ABSTRACT: The incredible popularity of the Android mobile operating system has resulted in a massive influx of malicious application for the platform. One type of approach to identify malware focuses on the structural properties of the function call graphs (FCGs) extracted from Android App Packages (APKs). The aim of this research work is to test the robustness of one example approach in this category, named ACTS (App topological signature through graphleT Sampling) method. By extracting graphlet statistics from an FCG, the ACTS approach is able to efficiently differentiate between benign app samples and malware with good accuracy. In this work, we obfuscate the FCG of malware in several ways, and test the ACTs method against these evasion attacks. The statistical results of running ACTS against unmodified real malware samples is compared with the results of ACTS running against obfuscated versions of those same apps.
ABSTRACT:As technology becomes a larger part of everyday life, it becomes increasingly more important for CS and CIT students to learn about cyber security during their education. While many cybersecurity oriented courses exist, it is also necessary that students must be able to work and learn in an environment that resembles a real world context. To address this problem it has become common to adapt cybersecurity challenges into the classroom as a method for students to put their knowledge into practice. In this way students are able to work in an isolated environment that simulates a real world context. For this purpose we have developed JagWarz, a challenge program designed to be deployed in the classroom for educational use. The purpose of this paper is to outline the educational and design goals of the JagWarz program, give an overview of the architecture of the program, propose a method to survey students that use the program to collect informational data, and finally propose potential improvements to the program.
ABSTRACT: Bad news travels fast. Although this concept may be intuitively accepted, there has been little evidence to confirm that the propagation of bad news differs from that of good news. In this paper, we examine the effect of user perspective on his or her sharing of a single news story as well as contrast general behavior on various news events depending on if they are positive or negative. As social media not only offers insight into human behavior but also has developed increasing emphasis on news, we utilize Twitter data as a definition of user behavior. In particular, we define the spreading of news by tracking selected tweets as they are shared over time to create models of user sharing behavior.
Many news events are universally viewed as positive or negative. Therefore, we will compare and contrast tweets about these news events among general users, while also monitoring the tweet frequency for each event over time to ensure that each is on a comparable caliber when it comes to user interest. In addition, we will track the tweets of a controversial event between two different groups of users-those who view the event as positive and those who view it as negative. As a result, we are able to make assessments on a single fixed event between different perspectives.
ABSTRACT:This paper discusses the implementation of a prototype to be used in transportation vehicles for creating a vehicle to vehicle communication in part of an Intelligent Transport System(ITS). The prototype is comprised of readily available hardware and is intended to allow current unconnected vehicles to participate in Intelligent Transport communication by sensing real time driver and vehicle conditions and transmitting this data via an ad hoc network to surrounding vehicles also equipped with a functioning prototype. Analysis and testing of the prototype reveals that the current setup up will be insufficient in power, performance, and implementability for real a world application, however the foreground proves as a solid ground to start further research and prototyping as the world of interconnected vehicles continues to evolve at an exponential rate.
ABSTRACT:Unobtrusive Visual Light Communications have drawn a considerable amount of attention in research lately. It’s refreshing take on information delivery has been proven viable in recent papers like Kaleido, Uber-in-Light and inFrame++. While much attention is being paid to finding differing implementations, researchers seem to be apathetic on finding applications of standard information security practices into Screen-to-Camera. Providing screen-to-camera with a facet of security could provide a possible shift from it’s novel constraints and elevate it real world implementations. This project builds off a technical report titled “Securing Visible Light Communication Leveraging Color Shift Over Screen-Camera Channel” which attempts to proprietate security using the color shifting property of household Twisted Nematic LCD displays. This system utilizes luminance disparities between viewing angles to allocate a viable region, which a user can then stand inside to obtain accurate information. Unfortunately this system experiences viability concerns in the horizontal angle field, leaving much to be desired. I attempt to fix this issue by implementing an aspect of focal precision to a feasibility study mimicking the study used in the aforementioned paper. Through empirical science, we can conclude on whether a degree of focus can impact a luminance based system’s performance and further its security capabilities.
The urban population of the United States has been increasing over the last several years. To manage the needs of expanding cities and their citizens, this proposes the development of a model for smart city surveillance that runs on vehicles by utilizing a variety of vehicle-mounted sensing capabilities. The model aims to crowdsource real-time urban events. Vehicles are the logical choice for this endeavor, as the technology present in current models has continued to expand and include many features such as GPS services and mobile phone interactions. Additionally, the development of vehicle-mounted cameras has made collecting a vast amount of data on not only images, but also position and acceleration easier. Thus vehicles with mounted cameras will leverage existing communication and sensing infrastructure to collect data about events in their environment. Once collected, the data contributed from multiple participants can then be uploaded to a cloud server to develop a detailed view of an event as well as provide significant statistics about urban communities. The cloud server will contain a database filled with requests, conditions, and vehicle target locations. This information will then be made accessible to the public via connection to this server. The system performs efficiently keeping client wait times low even as workload increases.
ABSTRACT: Mobile Forensics is the collection and analyzation of potential evidence on a mobile device. There are a multitude of data acquisition tools used for identifying the evidence on a device. By using these different types of tools, evidence can be found and used in an investigation. During an investigation, one will search for information that could be used as evidence in the crime. This data can be retrieved by using a tool that will retrieve the information from a smartphone's memory image. On a virtual machine and using an Android emulator we can recreate a suspect mobile device and collect the potential evidence needed. The goal is to extract images from the memory and to be able to reconstruct the devices memory from the images. Once the memory image is retrieved a full forensic investigation can be conducted. By using the data acquisition tool and gaining the memory image, an investigator can find evidence that will benefit the investigation.
ABSTRACT: Statistical machine learning techniques have recently garnered increased popularity as a means to improve network design and security. However, consideration should be given to using these techniques in adversarial settings. The identification of server flows is necessary in the presence of proxy servers that undermine the reliance on port label in the packet header. Decision trees can classify the server flows with high accuracy and speed but can be exploited by malicious manipulation of the training data.
We present a demonstration of the susceptibility of decision trees to poisoning attacks. We show that attackers can increase the chance of flow misclassification by adding poisoned data to the training set.
ABSTRACT:In many security applications, biometric authentication is rapidly growing in acceptance and rate of use.
Biometric authentication systems offer users the convenience of not having to remember a password, pin, pattern, smartcard, etc. Instead, users of these systems utilize their inherent biometric information to be authenticated and, as a result, they risk their biometric information being stolen by attackers. Several
biometric authentication schemes have been proposed to better protect users’ biometric information and
better authentication accuracy. One of these proposed schemes is the BioCapsule scheme, with which researchers have aimed to protect user biometric information through the addition of noise in the form of a reference subject. Creators of the BioCapsule scheme have also found that integration of their scheme improves authentication accuracy of existing systems. In this paper I will be reviewing the BioCapsule
scheme’s security and authentication accuracy in hopes of encouraging further study of the BioCapsule
Overview: The Enhancing Undergraduate Experience in Mobile Computing Security Workshop at IUPUI is a workshop showcasing the research projects conducted during the 2016 (NSF/DoD) Research Experience for Undergraduates (REU) Program at Indiana University - Purdue University Indianapolis.
Review Process: Papers should be submitted by August 1 at 6:00 PM to Andrew Choliy and Samuel Meshoyrer. All submissions will be peer reviewed by at least three reviewers/ The review process will end on August 4 at 5:00 PM.
Paper Format: This workshop welcomes papers of at least four pages. Papers should be in standard academic article style and saved in PDF. Formats should adhere to the IEEE manuscript standard.
The 2016 IUPUI REU program is centered around security in mobile applications. Paper Topics can be found Aggregated in the 'Call For Papers' Section and in greater detail in the Publications tab. Logistical Tasks were also delegated. These can be found in the Committee tab. The workshop will be hosted in ET-202 on August 5th from 9:00 AM to 2:00 PM. Program Details