* update 2024-12-18 06:21:18

arXiv_db/Malware/2024.md

@@ -3878,3 +3878,39 @@
 
 </details>
 
+<details>
+
+<summary>2024-12-16 08:20:29 - Android App Feature Extraction: A review of approaches for malware and app similarity detection</summary>
+
+- *Simon Torka, Sahin Albayrak*
+
+- `2412.11539v1` - [abs](http://arxiv.org/abs/2412.11539v1) - [pdf](http://arxiv.org/pdf/2412.11539v1)
+
+> This paper reviews work published between 2002 and 2022 in the fields of Android malware, clone, and similarity detection. It examines the data sources, tools, and features used in existing research and identifies the need for a comprehensive, cross-domain dataset to facilitate interdisciplinary collaboration and the exploitation of synergies between different research areas. Furthermore, it shows that many research papers do not publish the dataset or a description of how it was created, making it difficult to reproduce or compare the results. The paper highlights the necessity for a dataset that is accessible, well-documented, and suitable for a range of applications. Guidelines are provided for this purpose, along with a schematic method for creating the dataset.
+
+</details>
+
+<details>
+
+<summary>2024-12-16 08:57:24 - DB-PAISA: Discovery-Based Privacy-Agile IoT Sensing+Actuation</summary>
+
+- *Isita Bagayatkar, Youngil Kim, Gene Tsudik*
+
+- `2412.11572v1` - [abs](http://arxiv.org/abs/2412.11572v1) - [pdf](http://arxiv.org/pdf/2412.11572v1)
+
+> Internet of Things (IoT) devices are becoming increasingly commonplace in numerous public and semi-private settings. Currently, most such devices lack mechanisms to facilitate their discovery by casual (nearby) users who are not owners or operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This naturally triggers privacy, security, and safety issues.   To address this problem, some recent work explored device transparency in the IoT ecosystem. The intuitive approach is for each device to periodically and securely broadcast (announce) its presence and capabilities to all nearby users. While effective, when no new users are present, this push-based approach generates a substantial amount of unnecessary network traffic and needlessly interferes with normal device operation.   In this work, we construct DB-PAISA which addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if fully compromised by malware) based on a small active Root-of-Trust (RoT). DB-PAISA requires no hardware modifications and is suitable for a range of current IoT devices. To demonstrate its feasibility and practicality, we built a fully functional and publicly available prototype. It is implemented atop a commodity MCU (NXP LCP55S69) and operates in tandem with a smartphone-based app. Using this prototype, we evaluate energy consumption and other performance factors.
+
+</details>
+
+<details>
+
+<summary>2024-12-16 18:57:41 - Explaining Provenance-Based GNN Detectors with Graph Structural Features</summary>
+
+- *Kunal Mukherjee, Joshua Wiedemeier, Tianhao Wang, Muhyun Kim, Feng Chen, Murat Kantarcioglu, Kangkook Jee*
+
+- `2306.00934v4` - [abs](http://arxiv.org/abs/2306.00934v4) - [pdf](http://arxiv.org/pdf/2306.00934v4)
+
+> Advanced cyber threats (e.g., Fileless Malware and Advanced Persistent Threat (APT)) have driven the adoption of provenance-based security solutions. These solutions employ Machine Learning (ML) models for behavioral modeling and critical security tasks such as malware and anomaly detection. However, the opacity of ML-based security models limits their broader adoption, as the lack of transparency in their decision-making processes restricts explainability and verifiability. We tailored our solution towards Graph Neural Network (GNN)-based security solutions since recent studies employ GNNs to comprehensively digest system provenance graphs for security critical tasks.   To enhance the explainability of GNN-based security models, we introduce PROVEXPLAINER, a framework offering instance-level security-aware explanations using an interpretable surrogate model. PROVEXPLAINER's interpretable feature space consists of discriminant subgraph patterns and graph structural features, which can be directly mapped to the system provenance problem space, making the explanations human understandable. By considering prominent GNN architectures (e.g., GAT and GraphSAGE) for anomaly detection tasks, we show how PROVEXPLAINER synergizes with current state-of-the-art (SOTA) GNN explainers to deliver domain and instance-specific explanations. We measure the explanation quality using the fidelity+/fidelity- metric as used by traditional GNN explanation literature, and we incorporate the precision/recall metric where we consider the accuracy of the explanation against the ground truth. On malware and APT datasets, PROVEXPLAINER achieves up to 29%/27%/25% higher fidelity+, precision and recall, and 12% lower fidelity- respectively, compared to SOTA GNN explainers.
+
+</details>
+