwares, we give some
recommendations for designing future malware detect
ion algorithm by considering
computational complexity and detection ration of m
obile malwares.
A case study of malware detection and removal in android appsijmnct
With the proliferation of smart phone users, android malware variants is increasing in terms of numbers
and amount of new victim android apps. The traditional malware detection focuses on repackage,
obfuscate and/or other transformable executable code from malicious apps. This paper presented a case
study on existing android malware detection through a sequence of steps and well developed encoding SMS
message. Our result has demonstrated a solid testify of our approach in the effectiveness of malware
detection and removal.
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
Client side attacks are those which exploits the vulnerabilities in client side applications such as browsers, plug-ins etc. The remote attackers execute the malicious code in end user’s system without his knowledge. Here in this research, we propose to detect and measure the drive by download class of malware which infect the end user’s system through HTTP based propagation mechanism. The purpose of this research is to introduce a class of technology known as client honeypot through which we execute the domains in a virtual machine in more optimized manner. Those virtual machines are the controlled environment for the execution of those URLs. During the execution of the websites, the PE files dropped into the system are logged and further analyzed for categorization of malware. Further the critical analysis has been performed by applying some reverse engineering techniques to categories the class of malware and source of infections performed by the malware.
Our Third Annual Mobile Threats Report takes a look at current trends in malware and shares ways to protect your mobile network. Read the report here: http://juni.pr/11FUxk3
ABSTRACT
Shoreline monitoring is important to overcome the problems in the measurement of the shoreline. Recently,
many researchers have directed attention to methods of predicting shoreline changes by the use of
multispectral images. However, the images being captured tend to have several problems due to the weather.
Therefore, identification of multi class features which includes vegetation and shoreline using multispectral
satellite image is one of the challenges encountered in the detection of shoreline. An efficient framework
using the near infrared–histogram equalisation and improved filtering method is proposed to enhance the
detection of the shoreline in Tanjung Piai, Malaysia, by using SPOT-5 images. Sub-pixel edge detection and
the Wallis filter are used to compute the edge location with the subpixel accuracy and reduce the noise. Then,
the image undergoes image classification process by using Support Vector Machine. The proposed method
performed more effectively and reliable in preserving the missing line of the shoreline edge in the SPOT-5
images.
ABSTRACT
Smartphones are used by billions of people that means the applications of the smartphone is increasing, it is out of control for applications marketplaces to completely validate if an application is malicious or legitimate. Therefore, it is up to users to choose for themselves whether an application is safe to use or not. It is important to say that there are differences between mobile devices and PC machines in resource management mechanism, the security solutions for computer malware are not compatible with mobile devices. Consequently, the anti-malware organizations and academic researchers have produced and proposed many security methods and mechanisms in order to recognize and classify the security threat of the Android operating system. By means of the proposed methods are different from one to another, they can be arranged into various classifications. In this review paper, the present Android security threats is discussed and present security proposed solutions and attempt to classify the proposed solutions and evaluate them.
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
Malicious software is abundant in a world of innumerable computer users, who are constantly faced withthese threats from various sources like the internet, local networks and portable drives. Malware is potentially low to high risk and can cause systems to function incorrectly, steal data and even crash. Malware may be executable or system library files in the form of viruses, worms, Trojans, all aimed at breaching the security of the system and compromising user privacy. Typically, anti-virus software is based on a signature definition system which keeps updating from the internet and thus keeping track of known viruses. While this may be sufficient for home-users, a security risk from a new virus could threaten an entire enterprise network. This paper proposes a new and more sophisticated antivirus engine that can not only scan files, but also build knowledge and detect files as potential viruses. This is done by extracting system API calls made by various normal and harmful executable, and using machine learning algorithms to classify and hence, rank files on a scale of security risk. While such a system is processor heavy, it is very effective when used centrally to protect an enterprise network which maybe more prone to such threats.
The number of devices running with the Android operating system has been on the rise. By the end of 2012, it will account for nearly half of the world's smartphone market. Along with its growth, the importance of security has also risen. A proportional increase in the number of vulnerabilities is also happening to the extent that there are a limited number of security applications available to protect these devices. The efficacies of these applications have not been empirically established. These slides analyzes some of the security tools written for the Android platform to gauge their effectiveness at mitigating spyware and malware
Similar to HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID (20)
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
April 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF based Intrusion Detection System for Big Data IoT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
** Connect, Collaborate, And Innovate: IJCNC - Where Networking Futures Take ...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
1. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
DOI : 10.5121/ijcnc.2013.5413 159
HONEYPOTLABSAC: A VIRTUAL HONEYPOT
FRAMEWORK FOR ANDROID
Vladimir B. Oliveira, Zair Abdelouahab, Denivaldo Lopes, Mario H. Santos, and
Valéria P. Fernandes
Department of Electrical Engineering, Federal University of Maranhão, São Luís - MA,
Brazil
vladimir_pi@yahoo.com.br, zair@dee.ufma.br, dlopes@dee.ufma.br
marioh90@gmail.com, valpriscilla@gmail.com
ABSTRACT
Mobile devices suffer daily threats of various kinds, in particular in a digital form, where users without
consent receives and installs malware on their mobile devices via wireless networks, getting their
information vulnerable to unauthorized persons. Aiming to learn more targeted attacks on mobile devices,
this paper presents a mechanism that emulates services and protocols within a mobile device with the
Android OS. Our work is inspired by the idea of a Honeypot and its use is to learn from the invader. Thus,
we first propose a Framework for mobile devises for reuse purposes. Then, we use the Framework itself to
propose a honeypot that emulates services such as telnet, http and SMS in the application level of the
Android operating system
KEYWORDS
Network Security, Intrusion detection, Honeypots, Android
1. INTRODUCTION
With technological advances, mobile devices such as smartphones, tablets, netbooks, etc.. have
maintained their commercial value to an acceptable level for all social classes. Mobile devices
have increasingly cornered the market and they are used on a large scale because of allied prices,
ease of use, communication with social networks, access to the internet via 3G or wireless
network connections, banking transaction, internet shopping, payments, among others. With all of
these features aggregated to mobile devices they started to be targets of attacks ranging from
viruses, trojan horses, worms and botnets. In personal computers, there is a huge range of tools
divised in order to reduce cyber-attacks. One of them is a Honeypot which is a computational
resource dedicated to be probed, attacked or compromised in an environment that enables the
recording and control of these activities. [8]
The work aims to propose a mechanism that consists of a Framework to generate virtual
honeypots running on the application level that emulates services on the Android operating
system. Through the framework, we are able to extend with new services and protocols to be
emulated.
The rest of this paper is organized as follows. Section 2 provides theoretical information about the
Android operating system, mobile devices attacks and Honeypots. Section 3 describes the
HoneypotLabsac, a Virtual Honeypot Framework for Android. Section 4 reviews related work
and section 5 presents the tests and results. Finally, section 6 gives the concluding remarks.
2. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
160
2. THEORETICAL FUNDAMENTALS
2.1. Android Operating System: ARM Architecture
Android is a complete platform for mobile devices [9], in particular for smart handsets
Smartphones. The platform consists of an operating system, middleware, applications, and user
interface. Android is the first project of an open-source platform, with a license of Apache
Software Foundation (ASF) [10]. The license of type ASF allows changes to be made to the
source code but not necessarily shared [10]. The Android operating system was initially
developed by Google and released into the market for mobile handsets in 2008 [9] [8]. Shortly
thereafter, Google has created alliances with other companies in various segments of mobile
phone market to continue the project. This alliance is called the Open Handset Alliance (OHA),
which currently has 84 companies that encompass the entire structure that is part of the procee of
mobile phones [1] [11].
The Android operating system was launched in the market of mobile handsets in 2008. It has
become quite popular because it is an open source operating system, by providing an SDK
platform for developers using JAVA programming language and a Market app with few
restrictions to disseminate applications developed by third parties. The Android operating system
has in its base the Linux kernel version 2.6, which has undergone with several changes to suit
mobile devices (smartphone), and it is responsible for security and memory management. The
linux OS is serving as an abstraction layer between the hardware components and software, is not
considered a conventional Linux distribution. It uses a virtual machine called Dalvik fully
optimized to work with mobile devices that run applications developed in JAVA programming
language. When a Java application is compiled the (.class) program is converted to (.dex) (Dalvik
Executable) thereafter files of (.dex) and other resources such as images are compressed into a
single file extension (.apk) (Android Package File), which is nothing more than the actual
application for Android already compiled. [1] [9].
2.2. Android Operating System : X86 Architecture
The Project of Android OS x86 is founded by Chih-Wei Huang (Taiwan) and Yi Sun
(USA) [12]. The x86 architecture is a modified version of the original architecture of
microprocessors Advanced RISC Machine (ARM), modified and adapted to Android x86.
This system has as main objective to offer full support for netbooks and notebooks.
2.3. Cyber-attacks on Mobile Devices
Cyber-attacks in mobile devices are not new. The first virtual virus for cell phone was developed
in 2004. This virus is called "Cabir" and its spread is via Bluetooth and concerned only the
Symbian operating system [7]. Dunham, K. et al. [14] have defined some threats on mobile
devices using a mobile security terminology which includes threats such as Ad / Spyware,
Bluebug, BlueChop, bruteforce, Denial-of-Service (DoS), Exploit, Hacking, Malware Móvel ,
Snarf, Trojan, Virus and Worm. These threats are:
• Ad / Spyware - are potentially unwanted programs, which may include (End User License
Agreement) EULA, End User License. This type of program performs various
undesirable actions without user consent. It commonly involves the appearance of ads
(pop-ups) and also studies the user's profile.
3. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
161
• Bluebug - exploits a vulnerability in Bluetooth to make phone calls with differentiated
value (expensive calls).
• BlueChop - is a denial of service attack that disrupts a network of Piconet.
• Bruteforce - is an algorithm which consists of enumerating all possible outcomes of a
solution. Each solution found verifies if it satisfies the problem.
• Denial-of-Service (DoS) - is an attack designed to disrupt and/or deny the use of a mobile
device, or network service.
• Exploit - is a software that tries to take advantage of a vulnerability to perform
undesirable actions.
• Hacking defaults - are techniques used to break devices or software they use passwords,
and / or default settings.
• Malware Móvel - are softwares that perform malicious actions on mobile devices.
• Snarf - is the unauthorized data theft. It is a slang used to steal information from another
device.
• Trojan - is malicious software that masquerades as something that is not in reality. Its role
is to steal information and sends it mostly to the sender or to its creator.
• Viruses - are malicious software that intentionally multiplicate through programs or files
on a mobile device in order to change the work form of mobile device following two
criterias: self executing and self replication.
• Worm - are malicious software that creates a copy of itself, a clone, aims to spread.
Most described cyber threats for mobile computers have come from PC (Desktop). These
threats have undergone some modifications for use on mobile devices. Some may even be
versions of the originals. But their goals are to obtain unauthorized information of the
user or damage the unit.
2.4. Honeypots
Hoepers et al. [8] has defined a Honeypot as a computational security resource which is dedicated
to be probed, attacked or compromised. Spitzner [6] states that a Honeypot is tool for security
study where its main function is to collect information from the attacker, through monitoring.
Thus a honeypot is an attractive tool placed in a network committed to monitor the attacker and
the tools which it uses.
There are two types of Honeypots: Low and high interactivity [5] [8] [13]. Low interactivity
Honeypots - simulates only part of some operating systems, network protocols, services and some
commands with which the attackers may interact, thus minimizing the risk of compromising the
actual operating system. High interactivity Honeypots allow the attackers interact directly with
the operating systems, applications or real services. Some authors such as Spitzner [6] makes a
reference to medium interactivity honeypots that lies between low and high interactivity ones. In
table 1, we show a comparison between levels of Honeypot interactivities.
Security community faces daily several challenges. One of them is to obtain valuable information
through the data that is collected. Enterprises collect daily large amounts of data, including
firewall logs, system logs, and intrusion detection alerts. However, all this amount of data can
become just another bunch of hits. On the other hand, honeypots collect a small amount of data,
but this is of great value. Honeypots are not part of the system production. In fact, all traffic
destined to them is considered as malicious. The traffic can be considered of high value and can
be used in statistical models, periodic reviews, attack detection, or even on offensive research
methodologies [6].
4. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
162
Level of
interactivity
Facility for
installing &
configuring
Facility for
activation &
maintenance
information
collection
Level of
interactivity
Low Easy Easy Limited Low
Medium Medium Medium Variable Medium
High Difficult Difficult Extensive High
Table 1 – interactivity Levels, Spitzner, [6]
Some caracteristics and features of honeypots need to be defined and these are: monitoring, audit
log, containment and visibility. Monitoring - A Honeypot has as its main function monitoring
network activities. Audit log - is vital to maintain it in an intact file to rebuild attacks in case they
occur. Containment - Honeypots are meant to be committed, but a compromised honeypot cannot
serve as a bridge for further attacks. Visibility - a Honeypot is more attractive when it is visible
because it can draw more attacker attention.
3. HONEYPOTLABSAC: A FRAMEWORK FOR ANDROID
VIRTUAL HONEYPOT
3.1. HONEYPOTLABSAC Framework
Initially, the proposed framework is inspired by some works that have already been developed in
[3] [4] [5], which aims at providing a virtual Honeypot [5] and a virtual honeypot for mobile
device [3] [4 ]. Differently from others, our proposal aims simply on collecting data from a
mobile device connected to a wireless network through a virtual Honeypot installed on the
Android operating system.
The FrameworkLabsac generates a virtual Honeypot for the Android operating system, which can
later be expanded to other operating systems for mobile devices. The goal of creating the
Framework is directly related to software reuse, because the project can be extended at any time
by adding new services and protocols to be emulated. As we can see, the FrameworkLabsac has a
simple architecture composed of 03 (three) packages: br.labsac.honeypot.core,
br.labsac.honeypot.util br.labsac.honeypot.
• br.labsac.honeypot.core - This package consists of five (5) classes: GeneralService,
HoneypotProtocol, ProcessAdminRequests, ProtocolProcessing and ProtocolResponse.
The class GeneralService is responsible for providing the connection via socket to
customers, in other words it is the class server connection. The HoneypotProtocol class
emulates a connection. The class ProcessAdminRequests is responsible for checking
whether a particular service is running. The ProtocolProcessing class checks whether or
not a service should be stopped. The ProtocolResponse class responds to it clients
requests using its methods.
• .br.labsac.honeypot - This package implements three (3) classes: HoneypotActivity,
HoneypotApplication and HoneypotStarter. The HoneypotActivity class is the base class
5. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
163
for the core program. The HoneypotApplication class is responsible for setting
preferences. The HoneypotStarter class is responsible for checking network connectivity
by starting the service.
• br.labsac.honeypot.util - this package has three (3) classes: ArchiverInServerAlarm,
MsgType, and ServiceImage. The ArchiverInServerAlarm class is responsible for
generating the file in sdcard of the mobile device to record the logs and then send the
generated file to the server logs. The MsgType class is responsible for all types of
generated messages. The ServiceImage class is responsible for the serialization of
communication with the ports and their methods.
Figure 1: Package Diagram of FrameworkLabsac
The following section explains how to extend our framework with new protocols or services.
3.2. HONEYPOTLABSAC Application
The HoneypotLabsac application is designed to run on the Android operating system at the
application level and to emulate telnet, SMS, and http services. As a result, a log file of all
interactions and accesses is generated.
Aiming to solve the difficulties encountered in relation to Honeypot, we have implemented the
application with the following measures:
• Monitoring: the application intends to monitor the entire events in order to recreate an
attack in case it occurs.
• Log for audit: to maintain the integrity of the log file, this one is sent from time to
Containment: when log file is sent to the log server and the latter detects that a virtual
6. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
164
machine is compromised, an autonomic service is activated to create new firewall rules
and a new virtual machine to replace the machine.
• Visibility: Mobile devices are increasingly connected to wireless networks.
HoneypotLabsac is designed to emulate popular services such as telnet, SMS, and http
aiming to draw attention of the attacker.
In Figure 3 we present the architecture of HoneypotLabsac.
Figure 2: Architecture Diagram of HoneypotLabsac
We can observe from Figure 2 that the HoneypotLabsac architecture consists of few components:
LOGComponent, Services, and SMS.
• LOGComponent - this component is responsible for generating and storing all
information generated through the connections of Telnet and HTTP as well as the SMS
received from the operating company of cell phones. Thus, a log file for each service
emulated by HoneypotLabsac.
• Telnet Service - aims to emulate the Telnet service of the Android operating system. By
emulating the service, it gives a feeling to the attacker that he is accessing the real Telnet
service of the Android operating system.
• HTTP Service - aims to emulate the HTTP service, by returning fake information to the
attacker.
The HoneypotLabsac is implemented using Java technology [44], the integrated development
environment IDE (Integrated Development Environment) Eclipse [43] and the Android SDK [2]
[21].
Figure 3 shows the class diagram of HoneypotLabsac and its relationships.
7. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
165
Figure 3: Class Diagram of HoneypotLabsac
Figure 4 shows a use case for capturing data with HoneypotLabsac. When HoneypotLabsac is
active (running in background), any interaction with Telnet, HTTP, sending or receiving SMS
through Telnet connection or through the cell phone company log files are generated. These log
files are stored primarily in the internal memory of the mobile device and after they are sent to the
IDS NIDIA log server.
8. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
166
.
Figure 4: Use Case Diagram for Traffic Capture
3.3. Using HONEYPOTLABSAC
The HoneypotLabsac is a specific tool for the Android operating system and it is easy to install
and configure. The settings are made through the application screens, where it is possible to
choose which service to emulate and which communication ports these services should use. It is
also possible to configure the IP number of the log server and the communication port between
the log server and the mobile device. The HoneypotLabsac is a tool for network administrators
who want to discover any attacker via a mobile device connected to their networks.
Figure 5: Main Screen of HoneypotLabsac
Figure 5 shows the main screen of HoneypotLabsac, presenting the available services that can be
emulated and the corresponding checkbox to mark them. Figure 6 shows a screen with active
services, by selecting the "Start Marked" ', after such services are marked in the main screen.
9. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
167
Figure 6: Screen Settings of Services Initialization in HoneypotLabsac
Figure 7 illustrates a screen with settings made for the communication ports for HTTP and Telnet
services, as well as the configuration of the IP number and port number of the log server. The
transfer of log file from the mobile device to the log server occurs only after this setting.
Figure 7: Configuration Screen of Communication Ports of HTTP and Telnet services
4. RELATED WORKS
Provos [5] has developed a framework called "Honeyd" which emulates multiple virtual
honeypots and multiple signatures of computer systems at the network level. These signatures are
known as Fingerprint. Each Honeypot can emulate the signature of an operating system on a real
10. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
168
machine. The Honeyd supports IP protocol, and responds to requests from the network of virtual
honeypots according to the services that were configured on each one.
Collin (et al) [3] creates a Honeypot for smartphone with Android operating system called
Honeydroid at the real kernel device level. It uses virtualization of the hardware such as modem,
wifi and sdcard, to generate records of attacks. According to the author this is the first Honeypot
for a real mobile device.
Oconnor (et al 2010) [4] have developed "honeyM", a framework for virtual Honeyclient,
emulating mobile Bluetooth, infrared, GPS, 3G, and WiFi. It is developed in python and is used
to emulate an Apple iPhone.
Barrera [2] analyzes popular platforms of mobile devices from 2010 such as: Android,
BlackBerry, iPhone and Symbian, and presents a classification of installing third party software
on smartphones, using three generic models: Walled Garden Model, Guardian Model and End-
user Control Model.
Characteristics Honeydroid HoneyM Honeyd HoneypotLabsac
Framework No Yes Yes Yes
Application Level No No No Yes
Operating System Level No No Yes No
Kernel Level Yes No No No
Hardware Vitualizacion Yes No No No
Low Interactivite No Yes Yes Yes
High Interactivite Yes No No No
Android Operating System Yes No No Yes
Others Operating System No Yes Yes No
Mobile Operating System Yes Yes No Yes
Table 2: Comparison
To compare the works directly related to HoneypotLabsac, we have taken into account the
following characteristics:
• Framework – aiming software reuse.
• Application Level - applications that are installed in mobile operating systems.
• Level Operating System - emulate operating systems signatures known as Fingerprints.
• Kernel Level - the layer below the operating system.
• Hardware Virtualization - Works with virtualized hardware.
• Low Interactivity - Provides services and signatures of operating systems --- false
(Fingerprints).
• High Interactivity - Provides real operating systems, applications, services.
• Android Operating System - Works directly with the operating system Android.
• Mobile Operating System - Works with mobile operating system.
From the comparison ilustrated in Table 2, we can observe that HoneypotLabsac is the first
Honeypot for the Android operating system at the application level.
11. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
169
5. TESTES AND RESULTS
Figure 8 shows the scenario where the HoneypotLabsac is installed on a real Samsung
Smartphone with the following configuration:
• Brand - Samsung;
• Model - Galaxy 5;
• Model number - GT-I5500B;
• Firmware Version - 2.2.2;
• Kernel Version - 2.6.32.9-perf-se.infra set-46 # 1;
• Build number - FROYO.VJJP9;
• Processor - 600Mhz.
Figure 8 Test Environment
The tests done using the scenario of Figure 8 are performed in a controlled environment. This
scenario is typical to someone who uses a Smartphone. This type of user is connected to the
Internet through a wireless network as it becomes financially cheaper than 3G connection since
no additional cost is incurred. These wireless networks are mostly at the work place, home of
residence or living environments. The HoneypotLabsac is installed in the device on all its
available services (Telnet, HTTP, SMS) are activated. Thus, the application is ready to intercept
interactions and thus generating log files. Figures 9, 10, 11 show log files generated for each
emulated service as well as the received SMS.
12. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
170
Figure 9 Telnet Log
Figure 10 SMS Log
13. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
171
Figure 11: Http Log
6. CONCLUSION
With HoneypotLabsac, we have the opportunity to study the attacks that are made to mobile
devices through wireless network and thus take some action in response to attacks. By adding
new services or protocols to be emulated by the framework, the Honeypot becomes more
attractive to the attackers.
From this initial work, we have identified some possibilities for future work that could be
developed, such as:
• In this work the focus is the Android operating system, nothing prevents to adapt the
project to run on other mobile operating systems.
• New services may be added and emulated on mobile devices.
ACKNOWLEDGEMENTS
Financial supports of FAPEMA and CNPq are gratefully acknowledged.
REFERENCES
[1] ANDROID. (2012) Sistema Operacional Android. Available in: <http://www.android.com>.
Accessed on: 01/03/2012.
[2] BARRERA, D. & OORSCHOT, V. P. (2011) “Secure Software Installation On Smartphones”.
Security Privacy, IEEE, v. 9, n. 3, p. 42 –48.
[3] COLLIN MULLINER, S. L.& LANGE, M. Poster, (2011) Honeydroid - Creating A Smartphone
Honeypot. In: IEEE Symposium on Privacy and Security, Poster. Oakland California: IEEE,.
[4] O’CONNOR, T. J.& SANGSTER, B., (2010) Honeym: A Framework For Implementing Virtual
Honeyclients For Mobile Devices. In: WiSec ’10: Proceedings of the third ACM Conference
Onwireless Network Security. New York, NY, USA: ACM, pp 129–138.
14. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
172
[5] PROVOS, N.& HOLZ, T., (2010) Virtual Honeypots: From Botnet Tracking To Intrusion Detection.
Addison-Wesley Professional.
[6] SPITZNER, L.(2002) Honeypots: Tracking Hackers. Boston, MA, USA: Addison-Wesley Longman
Publishing Co., Inc.
[7] SYMBIAN. Sistema Operacional Symbian. Available in: <http://licensing.symbian.org/>. Accessed
on: 01 mar. 2012.
[8] HOEPERS C.; JESSEN, K. S. &. C. M. H. P. C. Honeypots E Honeynets: Definições E Aplicações.
Available in: <http://www.cert.br>. Accessed on: 01/05/2012.
[9] PEREIRA L. C. O & SILVA, M. L.,(2009) Android Para Desenvolvedores. Rio de Janeiro: Brasport,
2009.
[10] LECHETA, R. , (2010) Google Android: Aprenda A Criar Aplicações Para Dispositivos Móveis Com
O Android SDK. Sâo Paul o: Novatec.
[11] MEIER, R., (2010) Professional Android 2 Application Development. 1st. ed. Birmingham, UK:
Wrox Press Ltd.
[12] X86, A. Sistema Operacional Android Arquitetura x86. Available in: <www.android-x86.org>.
Accessed: 02/08/2012.
[13] ASSUNCAO, M. F. A. (2009) . Honeypots e Honeynets: Aprenda A Detectar E Enganar Os
Invasores. Rio de Janeiro: Visual Books.
[14] DUNHAM, K. (2009) Mobile Malware Attacks and Defence,. Burlington: Elsevier,.
[15] ECLIPSE. Eclipse. Available at: <http://www.eclipse.org.>. Accessed on: 01/06/2012.
[16] DEITEL, H. M.& DEITEL, P. J. (2003) Java Como Programar. 4. ed. Porto Alegre: Bookman,.
Short Biography
Vladimir Olivwira has obtained her B.Sc. degree in Computer Science from UESPI, Brazil
in 2000 and his M.Sc. degree in Computer Science from UFMA, Brazil in 2012. His
research interests include networking, and security.
Zair Abdelouahab is a professor in Computer Science at the Federal University of
Maranhão (UFMA) in Brazil. He is conducting research on networks and security. He
received his BSc degree in Computer Engineering from University of Setif, Algeria in 1985.
He has an M.Sc. degree in Computer Science from Glasgow University, UK in 1988 and a
Ph.D. degree in Computer Science from Leeds University, UK in 1993.
Denivaldo Lopes is a lecturer at the Federal University of Maranhão (UFMA) in Brazil. He
received his B.Sc. degree in Electrical Engineering from UFMA in 1999. He obtained his
M.Sc. in Electrical Engineering and Computer Science, from UFMA in 2001 and his Ph.D.
degree in Computer Science from the University of Nantes/France in 2005. His research
interests include Service-Oriented Architecture, Model Driven Engineering, and Security.
Mario Braga is currently finishing a BSc degree in Computer Science at the
Federal University of Maranhão (UFMA).
Valeria Fernandes is currently finishing her BSc degree in Computer Science
at the Federal University of Maranhão (UFMA).