Скачать презентацию Websense Security Labs Agenda 1 Goal
9cb9e54a69be824f87fd1e8f88b44455.ppt
- Количество слайдов: 24
Скачать презентацию Websense Security Labs Agenda 1 Goal
Скачать презентацию Websense Security Labs Agenda 1 Goal
Websense Security. Labs
Agenda 1 Goal & Objectives 2 Services in the Cloud 3 Tracker Web Portal 4 Next Step To Do Websense Security. Labs
Goal & Objectives • Crawl and Build Android App Repository • Profile Android Apps • Create databases for Apps and associating data. • Auto classific for Android Apps Websense Security. Labs
Analytic Workflow Websense Security. Labs
Cloud Services 1 APK Crawler & Parser 2 Static Profile 3 Dynamic Profile (Security Classifier) (On-line Emulator) Websense Security. Labs
Apps Crawler Market Auto-Crawling • Google Play (Eng. ) • Slide. ME (Eng. ) Crawler • Gfan (Chinese) Real-life • Go. APK (Chinese) • Mumayi (Chinese) . apk Web Request Stats (GEO IP) Threat. Seeker Websense Security. Labs
. APK Parser 3 rd party Parsing tools • Apktool: decode resources from apk files, such as Android. Mainifest. xml, classes. dex • Dex 2 jar: reads embedded. dex file from apk files and generates. jar file In-house scripts • parsing automation • database insert Websense Security. Labs
APK Profile • Security Classifier • Dynamic Profile – auto APK runner – Interactive emulator Websense Security. Labs
Security Classifier Objective • Create a classifier for malicious android app detection • A static analysis approach • A machine learning approach Data training • Mysql queries to retrieve raw data from App. Tracker database • Analytic features conversion to binary vectors The R code components • Preprocessing: convert variables into factor variables or numeric variables accordingly • Load R Random. Forest library Prediction • Import R environment • Load R model, read in input (test case) and write output (classification response) Websense Security. Labs
R Module • Environment for statistical data analysis, inference and visualization. • Ports for Unix, Windows and Mac. OSX • Highly extensible through user-defined functions • Generic functions and conventions for standard operations like plot, predict etc. • >1200 add-on packages contributed by developers from all over the world • e. g. Multivariate Statistics, Machine Learning, Natural Language Processing, Bioinformatics (Bioconductor), SNA, . • Interfaces to C, C++, Fortran, Java Websense Security. Labs
Analytic Results Confidence 0. 5 0. 6 0. 7 0. 8 Websense Security. Labs 0. 9
Dynamic Profile How It Works? Steps: 1. Load emulator 2. Install and run APK file 3. System output profile 4. Show on web portal Websense Security. Labs
Run APK • emulator -avd avdname -no-snapshot-save • adb install apkfile • aapt dump badging apkfile • adb shell am start -n packagename/main. Activity Websense Security. Labs
Auto Input • adb shell input keyevent "value" 7 KEYCODE_0 16 KEYCODE_9 29 KEYCODE_A 54 KEYCODE_Z • adb shell sendevent [device] [type] [code] [value] example: adb shell sendevent /dev/input/event 0 3 0 40 adb shell sendevent /dev/input/event 0 3 1 210 // touch screen (x=40, y=210) Websense Security. Labs
Monkey “The Monkey is a command-line tool that you can run on any emulator instance or on a device. It sends a pseudo-random stream of user events into the system, which acts as a stress test on the application software you are developing. ” adb shell monkey –p package. name -v 500 Websense Security. Labs
![Network Monitoring adb shell tcpdump -v 'tcp port 80 and (((ip[2: 2]-((ip[0]&0 xf)<<2))-((tcp[12]&0 xf](https://present5.com/presentation/9cb9e54a69be824f87fd1e8f88b44455/image-16.jpg "Network Monitoring adb shell tcpdump -v 'tcp port 80 and (((ip[2: 2]-((ip[0]&0 xf)<<2))-((tcp[12]&0 xf")
Network Monitoring adb shell tcpdump -v 'tcp port 80 and (((ip[2: 2]-((ip[0]&0 xf)<<2))-((tcp[12]&0 xf 0)>>2))!=0' Websense Security. Labs
SMS & Call adb logcat -b radio -s "AT: *" AT Commands PDU SMS messages Decode '0001000 a 81016681859200000539590 c 1 b 03' Suspicious number '1066185829' Message '@9@2@' Websense Security. Labs
Interactive Emulator Browser-based for end users Example: 50 users have tested this app, average time 3 minutes per user • suspicious SMS found • no phone call made • 1 active network access Websense Security. Labs
App Tracker Front page to users • Web portal support • Top 20 profiles: Malware vs. Benign • Real-time crawler status • Real-time virus status report • Built-in app emulation Back end in cloud • Threat. Seeker service • Automatic static data analysis • Dynamic profile support Websense Security. Labs
Demo Time • Security Classifier POC • Web Portal Framework Websense Security. Labs
Mobile Solution Threat. Seeker Cloud real-time analytics: • Advance Detection (AR) result > Mobile Malware Triton classifications: • Mobile Malware • Unauthorized Mobile Marketplaces Websense Security. Labs
Next Step • Hierarchy Viewer Automation? • Robotium? Websense Security. Labs
Robotium Limitation • Activity • Service • Broadcast Receiver • Content Provider Websense Security. Labs
Websense Security. Labs
Скачать презентацию Websense Security Labs Agenda 1 Goal
9cb9e54a69be824f87fd1e8f88b44455.ppt