Biblio

Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

MANETs are wireless networks, providing properties such as self-configuration, mobility, and flexibility to the network, which make them a popular and widely used technique. As the usage and popularity of the networks increases, security becomes the most important factor to be concerned. For the sake of security, several protocols and methodologies have been developed for the networks. Along with the increase in security mechanisms, the number of attacks and attackers also increases and hence the threat to the network and secure communication within it increases as well. Some of the attacks have been resolved by the proposed methodologies but some are still a severe threat to the framework, one such attack is Black Hole Attack. The proposed work integrates the SUPERMAN (Security Using Pre-Existing Routing for Mobile Ad-hoc Networks) framework with appropriate methodology to detect and prevent the network from the Black Hole Attack. The mechanism is based on the AODV (Ad-hoc On-demand Distance Vector) routing protocol. In the methodology, the source node uses two network routes, from the source to the destination, one for sending the data packet and another for observing the intermediate nodes of the initial route. If any node is found to be a Black Hole node, then the route is dropped and the node is added to the Black Hole list and a new route to send the data packet to the destination is discovered.

Self-organising networks, such as mobile ad-hoc networks (MANETs), are growing more and more in importance each day. However, due to their nature and constraints MANETs are vulnerable to a wide array of attacks, such as black hole attacks. Furthermore, there are numerous routing protocols in use in MANETs, and what works for one might not for another. In this paper, we present a review of previous surveys of black hole attack solutions, followed by a collation of recently published papers categorised by original routing protocol and evaluated on a set of common metrics. Finally, we suggest areas for further research.

The 5G network solutions currently standardised and deployed do not yet enable the full potential of pervasive networking and computing envisioned in 5G initial visions: network services and slices with different QoS profiles do not span multiple operators; security, trust and automation is limited. The evolution of 5G towards a truly production-level stage needs to heavily rely on automated end-to-end network operations, use of distributed Artificial Intelligence (AI) for cognitive network orchestration and management and minimal manual interventions (zero-touch automation). All these elements are key to implement highly pervasive network infrastructures. Moreover, Distributed Ledger Technologies (DLT) can be adopted to implement distributed security and trust through Smart Contracts among multiple non-trusted parties. In this paper, we propose an initial concept of a zero-touch security and trust architecture for ubiquitous computing and connectivity in 5G networks. Our architecture aims at cross-domain security & trust orchestration mechanisms by coupling DLTs with AI-driven operations and service lifecycle automation in multi-tenant and multi-stakeholder environments. Three representative use cases are identified through which we will validate the work which will be validated in the test facilities at 5GBarcelona and 5TONIC/Madrid.

Augmented reality (AR) has been identified as a key technology to enhance worker utility in the context of increasing automation of repeatable procedures. AR can achieve this by assisting the user in performing complex and frequently changing procedures. Crucial to the success of procedure assistance AR applications is user acceptability, which can be measured by user quality of experience (QoE). An active research topic in QoE is the identification of implicit metrics that can be used to continuously infer user QoE during a multimedia experience. A user's QoE is linked to their affective state. Affective state is reflected in facial expressions. Emotions shown in micro facial expressions resemble those expressed in normal expressions but are distinguished from them by their brief duration. The novelty of this work lies in the evaluation of micro facial expressions as a continuous QoE metric by means of correlation analysis to the more traditional and accepted post-experience self-reporting. In this work, an optimal Rubik's Cube solver AR application was used as a proof of concept for complex procedure assistance. This was compared with a paper-based procedure assistance control. QoE expressed by affect in normal and micro facial expressions was evaluated through correlation analysis with post-experience reports. The results show that the AR application yielded higher task success rates and shorter task durations. Micro facial expressions reflecting disgust correlated moderately to the questionnaire responses for instruction disinterest in the AR application.

Mobile edge computing (MEC), an emerging technology, has the characteristics of low latency, mobile energy savings, and context-awareness. As a type of access network, wireless mesh network (WMN) has gained wide attention due to its flexible network architecture, low deployment cost, and self-organization. The combination of MEC and WMN can solve the shortcomings of traditional wireless communication such as storage capacity, privacy, and security. In this paper, we propose a location-aware (LA) algorithm to cognize the location and a location-aware offloading policy (LAOP) algorithm considering the energy consumption and time delay. Simulation results show that the proposed LAOP algorithm can obtain a higher completion rate and lower average processing delay compared with the other two methods.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

This article describes the development of two mobile applications for learning Digital Electronics. The first application is an interactive app for iOS where you can study the different digital circuits, and which will serve as the basis for the second: a game of questions in augmented reality.

The prevalence of photo processing apps suggests the demands of picture editing. As an implementation of the convolutional neural network, style transfer has been deep investigated and there are supported materials to realize it on PC platform. However, few approaches are mentioned to deploy a style transfer model on the mobile and meet the requirements of mobile users. The traditional style transfer model takes hours to proceed, therefore, based on a Perceptual Losses algorithm [1], we created a feedforward neural network for each style and the proceeding time was reduced to a few seconds. The training data were generated from a pre-trained convolutional neural network model, VGG-19. The algorithm took thousandth time and generated similar output as the original. Furthermore, we optimized the model and deployed the model with TensorFlow Mobile library. We froze the model and adopted a bitmap to scale the inputs to 720×720 and reverted back to the original resolution. The reverting process may create some blur but it can be regarded as a feature of art. The generated images have reliable quality and the waiting time is independent of the content and pattern of input images. The main factor that influences the proceeding time is the input resolution. The average waiting time of our model on the mobile phone, HUAWEI P20 Pro, is less than 2 seconds for 720p images and around 2.8 seconds for 1080p images, which are ten times slower than that on the PC GPU, Tesla T40. The performance difference depends on the architecture of the model.

This study proposes a machine learning method based on stream homomorphic encryption computing for improving security and reducing computational time. A case study of mobile positioning based on k nearest neighbors ( kNN) is selected to evaluate the proposed method. The results showed the proposed method can save computational resources than others.

The purpose of the General Data Protection Regulation (GDPR) is to provide improved privacy protection. If an app controls personal data from users, it needs to be compliant with GDPR. However, GDPR lists general rules rather than exact step-by-step guidelines about how to develop an app that fulfills the requirements. Therefore, there may exist GDPR compliance violations in existing apps, which would pose severe privacy threats to app users. In this paper, we take mobile health applications (mHealth apps) as a peephole to examine the status quo of GDPR compliance in Android apps. We first propose an automated system, named HPDROID, to bridge the semantic gap between the general rules of GDPR and the app implementations by identifying the data practices declared in the app privacy policy and the data relevant behaviors in the app code. Then, based on HPDROID, we detect three kinds of GDPR compliance violations, including the incompleteness of privacy policy, the inconsistency of data collections, and the insecurity of data transmission. We perform an empirical evaluation of 796 mHealth apps. The results reveal that 189 (23.7%) of them do not provide complete privacy policies. Moreover, 59 apps collect sensitive data through different measures, but 46 (77.9%) of them contain at least one inconsistent collection behavior. Even worse, among the 59 apps, only 8 apps try to ensure the transmission security of collected data. However, all of them contain at least one encryption or SSL misuse. Our work exposes severe privacy issues to raise awareness of privacy protection for app users and developers.

The development in the web technologies given growth to the new application that will make the voting process very easy and proficient. The E-voting helps in providing convenient, capture and count the votes in an election. This project provides the description about e-voting using an Android platform. The proposed e-voting system helps the user to cast the vote without visiting the polling booth. The application provides authentication measures in order to avoid fraud voters using the OTP. Once the voting process is finished the results will be available within a fraction of seconds. All the casted vote count is encrypted using AES256 algorithm and stored in the database in order to avoid any outbreaks and revelation of results by third person other than the administrator.

Increased availability of mobile cameras has led to more opportunities for people to record videos of significantly more of their lives. Many times people want to share these videos, but only to certain people who were co-present. Since the videos may be of a large event where the attendees are not necessarily known, we need a method for proving co-presence without revealing information before co-presence is proven. In this demonstration, we present a privacy-preserving method for comparing the similarity of two videos without revealing the contents of either video. This technique leverages the Similarity of Simultaneous Observation technique for detecting hidden webcams and modifies the existing algorithms so that they are computationally feasible to run under fully homomorphic encryption scheme on modern mobile devices. The demonstration will consist of a variety of devices preloaded with our software. We will demonstrate the video sharing software performing comparisons in real time. We will also make the software available to Android devices via a QR code so that participants can record and exchange their own videos.

The evolving of context-aware applications are becoming more readily available as a major driver of the growth of future connected smart, autonomous environments. However, with the increasing of security risks in critical shared massive data capabilities and the increasing regulation requirements on privacy, there is a significant need for new paradigms to manage security and privacy compliances. These challenges call for context-aware and fine-grained security policies to be enforced in such dynamic environments in order to achieve efficient real-time authorization between applications and connected devices. We propose in this work a novel solution that aims to provide context-aware security model for Android applications. Specifically, our proposition provides automated context-aware access control model and leverages Attribute-Based Encryption (ABE) to secure data communications. Thorough experiments have been performed and the evaluation results demonstrate that the proposed solution provides an effective lightweight adaptable context-aware encryption model.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

Service providers typically utilize Web APIs to enable the sharing of tenant data and resources with numerous third party web, cloud, and mobile applications. Security mechanisms such as OAuth 2.0 and API keys are commonly applied to manage authorization aspects of such integrations. However, these mechanisms impose functional and security drawbacks both for service providers and their users due to their static design, coarse and context insensitive capabilities, and weak interoperability. Implementing secure, feature-rich, and flexible data sharing services still poses a challenge that many providers face in the process of opening their interfaces to the public.To address these issues, we design the framework that allows pluggable and transparent externalization of authorization functionality for service providers and flexibility in defining and managing security aspects of resource sharing with third parties for their users. Our solution applies a holistic perspective that considers service descriptions, data fragments, security policies, as well as system interactions and states as an integrated space dynamically exposed and collaboratively accessed by agents residing across organizational boundaries.In this work we present design aspects of our contribution and illustrate its practical implementation by analyzing case scenario involving resource sharing of a popular service.

Web communication has become an indispensable characteristic of mobile apps. However, it is not clear what data the apps transmit, to whom, and what consequences such transmissions have. We analyzed the web communications found in mobile apps from the perspective of security. We first manually studied 160 Android apps to identify the commonly-used communication libraries, and to understand how they are used in these apps. We then developed a tool to statically identify web API URLs used in the apps, and restore the JSON data schemas including the type and value of each parameter. We extracted 9714 distinct web API URLs that were used in 3 376 apps. We found that developers often use the java.net package for network communication, however, third-party libraries like OkHttp are also used in many apps. We discovered that insecure HTTP connections are seven times more prevalent in closed-source than in open-source apps, and that embedded SQL and JavaScript code is used in web communication in more than 500 different apps. This finding is devastating; it leaves billions of users and API service providers vulnerable to attack.

Video surveillance plays an important role in our times. It is a great help in reducing the crime rate, and it can also help to monitor the status of facilities. The performance of the video surveillance system is limited by human factors such as fatigue, time efficiency, and human resources. It would be beneficial for all if fully automatic video surveillance systems are employed to do the job. The automation of the video surveillance system is still not satisfying regarding many problems such as the accuracy of the detector, bandwidth consumption, storage usage, etc. This scientific paper mainly focuses on a video surveillance system using Convolutional Neural Networks (CNN), IoT and cloud. The system contains multi nods, each node consists of a microprocessor(Raspberry Pi) and a camera, the nodes communicate with each other using client and server architecture. The nodes can detect humans using a pretraining MobileNetv2-SSDLite model and Common Objects in Context(COCO) dataset, the captured video will stream to the main node(only one node will communicate with cloud) in order to stream the video to the cloud. Also, the main node will send an SMS notification to the security team to inform the detection of humans. The security team can check the videos captured using a mobile application or web application. Operating the Object detection model of Deep learning will be required a large amount of the computational power, for instance, the Raspberry Pi with a limited in performance for that reason we used the MobileNetv2-SSDLite model.

With the development of mobile internet technology, GPS technology and social software have been widely used in people's lives. The problem of big data privacy protection related to location trajectory is becoming more and more serious. The traditional location trajectory privacy protection method requires certain background knowledge and it is difficult to adapt to massive mass. Privacy protection of data. differential privacy protection technology protects privacy by attacking data by randomly perturbing raw data. The method used in this paper is to first sample the position trajectory, form the irregular polygons of the high-frequency access points in the sampling points and position data, calculate the center of gravity of the polygon, and then use the differential privacy protection algorithm to add noise to the center of gravity of the polygon to form a new one. The center of gravity, and the new center of gravity are connected to form a new trajectory. The purpose of protecting the position trajectory is well achieved. It is proved that the differential privacy protection algorithm can effectively protect the position trajectory by adding noise.

Mobile wearable health devices have expanded prevalent usage and become very popular because of the valuable health monitor system. These devices provide general health tips and monitoring human health parameters as well as generally assisting the user to take better health of themselves. However, these devices are associated with security and privacy risk among the consumers because these devices deal with sensitive data information such as users sleeping arrangements, dieting formula such as eating constraint, pulse rate and so on. In this paper, we analyze the significant security and privacy features of three very popular health tracker devices: Fitbit, Jawbone and Google Glass. We very carefully analyze the devices' strength and how the devices communicate and its Bluetooth pairing process with mobile devices. We explore the possible malicious attack through Bluetooth networking by hacker. The outcomes of this analysis show how these devices allow third parties to gain sensitive information from the device exact location that causes the potential privacy breach for users. We analyze the reasons of user data security and privacy are gained by unauthorized people on wearable devices and the possible challenge to secure user data as well as the comparison of three wearable devices (Fitbit, Jawbone and Google Glass) security vulnerability and attack type.

The popularity and demand of home automation has increased exponentially in recent years because of the ease it provides. Recently, development has been done in this domain and few systems have been proposed that either use voice assistants or application for controlling the electrical appliances. However; less emphasis is laid on power efficiency and this system cannot be integrated with the existing appliances and hence, the entire system needs to be upgraded adding to a lot of additional cost in purchasing new appliances. In this research, the objective is to design such a system that emphasises on power efficiency as well as can be integrated with the already existing appliances. NodeMCU, along with Raspberry Pi, Firebase realtime database, is used to create a system that accomplishes such endeavours and can control relays, which can control these appliances without the need of replacing them. The experiments in this paper demonstrate triggering of electrical appliances using voice assistant, fire alarm on the basis of flame sensor and temperature sensor. Moreover; use of android application was presented for operating electrical appliances from a remote location. Lastly, the system can be modified by adding security cameras, smart blinds, robot vacuums etc.

The usage of robot is rapidly growth in our society. The communication link and applications connect the robots to their clients or users. This communication link and applications are normally connected through some kind of network connections. This network system is amenable of being attached and vulnerable to the security threats. It is a critical part for ensuring security and privacy for robotic platforms. The paper, also discusses about several cyber-physical security threats that are only for robotic platforms. The peer to peer applications use in the robotic platforms for threats target integrity, availability and confidential security purposes. A Remote Administration Tool (RAT) was introduced for specific security attacks. An impact oriented process was performed for analyzing the assessment outcomes of the attacks. Tests and experiments of attacks were performed in simulation environment which was based on Gazbo Turtlebot simulator and physically on the robot. A software tool was used for simulating, debugging and experimenting on ROS platform. Integrity attacks performed for modifying commands and manipulated the robot behavior. Availability attacks were affected for Denial-of-Service (DoS) and the robot was not listened to Turtlebot commands. Integrity and availability attacks resulted sensitive information on the robot.

The rapid growth of Android malware apps poses a great security threat to users thus it is very important and urgent to detect Android malware effectively. What's more, the increasing unknown malware and evasion technique also call for novel detection method. In this paper, we focus on API feature and develop a novel method to detect Android malware. First, we propose a novel selection method for API feature related with the malware class. However, such API also has a legitimate use in benign app thus causing FP problem (misclassify benign as malware). Second, we further explore structure relationships between these APIs and map to a matrix interpreted as the hand-refined API-based feature graph. Third, a CNN-based classifier is developed for the API-based feature graph classification. Evaluations of a real-world dataset containing 3,697 malware apps and 3,312 benign apps demonstrate that selected API feature is effective for Android malware classification, just top 20 APIs can achieve high F1 of 94.3% under Random Forest classifier. When the available API features are few, classification performance including FPR indicator can achieve effective improvement effectively by complementing our further work.

Malware scanning of an app market is expected to be scalable and effective. However, existing approaches use either syntax-based features which can be evaded by transformation attacks or semantic-based features which are usually extracted by performing expensive program analysis. Therefor, in this paper, we propose a lightweight graph-based approach to perform Android malware detection. Instead of traditional heavyweight static analysis, we treat function call graphs of apps as social networks and perform social-network-based centrality analysis to represent the semantic features of the graphs. Our key insight is that centrality provides a succinct and fault-tolerant representation of graph semantics, especially for graphs with certain amount of inaccurate information (e.g., inaccurate call graphs). We implement a prototype system, MalScan, and evaluate it on datasets of 15,285 benign samples and 15,430 malicious samples. Experimental results show that MalScan is capable of detecting Android malware with up to 98% accuracy under one second which is more than 100 times faster than two state-of-the-art approaches, namely MaMaDroid and Drebin. We also demonstrate the feasibility of MalScan on market-wide malware scanning by performing a statistical study on over 3 million apps. Finally, in a corpus of dataset collected from Google-Play app market, MalScan is able to identify 18 zero-day malware including malware samples that can evade detection of existing tools.

Mobile expressive rendering gained increasing popularity among users seeking casual creativity by image stylization and supports the development of mobile artists as a new user group. In particular, neural style transfer has advanced as a core technology to emulate characteristics of manifold artistic styles. However, when it comes to creative expression, the technology still faces inherent limitations in providing low-level controls for localized image stylization. This work enhances state-of-the-art neural style transfer techniques by a generalized user interface with interactive tools to facilitate a creative and localized editing process. Thereby, we first propose a problem characterization representing trade-offs between visual quality, run-time performance, and user control. We then present MaeSTrO, a mobile app for orchestration of neural style transfer techniques using iterative, multi-style generative and adaptive neural networks that can be locally controlled by on-screen painting metaphors. At this, first user tests indicate different levels of satisfaction for the implemented techniques and interaction design.