As mobile computing becomes an integral part of the modern user experience, malicious applications have infiltrated open marketplaces for mobile platforms. Malware apps stealthily launch operations to retrieve sensitive user or device data or abuse system resources. We describe a highly accurate classification approach for detecting malicious Android apps. Our method statically extracts a data-...

In this paper we discuss methods of protecting Javaenabled Web browsers against malicious applets. Malicious applets involve denial of service, invasion of privacy and annoyance. Since system modification by applets is generally impossible because of the Java security concept, denial of service is of major concern. Invasion of privacy may be caused by applets staying resident in the browser and...

Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum. However, the security aspects of cognitive radio networks have garnered little attention. In this paper, we discuss a threat to cognitive radio networks, which we call the spectrum sensing data falsification (SSDF) attack. Specifically, malicious users can always send presence and absence of inf...

This paper describes an efficient approach for identifying malicious Android mobile applications through specialized static program analysis. Our solution performs offline analysis and enforces the normal properties of legitimate dataflow patterns to identify programs that violate these properties. To demonstrate the feasibility of our user-centric dependence analysis, we implement a tool to ge...

In this paper, we explain why existing cyber-insurance contracts condition their premiums only on a client’s general features (such as the number of employees, sales volume) but do not reflect the client’s security practices. Indeed, we show that even if a competitive insurer can monitor (and enforce) security requirements for a vast majority of his clients, with only a minor fraction of the cl...

With the recent advance of micro-blogs and social networks, people can view and post comments on the websites in a very convenient way. However, it is also a big concern that the malicious users keep polluting the cyber environment by scamming, spamming or repeatedly advertising. So far the most common way to detect and report malicious comments is based on voluntary reviewing from honest users...

Corruption or disclosure of sensitive user documents can be among the most lasting and costly effects of malicious software attacks. Many malicious programs specifically target files that are likely to contain important user data. Researchers have approached this problem by developing techniques for restricting access to resources on an application-by-application basis. These so-called “sandbox...

Web applications are most widely used technique for providing an access to online services. At the same time web applications are easiest way for vulnerable acts. When a security mechanism is failed then the user may download malicious code from a trusted web site. In this case, the malicious script is contracted to full access with all assets belonging to that legitimate web site. These types ...

Detecting suspicious or malicious user behavior in large networks is an essential task for administrators which requires significant effort due to the huge amount of log data to be processed. However, several of these activities can be rapidly identified since they usually demonstrate periodic behavior. For instance, periodic activities by specific users accessing the billing system of a financ...