500 likes | 651 Views
Pablo Garaizar Sagarminaga Jaime Devesa Esteban. Security of Information Systems Scientific Trends in InfoSec. Seguridad y Protección de la Información Introducción. Dr. Igor Santos. Contents. Malware detection Mobile Security Spam Filtering. PORTADA Definición. ¿What is malware ?.
E N D
Pablo GaraizarSagarminaga Jaime Devesa Esteban Security of InformationSystemsScientificTrends in InfoSec Seguridad y Protección de la InformaciónIntroducción Dr. Igor Santos
Contents • Malware detection • Mobile Security • Spam Filtering
PORTADA Definición ¿What is malware?
Malware: Definition • Malware • Anyexecutableexplicitallydesignedtoharmcomputersorcomputernetworks
Malware • Malware • There are severaltypes of malware • Viruses • Worms • Spyware • Trojanhorses • Botnets
Malware • Malware has changed
Sought fame
and glory
Malware • In thebegining, fame and glory • Now..
Money isallthatmatters
Malware • In thebegining, fame and glory • Now, they seek money
Malware • In thebegining, fame and glory • Now, they seek money • Implies Changes • A better hiding capability • More and more malware
Malware • Malware detection • Based on signatures
E8 0000000 call 0h 5B pop ebx 8D 4B 42 l eaecx, [ebx + 42h ] 51 pushecx 50 pusheax 50 pusheax 0F01 4C 24 FE sidt [esp - 02h] 5B pop ebx 83 C3 1C addebx 1Ch FA cli 8B 2B movebp, [ebx]
Signature E800 0000 005B 8D4B 4251 5050 0F01 4C24 FE5B 83C3 ACFA 8B2B
Malware • Malware detection • Based on signatures • Signatures are stored in ordertodetectknown malware
Original Malware Implementation 1 Implementation 2 New Implementation Signature1 NO DETECTION! Signature 2 SIGNATURE DATABASE
E8 0000000 call 0h 5B pop ebx 8D 4B 42 l eaecx, [ebx + 42h ] 51 pushecx 50 pusheax 50 pusheax 90 nop 90 nop 0F01 4C 24 FE sidt [esp - 02h] 5B pop ebx 83 C3 1C addebx 1Ch FA cli 8B 2B movebp, [ebx]
E800 0000 005B 8D4B 4251 5050 0F01 4C24 FE5B 83C3 ACFA 8B2B 9090 isnotin thesignature 9090 E800 0000 005B 8D4B 4251 5050 9090 0F01 4C24 FE5B 83C3 ACFA 8B2B
Malware • Malware detection • Based on signatures • Signatures are stored in ordertodetectknown malware • Unabletohandleobfuscation!
Malware Detection Knowledge-based malware variantdetection Unknown malware detection Static Dynamic Hybrid Machine-learning-based Anomaly-based Static Dynamic Hybrid Static Dynamic Hybrid
PORTADA Definición ¿What is spam?
WHAT YOU GOT, THEN? SPAM, EGG, SPAM, SPAM, BACON AND SPAM. SPAM, SPAM, SPAM, BAKED BEANS AND SPAM. ANYTHING WITHOUT SPAM? UGH! I DON’T LIKE SPAM!!
It is an actual problem for security
Wemust fightit
Machine-learning content-basedmethods 1. Training of themodel 2. Classification of the new e-mails
Vector Space Model t3 D1 D9 D11 D5 D3 D10 D4 D2 t1 D7 D6 D8 t2
PORTADA Definición ¿What is malware in Android?
Mobile phones haveevolved
Nokia 3410 Samsung Galaxy Nexus Bluetooth Bluetooth Cámara de fotos GPS Brújula digital WiFi microUSB NFC Aceleremeter Proximity Sensor Baromeer Giroscope Light Sensor
How do theymanage security? and privacy?
“Andromaly”: a behavioral malware detection framework for android devices. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., & Weiss, Y. (2012). Journal of IntelligentInformationSystems, 1-30.
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2010, October). In Proceedings of the 9th USENIX conference on Operating systems design and implementation (pp. 1-6).
Dissecting Android Malware: Characterization and Evolution Zhou, Y., & Jiang, X. In Security and Privacy (SP), 2012 IEEE Symposium on (pp. 95-109). IEEE.
“So it is said that if you know your enemies and know yourself, you can win a hundred battles without a single loss.” SunTzu孫子 – The Art of War