Tuesday, 25 February 2020

Real-Time Malware Detectors on Android projects

Real-Time Malware Detectors on Android projects

Android has become the leading operating systemfor next-generation smart devices. Consequently, the number ofAndroid malware has also skyrocketed. Many dynamic analysistechniques have been proposed to detect Android malware.However, very few of these techniques use real-time monitoringon user devices as Android does not provide low-level informa-tion to third-party apps. Moreover, some techniques detect aspecific malware class more effectively than others. Therefore,end users can be benefited by installing multiple malwaredetection techniques. In this paper, we propose SpyDroid, areal-time malware detection framework that can accommodatemultiple detectors from third-parties (e.g., researchers and an-tivirus vendors) and allows efficient and controlled real-timemonitoring. SpyDroid consists of two operating system modules(monitoring and detection) and supports application layer sub-detectors. Sub-detectors are regular Android applications thatmonitor and analyze different runtime information using themonitoring module and they report the detection module abouttheir findings. The detection module decides when to mark an appas malware. Researchers and antivirus vendors can now publishtheir techniques via app markets and end users can install anynumber of sub-detectors as they require. We have implementedSpyDroid using the Android Open Source Project (AOSP) andour experiments with a dataset containing 4,965 apps show thatdecisions from multiple sub-detectors can increase the malwaredetection rate significantly on a real device.Code Shoppy

                                Real-Time Malware Detectors on Android projects
Among all smartphone operating systems, Android occupiesover 85% market share in 2017 [1]. Moreover, Android-powered devices such as cars, fridges, televisions, point ofsale (POS) terminals, and ATM booths are expected to flooduser markets within a few years. Due to the popularity ofthe Android ecosystem, malware writers are targeting Androiddevices exclusively and the number of malware for Androidsurged exponentially in 2017. Android implements a num-ber of security mechanisms to ensure the safety of deviceresources, e.g., the permission mechanism.The permission mechanism of Android is coarse-grainedand users are usually ignorant about the sought permissions.Researchers also proposed attacks that can bypass the per-mission mechanism [2], [3]. As a result, effective detectionof malware is very important to mitigate security threats inthe Android ecosystem. Unfortunately, antiviruses are not veryeffective due to the restrictive security model of Android thatdoes not let any app scan the runtime behavior of others.Researchers have made great efforts to improve the securityf Android and proposed a number of static and dynamicanalysis techniques. In static analysis, the Android applicationfile (apk) is decompiled to perform analysis, such as data flowanalysis, control flow analysis, API call analysis, byte N-gram,and fingerprinting. Studies [4] have shown that static analysisis becoming less effective day by day due to powerful trans-formation techniques (call graph obfuscation, dynamic codeloading, manifest cheating, metamorphism, polymorphism,etc.). They concluded that dynamic analysis is a necessarycomplement to static analysis as it is less vulnerable to codetransformations.Dynamic analysis is more effective as it can extract featuresthat represent unique patterns of execution. Interestingly, ac-cording to this study [5], over 98% of the new malware arein fact variants of an existing malware family. Google usesa dynamic analysis system called Google Bouncer that ana-lyzes apks submitted to them. Unfortunately, dynamic analysistechniques that execute Android apps inside an emulator alsosuffer from the fact that malware writers can detect emulatorsand thus evade detection. Hence, real-time monitoring onuser devices becomes necessary. In addition, end users arenot benefiting from these research as it is very difficult forthem to integrate the techniques into their devices. Moreover,sometimes a specific class of malware can only be detected bya single technique or a particular antivirus. Therefore, deviceowners can be benefited by employing multiple malwaredetectors on their devices  https://codeshoppy.com/php-projects-titles-topics.html

Multiple Student Generations

Multiple Student Generations

the first-generation students and the organization owning the topic. 6)The advisor assigned the students to design the user interface or the project prototype. 7)The student setup a meeting with the users to present the user interface/prototype. If there are many users, the students conduct a survey for the user requirement. This step represents the Conceive part of CDIO concept. Our experience suggests that the first generation students should be the presenters or get involved deeply. 8)The students create the project timeline for the entire academic year with the last 2 months are for the system's deployment, the user acceptance test, and the user satisfaction survey. 9)On the third week of the first semester, the students present their project proposal to the department committee. 10)The students present their project progress to the department committee every month along with their design and implementation. This step represents the Design and Implement part of CDIO concept. 11)In the last 2 months of the academic year, the students deploy the system and test the entire system. Then, the users test the system, and fill out the user satisfaction survey. This step represents the Operate part of CDIO concept. This step may repeat if needed. 12)In the last week of the academic year, the students present the final project. Unlike a normal senior project topic, the project advisor must prepare the project topics 2-3 months before the first semester starts, which is long before a normal topic preparation. Additionally, the next generation students must bond with the first generation students and the organization owning the topics strongly with monthly meeting or more often. They also must start the project user surveys, and verify the user requirements long before the first semester starts. Furthermore, they must reserve a few months at the end to deploy the system, testing thoroughly, and survey the user satisfaction. All of these must be done before the project final presentation. These extra works may cause many obstacles to the students and the project
Code Shoppy
Multiple Student Generations



















To deliver real-world experiences to students, there are many approaches introduced. In Singapore, a curriculum is integrated with industrial-grade laboratory equipment and months of internships [3]. Turku University in Finland [4] introduces a center of a project-based learning environment, which is managed like a company. The center accepts small ICT projects from real customers and distributes to ICT students taking a project course or an internship. Some projects receive payments from customers. A joint Professional Summer School Sprint was organized among 3 universities in Finland [5]. It was a 2-week boot camp for multidisciplinary groups of students to seek for innovation to solve a real business problem from partner companies. Though, some students dropped out from the camp, but most of them enjoyed the experience. However, students suggested that the customer companies should be trained more for the course to have more realistic expectations what can be done in 2 weeks, or send an employee to participate the course full time. In Portugal, a curricular capstone-internships approach is introduced [6]. The approach is used in an Informatics Engineering curricular with capstone-internship project in the last semester. A web-based platform for the capstone project management between the external organizations and the course manager has been used since 2004. However, since the communication with external organizations became very important, the use of the web-based management system has been indispensable. Therefore, working with a real-world project from an external organization has never been easy in anywhere. C.Teaching and Learning in Our Senior Project Course Our senior project course includes 3 hours of class per week for 2 semesters. Project-based Learning is the main teaching and learning method. Therefore, the students practice their practical engineering skills in groups of at most three, and present their project progress every month. All student groups present their final project in the last week of the second semester. Furthermore, every group must be advised with their advisor every week, and submit their advisory form weekly https://codeshoppy.com/android-app-ideas-for-students-college-project.html

 
                              



















Monday, 24 February 2020

SpyDroid: A Framework for Employing MultipleReal-Time Malware Detectors on Android

SpyDroid: A Framework for Employing MultipleReal-Time Malware Detectors on Android

Among all smartphone operating systems, Android occupiesover 85% market share in 2017 [1]. Moreover, Android-powered devices such as cars, fridges, televisions, point ofsale (POS) terminals, and ATM booths are expected to flooduser markets within a few years. Due to the popularity ofthe Android ecosystem, malware writers are targeting Androiddevices exclusively and the number of malware for Androidsurged exponentially in 2017. Android implements a num-ber of security mechanisms to ensure the safety of deviceresources, e.g., the permission mechanism.The permission mechanism of Android is coarse-grainedand users are usually ignorant about the sought permissions.Researchers also proposed attacks that can bypass the per-mission mechanism [2], [3]. As a result, effective detectionof malware is very important to mitigate security threats inthe Android ecosystem. Unfortunately, antiviruses are not veryeffective due to the restrictive security model of Android thatdoes not let any app scan the runtime behavior of others.Researchers have made great efforts to improve the securityof Android and proposed a number of static and dynamicanalysis techniques. In static analysis, the Android applicationfile (apk) is decompiled to perform analysis, such as data flowanalysis, control flow analysis, API call analysis, byte N-gram,and fingerprinting. Studies [4] have shown that static analysisis becoming less effective day by day due to powerful trans-formation techniques (call graph obfuscation, dynamic codeloading, manifest cheating, metamorphism, polymorphism,etc.). They concluded that dynamic analysis is a necessarycomplement to static analysis as it is less vulnerable to codetransformations.Dynamic analysis is more effective as it can extract featuresthat represent unique patterns of execution. Interestingly, ac-cording to this study [5], over 98% of the new malware arein fact variants of an existing malware family. Google usesa dynamic analysis system called Google Bouncer that ana-lyzes apks submitted to them. Unfortunately, dynamic analysistechniques that execute Android apps inside an emulator alsosuffer from the fact that malware writers can detect emulatorsand thus evade detection. Hence, real-time monitoring onuser devices becomes necessary. In addition, end users arenot benefiting from these research as it is very difficult forthem to integrate the techniques into their devices. Moreover,sometimes a specific class of malware can only be detected bya single technique or a particular antivirus. Therefore, deviceowners can be benefited by employing multiple malwaredetectors on their devices.Code Shoppy

SpyDroid: A Framework for Employing MultipleReal-Time Malware Detectors on Android

 In this paper, we propose SpyDroid, a real-time malwaredetection framework that can deploy multiple malware detec-tors (we call them sub-detectors) on a real device. SpyDroidis designed as a part of the operating system and has twomodules for monitoring and detection. Sub-detectors monitorruntime information using the monitoring module and performanalysis to detect malware. They report their analysis resultsto the SpyDroid detector. The detector decides when to markan app as malware. A framework like SpyDroid can help third-parties (researchers and commercial vendors) to publish theirdetection techniques via application markets and users caninstall multiple sub-detectors to improve the security of theirdevices.We implement SpyDroid using the Android Open SourceProject (AOSP) [6]. However, the concept of SpyDroid isgeneric and can be implemented in any smartphone operatingsystem.https://codeshoppy.com/php-projects-titles-topics.html

An Experience Advising Senior Projects Spanning to Multiple Student Generations

An Experience Advising Senior Projects Spanning to Multiple Student Generations

Senior Project or Capstone Project is very crucial in Engineering or Information Technology Degree Curriculums. The course aims at students to apply their entire knowledge and skills to solve an engineering or technology problem. They also require to develop their planning skills, responsibility, autonomous learning skills, problem solving skills, analytical skills, presentation skills, and report writing skills. However, assigning a project topic is one of the most important step in senior project development since a good topic can push the students to develop various skills essential to their career. Assigning a real-world problem as a senior project can push the students to understand to the user requirement deeply, to practice communicate with real users, and practice their endurance to analyze the system as what the user actually required. All the above skills are practiced along with design and development with knowledge and skills necessary to their career, such as planning skills, responsibility, autonomous learning skills, problem solving skills, analytical skills, presentation skills, and report writing skills. After finishing the development, the students must deploy the system, and have the user acceptance test. All of these can be accomplished if and only if the project topic is a real-world problem with real users and real situations. Code Shoppy
In the 2015 academic years, we tried assigning eight real-world problems as our student’s senior projects[1]. The objective of this is to develop our computer engineering student’s skills more completely and professionally with CDIO [2] concept. The evaluations include the project presentations and the completeness of the project, which are the project deployment with user satisfaction surveys, and the number of national conference publications. The results show that 5 from 8 projects can be deployed and operated by the users in actual situations. The satisfaction score of all projects are between 4.03 to 4.80 from the full scale of 5. The projects can be published to 5 national or international publications. However, since the topics are real-world problems, the project developments are not finished with the academic years. Some of those require extensive development in the next academic year. The purpose of this research is to study the experience of managing three multiple-year spanning projects. We collect the project development results until the 2017 academic year, and evaluate the project with the project presentations and the completeness of the project, including the project deployment with user satisfaction surveys, and the number of national/international publications. We also explain the problems occurred, our solutions, and suggestions in this article.To deliver real-world experiences to students, there are many approaches introduced. In Singapore, a curriculum is integrated with industrial-grade laboratory equipment and months of internships [3]. Turku University in Finland [4] introduces a center of a project-based learning environment, which is managed like a company. The center accepts small ICT projects from real customers and distributes to ICT students taking a project course or an internship. Some projects receive payments from customers. A joint Professional Summer School Sprint was organized among 3 universities in Finland [5]. It was a 2-week boot camp for multidisciplinary groups of students to seek for innovation to solve a real business problem from partner companies. Though, some students dropped out from the camp, but most of them enjoyed the experience. However, students suggested that the customer companies should be trained more for the course to have more realistic expectations what can be done in 2 weeks, or send an employee to participate the course full time. In Portugal, a curricular capstone-internships approach is introduced [6]. The approach is used in an Informatics Engineering curricular with capstone-internship project in the last semester. A web-based platform for the capstone project management between the external organizations and the course manager has been used since 2004. However, since the communication with external organizations became very important, the use of the web-based management system has been indispensable. Therefore, working with a real-world project from an external organization has never been easy in anywhere. C.Teaching and Learning in Our Senior Project Course Our senior project course includes 3 hours of class per week for 2 semesters. Project-based Learning is the main teaching and learning method. Therefore, the students practice their practical engineering skills in groups of at most three, and present their project progress every month. All student groups present their final project in the last week of the second semester. Furthermore, every group must be advised with their advisor every week, and submit their advisory form weekly.


An Experience Advising Senior Projects Spanning to Multiple Student Generations

This article describes the process applying to multiple-year spanning senior projects, which are senior projects that require many years to develop. With real requirements from organizations, we must prepare the topics and the next generation students long before the semester starts. Regular meetings with the first generation and the owner organization are also required. Additionally, the students must allocate a few months for deployment and user satisfaction surveys. Our results show that 2 out of 3 multiple-year spanning projects can complete successfully. However, one cannot finish on schedule due to the user requirement changes. The problems occur can be solved with extra efforts. Therefore, the department still continues with this type of senior projects to improve our student’s ability to the real industry