Статті в журналах з теми "REPACKAGING DETECTION"

In this paper, we propose an effective technique that can perform dynamic analysis for Android appwritten with PhoneGap cross-platform framework. For a systematic study, we have written a maliciousAndroid app using PhoneGap framework. We compare the structural differences between abasic Android app (a native app) and the other malicious Android app built in release mode on Phone-Gap framework, and also analyze the malicious app dynamically. The proposed technique first copiesthe web root directory of the target malicious app into a writable directory inside the smartphone.When the app is executed, its web pages and Javascript files are loaded from the copied directoryusing a dynamic instrumentation. Finally, we dynamically change the flag for WebView debuggingso that a remote debugger can successfully be attached to the app built in release mode. Using ourproposed technique, a malware analyst can debug a malicious PhoneGap app built in release modewithout repackaging, which cannot be debugged as it is by Chrome remote debugger. She/he canalso utilize the debugging features supported by the remote debugger. The technique allows the analystto bypass the repackaging detection method that malicious apps use to avoid antivirus detection.

The huge benefit of mobile application industry has attracted a large number of developers and attendant attackers. Application repackaging provides help for the distribution of most Android malware. It is a serious threat to the entire Android ecosystem, as it not only compromises the security and privacy of the app users but also plunders app developers’ income. Although massive approaches have been proposed to address this issue, plagiarists try to fight back through packing their malicious code with the help of commercial packers. Previous works either do not consider the packing issue or rely on time-consuming computations, which are not scalable for large-scale real-world scenario. In this paper, we propose FUIDroid, a novel two-phase app clones detection system that can detect the packed cloned app. FUIDroid includes a function-based fast selection phase to quickly select suspicious apps by analyzing apps’ description and a further UI-based accurate detection phase to refine the detection result. We evaluate our system on two sets of apps. The result from experiment on 320 packed samples demonstrates that FUIDroid is resilient to packed apps. The evaluation on more than 150,000 real-world apps shows the efficiency of FUIDroid in large-scale scenario.

The ubiquity of Android smartphones makes them targets of sophisticated malware, which maintain long-term stealth, particularly by offloading attack steps to benign apps. Such malware leaves little to no trace in logs, and the attack steps become difficult to discern from benign app functionality. Endpoint detection and response (EDR) systems provide live forensic capabilities that enable anomaly detection techniques to detect anomalous behavior in application logs after an app hijack. However, this presents a challenge, as state-of-the-art EDRs rely on device and third-party application logs, which may not include evidence of attack steps, thus prohibiting anomaly detection techniques from exposing anomalous behavior. While, theoretically, all the evidence resides in volatile memory, its ephemerality necessitates timely collection, and its extraction requires device rooting or app repackaging. We present VEDRANDO, an enhanced EDR for Android that accomplishes (i) the challenge of timely collection of volatile memory artefacts and (ii) the detection of a class of stealthy attacks that hijack benign applications. VEDRANDO leverages memory forensics and app virtualization techniques to collect timely evidence from memory, which allows uncovering attack steps currently uncollected by the state-of-the-art EDRs. The results showed that, with less than 5% CPU overhead compared to normal usage, VEDRANDO could uniquely collect and fully reconstruct the stealthy attack steps of ten realistic messaging hijack attacks using standard anomaly detection techniques, without requiring device or app modification.

Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.

Abstract Background Adverse drug events are common during transitions of care. As part of the Smart Pillbox study, a cluster-randomized controlled trial of an electronic pillbox designed to reduce medication discrepancies and improve medication adherence after hospital discharge, we explored barriers to successful implementation and evaluation of this intervention. Methods Eligible patients were those admitted to a medicine service of a large teaching hospital with a plan to be discharged home on five or more chronic medications. The intervention consisted of an electronic pillbox with pre-filled weekly blister pack medication trays given to patients prior to discharge. Pillbox features included alarms to take medications, detection of pill removal from each well, alerts to patients or caregivers by phone, email, or text if medications were not taken, and adherence reports accessible by providers. Greater than 20% missed doses for three days in a row triggered outreach from a pharmacist. To identify barriers to implementation and evaluation of the intervention, we reviewed patient exit surveys, including quantitative data on satisfaction and free-text responses regarding their experiences; technical issue logs; and team meeting minutes. Themes were derived by consensus among the study authors and organized using the Consolidated Framework for Implementation Research. Results Barriers to implementation included intervention characteristics such as perceived portability issues with the pillbox and time required by pharmacists to enter medication information into the software; external policies such as lack of insurance coverage for early refills and regulatory prohibitions on repackaging medications; implementation climate issues such as the incompatibility between the rushed nature of hospital discharge with the time required to deploy the intervention; and patient issues such as denial of previous problems with medication adherence. We founds several obstacles to conducting the study, including patients declining study enrollment and limited attempts by the hospital to streamline logistics by building the intervention into usual care. Several solutions to address many of these challenges were implemented or planned. Despite these challenges, many patients with the pillbox were pleased with the service and believed the intervention worked well for them. Conclusions In this evaluation, several barriers to implementing and conducting a study of the effectiveness of the intervention were identified. Our findings provide lessons learned for others wishing to implement and evaluate HIT-related interventions designed to improve medication safety during care transitions. Trial registration Clinicaltrials.gov NCT03475030

The task of the unpaid reviewer in academic publishing has always been a taxing one. Although the notion is one of blind peer review, the selection of reviewers is far from random. Journals try to balance a prospective reviewer’s expertise with their availability, and with their track record of returning a useful review on time. Ideally, the reviewer should have a specific (reasonably expert) knowledge of the paper’s topic, but should also retain enough in common with the interested, but jargon-averse, academic reader to empathise with non-specialist journal subscribers. Reviewers should be able to judge the quality of the argument, of the writing, and of the contribution of the article to the field. It’s a tough ask, and now there is a further layer of concern: will the reviewer – having satisfied all the foregoing – be able to spot ‘self-plagiarism’? Self-plagiarism is a relatively new evil – at least, few people in the author’s circle appear aware of it. Googling the term results in some 8,000 hits (whereas plagiarism scores 3,150,000). At first blush, the usual interpretation of plagiarism – the pinching of some one else’s intellectual property without acknowledgement – seems to rule out the possibility of self-plagiarism. Surely, if the ideas and words are your own, a little judicious re-purposing is all grist to the mill? Indeed, most of the anti-plagiarism sites, for example: What is Plagiarism? (Georgetown University), don’t include the term at all. Instead, the site offers examples of five types of plagiarism, most of them familiar to seasoned markers of student work, which are sufficiently rigorous to include “the ‘apt phrase’”, defined as the lifting of a part sentence. Their comment on the example they give for ‘apt phrase’ plagiarism involves four words in an original paragraph: “This passage is almost entirely original, but the phrase ‘dissolved into a conglomeration’ is taken directly from Arendt [the example used for illustration]. Even though this is a short phrase, it must be footnoted. Only phrases that have truly become part of general usage can be used without citation.” Georgetown University, then, sees plagiarism predominantly as a matter of correct attribution of authorship. Most journals have a requirement that no work offered to them for review should previously have been published, and that concurrent submissions to multiple journals are not permitted. The issue here, it seems, is that a journal’s reputation is built upon the originality and usefulness of its contents. Journal editors like to feel that they are ‘advancing the field’ with each edition and they are building a readership that can count upon learning something new (or, at least, provocative) for each hour invested in consuming their journal. Where papers have appeared in other forms (based, for example, on a presentation recorded in conference proceedings) this may be acceptable to the journal, provided it is acknowledged, and experienced editors will often check that papers developed from conference presentations have not previously been posted on the web. If two journals in ignorance each accept and publish the same paper at the same time then that reflects very poorly on the academic who failed to deal honestly with the editors. The issue here is one of resources – the printed page, in particular, is expensive – and of the reviewers’ time. Given the unpaid and voluntary labour of reviewers, and the amount of time and energy that goes into deciding which papers to accept or reject, journals think very poorly of someone who ‘withdraws’ a paper after acceptance on the grounds that s/he has got a better offer/earlier publication elsewhere. Most journals would not welcome future papers from that author. If self-plagiarism were a simple matter of passing off published paper A as published paper B (say, by changing the title and offering it elsewhere), then it would be seen to be deceitful and perpetrators would receive little respect from their peers. But these extreme cases are not (generally) the kind of self-plagiarism against which authors are warned. So what is the authorship problem widely referred to as ‘self-plagiarism’? The SPlaT website (SPlaT) is happy to explain: Self-plagiarism occurs when an author reuses portions of their previous writings in subsequent research papers. Occasionally, the derived paper is simply a re-titled and reformatted version of the original one, but more frequently it is assembled from bits and pieces of previous work. … It is our belief that self-plagiarism is detrimental to scientific progress and bad for our academic community. Flooding conferences and journals with near-identical papers makes searching for information relevant to a particular topic harder than it has to be. It also rewards those authors who are able to break down their results into overlapping least-publishable-units over those who publish each result only once. Finally, whenever a self-plagiarised paper is allowed to be published, another, more deserving paper, is not. Among the more chilling examples of self-plagiarism identified by the developers of SPlaT is “cryptomnesia (reusing one’s own previously published text while unaware of its existence)” (SPlaT). The avoidance of cryptomnesia is one reason why authors are encouraged to use the SPlaT tool. Academic and journal reviewers are also regarded as potential users, and the software is designed to work in three modes – ‘reviewer’s workbench’, ‘author’ and ‘web spider’. It is indeed a crypromnesiac’s concern that the ‘apt phrase’ that came so creatively to the author in an earlier paper might appear again, unwittingly, in the guise of an original composition. However, the injunction to use SPlaT as a ‘reviewer’s workbench’ (where “SPlaT compares a paper under review to a record of the author’s previously published articles extracted from their web site and online article repositories” [SPlaT]) begs the question as to how a review may remain blind – in the sense of not identifying the author of the work to be reviewed – if the ‘workbench’ and/or ‘web spider’ modes of SPlaT are pressed into service. Might it be the case, notwithstanding the foregoing, that the problem of self-plagiarism is as authentic as ‘social anxiety disorder’ (SAD), incidences of which multiplied dramatically once a drug, Paxil, had been shown effective in treating it? In a Washington Post article (Vedantam), the journalist-author comments: “according to a marketing newsletter, media accounts of social anxiety rose from just 50 stories in 1997 and 1998 to more than 1 billion references in 1999 alone” and goes on to say, “The education and advertising campaigns have raised concerns that pharmaceutical companies, traditionally in the business of finding new drugs for existing disorders, are increasingly in the business of seeking new disorders for existing drugs”. Prior to the publicity about SAD, Paxil was an anti-depressant with sales languishing way behind Prozac and Zoloft. The identification (and treatment) of social anxiety disorder did wonders for its marketing. Could it be that self-plagiarism has only come into existence as a major concern for academia now that there is a tool for its detection? Social anxiety disorder may be an authentic scourge – as may self-plagiarism – and the fact that it has been publicised in concert with its cure (or detection) does not mean that the remedy serves no useful purpose. On the contrary, once a population of professionals is attuned to a new way of viewing symptoms and practices then valuable advances may result. However, such advances are only possible when the community concerned has had a chance to consider the matter and discuss the ramifications. At the present, we run the risk of allowing the designers of anti-self-plagiarism software to be the judges and the jury of this new way to commit academic crime. One way to avoid charges of self-plagiarism is self-citation. Leaving aside crytomnesia, it is perfectly possible to cite the already-published reference when an author is aware of reusing a previously-published phrase or idea. Unfortunately, this remedy is also generally frowned upon in many academic circles. The practice undermines the principle of blind peer review – since the identity of the author soon becomes clear in such repeated instances – while readers may become irritated, suspecting that self-citation is a clumsy ruse to improve the citation index ratings of the originally-published article. The issue is of concern to more than journal editors: it also relates to text- and reference-book editors and publishers. One ‘for instance’ was discussed a year ago by the World Association of Medical Editors (WAME) who conducted a hypothetical on “self-plagiarism of textbook chapters” and threw the discussion open to the members’ list. The initial self-plagiarism case-study situation was complicated by the supposition that Author A (of Book A) had self-plagiarised a previously-published chapter which had been jointly authored by Author A and Author B (Book B). Notwithstanding this complication, the WAME Ethics Committee addressed themselves to four questions: Is [Does] reuse of a person’s writings in another textbook, but authored by the same person, meet the definition of plagiarism? If so, what degree of identical components needs to be present for this definition to be met? Is it appropriate for authors to write for different textbooks in the same field? If so, can they write on the same topic? If not, what are the potential infringements on the author’s rights to pursue their career/income? Should the editors of these textbooks agree to exclude authors that write for one another’s textbooks? Or is that unfair restraint of trade? For example, if all four textbooks were to agree to limit or completely avoid any overlap among authors, it could effectively deny entry of another textbook into that market. For book A, the author had a co-author. Since this shared work was used for book B, what is the author’s responsibility to the original co-author? (WAME) These are good questions and they are the kinds of questions we should be asking ourselves about self-plagiarism in our own ‘media and culture’ academic circles. In particular, in the case of textbooks, it is precisely because an author has a standing in the field, and has published on equivalent matters, that editors seek them out and ask them to contribute chapters. Whilst all reputable writers would expect to originate a new chapter according to the specific brief given, it is possible (some might even say likely) that there is an overlap in approach and phraseology. In the case of Books A and B, the overlap stretched the bounds of coincidence in that: “One table is essentially identical, although other tables in the two chapters are different. In addition, there are some passages that contain identical phrases. Most of these appear to have been reworded, but many identifiable words and phrases are identical between the two chapters. There are also areas where the text is completely different” (WAME). However, this hypothetical case is clearly not a situation where the same authorial product was disguised with a new title. Although the whole debate is worth reading, the general consensus of the Ethics Committee was along the lines of (specifically citing one response): I do not see a problem with the author reusing his own material to write a chapter in another textbook (readers of textbooks as opposed to research articles are not expecting originality). The problem is that he should have done this with the concurrence of the two editors and if he signed over his copyright the permission of publisher of textbook A. He should of course also have consulted with his co-author. I think the editors should inform the publishers and his employer of the facts and let them decide what course of action to take. (WAME) The references to re-using the material transparently, and the editors of the textbooks informing the author’s employer, are a constant refrain from a number of contributors to the discussion. Some WAME list discussants offer defences to the charge of self-plagiarism: “the main problem here is not whether the same, or very similar, information can or should be published in more than one place” commented Frank Davidoff, “that sort of thing is done all the time, and can serve important functions. After all, different people read different textbooks, and if it’s important for the information to get out there, why shouldn’t it be made as widely available as possible?” Andrew Herxheimer thought the readers’ perspective had not been given sufficient consideration: “If I were keenly interested in the contents of the chapter in textbook B, I might well wish to know how they had developed, and to look at earlier versions of the material, and to understand why the contents and emphases etc had changed in the way they had.” “The choice of an author for a review monograph or textbook chapter is based always on perusal of the existing reviews and chapters, hoping that the new publication can contain something just as good” argued Rick Nelson, going on to say, “that obligates the author to produce something as similar to his previous publication as possible, and yet different – an impossible task even if such writing were a priority endeavor, which it never is.” (WAME). Irving Hexham, of the Department of Religious Studies, University of Calgary, appears to have been substantially ahead of the game in discussing self-plagiarism in the 1990s. His consideration of the issue is generally more sympathetic than SPlaT’s, or WAME’s. For example, “Self-plagiarism must be distinguished from the recycling of one’s work that to a greater or lesser extent everyone does legitimately”, and: Academics are expected to republish revised versions of their Ph.D. thesis. They also often develop different aspects of an argument in several papers that require the repetition of certain key passages. This is not self-plagiarism if the complete work develops new insights. It is self-plagiarism if the argument, examples, evidence, and conclusion remain the same in two works that only differ in their appearance. (Hexham) It appears that Hexham and SPlaT have very different ideas of what constitutes self-plagiarism. Their different perspectives may be influenced by disciplinary perspectives and wider contexts – journal article or textbook chapter, a cannibalised conference paper or thesis – and by whether or not they have authored software to catch the offending behaviour. At least one Australian academic (not in M/C – Media and Culture) has been asked by their University to justify their publications against a charge of self-plagiarism, however, which is how the topic has become visible and why the need for debate has become urgent. Incidentally, the opening sentence of the opening paragraph to the Introduction of the paper on “Splat: A System for Self-Plagiarism Detection” is almost identical to the Abstract for a paper published two years later as “Self-Plagiarism in Computer Science”, viz: “We are all too aware of the ravages of scientific misconduct in the academic community. Students submit assignments inherited from the [sic] their friends who took the course the year before, on-line paper-mills allow students to browse for term papers on popular topics, and occasionally researchers are found out when falsifying data or publishing the work of others as their own.” (Collburg et al.) “We are all too aware of the ravages of misconduct in the academic community. Students submit assignments inherited from their friends, online papermills provide term papers on popular topics, and occasionally researchers are found falsifying data or publishing the work of others as their own.” (Collburg & Kubourov) Further, in these two papers there is a difference in authorship line-up, as with the WAME example… So what of the reviewers in all this? The Journal of Optical Networking, published by the Optical Society of America, comments that “self-plagiarism causes duplicate papers in the scientific literature, violates copyright agreements, and unduly burdens reviewers, editors, and the scientific publishing enterprise.” (JON). In an environment of blind peer review, where the reviewer does not know the author’s identity and is not in a position to check the body of their published work, the acid test becomes whether (in the reviewer’s opinion) the article advances the debate by offering something new. The submission should also repay the time and effort expended in reading and considering the contents. Other than that, issues of in/valid repurposing, repackaging, recycling and redeveloping arguments and findings require debate and determination at a discipline-wide level, rather than at the coalface of reviewers’ practice. References Collburg, Christian, and Stephen Kobourov. “Self-Plagiarism in Computer Science”, Communications of the ACM, 48.4 (April 2005): 88-94. Collburg, Christian, Stephen Kobourov, Joshua Louie, and Thomas Slattery. “SPlaT: A System for Self-Plagiarism Detection” IADIS International Conference WWW/INTERNET, Algarve, Portugal 5-8 November 2003. 09 Oct 2005 http://splat.cs.arizona.edu/icwi_plag.pdf>. Georgetown University. What Is Plagiarism?, Georgetown University Honor Council, Georgetown University, n.d. 9 Oct. 2005 http://www.georgetown.edu/honor/plagiarism.html>. Hexham, Irving. The Plague of Plagiarism, Department of Religious Studies, University of Calgary, 1999 published on University of Missouri Kansas City, Douglas E Cowan Website. 9 Oct. 2005 http://c.faculty.umkc.edu/cowande/plague.htm#self>. JON. “From the Board of Editors: On Plagiarism”, Journal of Optical Networking, Optical Society of America, 4.3 (2005): 142-3, 9 Oct. 2005 http://www.osa-jon.org/abstract.cfm?URI=JON-4-3-142>. Vedantam, Shankar. “Drug Ads Hyping Anxiety Make Some Uneasy”, Washington Post 16 July (2001): p. A01; also published in PR in the News, Council of Public Relations Firms, 9 Oct. 2005 http://www.prfirms.org/resources/news/drug071601.asp>. SPlaT. SPlaT Website, Computer Science Department, University of Arizona, March 2005. 9 Oct. 2005 http://splat.cs.arizona.edu/>. WAME. “Self-Plagiarism of Textbook Chapters”, World Association of Medical Editors, Ethics Committee and list discussants, October 2004. 9 Oct. 2005 http://www.wame.org/selfplag.htm>. Citation reference for this article MLA Style Green, Lelia. "Reviewing the Scourge of Self-Plagiarism." M/C Journal 8.5 (2005). echo date('d M. Y'); ?> <http://journal.media-culture.org.au/0510/07-green.php>. APA Style Green, L. (Oct. 2005) "Reviewing the Scourge of Self-Plagiarism," M/C Journal, 8(5). Retrieved echo date('d M. Y'); ?> from <http://journal.media-culture.org.au/0510/07-green.php>.