Biblio

The paper proposes a new technique to detect Android malware effectively based on converting malware binaries into images and applying machine learning techniques on those images. Existing research converts the whole executable files (e.g., DEX files in Android application package) of target apps into images and uses them for machine learning. However, the entire DEX file (consisting of header section, identifier section, data section, optional link data area, etc.) might contain noisy information for malware detection. In this paper, we convert only data sections of DEX files into grayscale images and apply machine learning on the images with Convolutional Neural Networks (CNN). By using only the data sections for 5,377 malicious and 6,249 benign apps, our technique reduces the storage capacity by 17.5% on average compared to using the whole DEX files. We apply two CNN models, Inception-v3 and Inception-ResNet-v2, which are known to be efficient in image processing, and examine the effectiveness of our technique in terms of accuracy. Experiment results show that the proposed technique achieves better accuracy with smaller storage capacity than the approach using the whole DEX files. Inception-ResNet-v2 with the stochastic gradient descent (SGD) optimization algorithm reaches 98.02% accuracy.

As web applications is becoming more prominent due to the ubiquity of web services, web applications have become main targets for attackers. In order to steal or leak sensitive user data managed by web applications, attackers exploit a wide range of input validation vulnerabilities such as SQL injection, path traversal (or directory traversal), cross-site scripting (XSS), etc. This paper propose a technique that can verify input values of Java-based web applications using static bytecode instrumentation and runtime input validation. The technique searches for target methods or object constructors in compiled Java class files, and statically inserts bytecode modules. At runtime, the instrumented bytecode modules validate input values of the targets, and take countermeasure against malicious inputs. The proposed technique can mitigate the input validation vulnerabilities in Java-based web applications without source codes. To evaluate the effectiveness of the proposed technique, experiments are carried out with an insecure web application maintained by OWASP WebGoat Project. The experimental results show that the proposed technique successfully mitigates input validation vulnerabilities such as SQL injection and path traversal.