The authors develop a malware fingerprinting framework to cover accurate android malware detection and family attribution in this book. The authors emphasize the following: (1) the scalability over a large malware corpus; (2) the resiliency to common obfuscation techniques; (3) the portability over different platforms and architectures.
First, the authors propose an approximate fingerprinting technique for android packaging that captures the underlying static structure of the android applications in the context of bulk and offline detection at the app-market level. This book proposes a malware clustering framework to perform malware clustering by building and partitioning the similarity network of malicious applications on top of this fingerprinting technique. Second, the authors propose an approximate fingerprinting technique that leverages dynamic analysis and natural language processing techniques to generate Android malware behavior reports. Based on this fingerprinting technique, the authors propose a portable malware detection framework employing machine learning classification. Third, the authors design an automatic framework to produce intelligence about the underlying malicious cyber-infrastructures of Android malware. The authors then leverage graph analysis techniques to generate relevant intelligence to identify the threat effects of malicious Internet activity associated with android malware.
The authors elaborate on an effective android malware detection system, in the online detection context at the mobile device level. It is suitable for deployment on mobile devices, using machine learning classification on method call sequences. Also, it is resilient to common code obfuscation techniques and adaptive to operating systems and malware change overtime, using natural language processing and deep learning techniques.
Researchers working in mobile and network security, machine learning and pattern recognition will find this book useful as a reference. Advanced-level students studying computer science within these topic areas will purchase this book as well.
Dr. ElMouatez Billah Karbab is a researcher at Concordia University, Montreal, Canada. His research focuses on applied machine learning techniques on malware fingerprinting and mobile & IoT security. He is a research scientist at the National Cyber Forensic and Training Alliance (NCFTA) of Canada, an international organization which focuses on the investigation of cyber-crimes. He is also serving as a data scientist and cyber-security specialist at NCFTA Canada. He served as an associate researcher at Research Centre for Scientific and Technical Information (CERIST), Algeria, where he worked on international projects in collaboration with the university of Cape Town, South Africa, and Heudiasyc Lab, France. ElMouatez has published many peer-reviewed research articles in international journals and conferences on malware fingerprinting using machine learning techniques, cyber security, and embedded systems.
Mourad Debbabi is Professor at the Concordia Institute for Information Systems Engineering and Interim Dean of the Gina Cody School of Engineering and Computer Science. He holds the NSERC/Hydro-Quebec Thales Senior Industrial Research Chair in Smart Grid Security. He is a member of the Cybersecurity Advisory Board to the Minister of Digital Transformation, and a member of the Advisory Board of the Cybercrime Council. He serves/served on the boards of Canadian Police College, PROMPT Québec and Calcul Québec. He is the founder and Director of the Security Research Centre at Concordia University. Dr. Debbabi holds Ph.D. and M.Sc. degrees in computer science from Université Paris-XI Orsay, France, and an Engineering degree from Université de Constantine. He has published 6 books and more than 300 peer-reviewed research articles in international journals and conferences on cyber security, cyber forensics, smart grids, privacy, cryptographic protocols, threat intelligence generation, malware analysis, reverse engineering, specification and verification of safety-critical systems, programming languages and type theory. He has supervised to successful completion 33 Ph.D. students, 76 Master students and 14 Postdoctoral Fellows. He served as a Senior Scientist at the Panasonic Information and Network Technologies Laboratory, Princeton, New Jersey, USA; Associate Professor at the Computer Science Department of Laval University, Canada; Senior Scientist at General Electric Research Center, New York, USA; Research Associate at the Computer Science Department of Stanford University, California, USA; and Permanent Researcher at the Bull Corporate Research Center, Paris, France.
Dr. Abdelouahid Derhab received the Engineer's, MSc, and PhD degrees in computer science from University of Sciences and Technology Houari Boummediene (USTHB), Algiers, in 2001, 2003, and 2007 respectively. He was a full-time researcher at CERIST research center in Algeria from 2002 to 2012. He was an Assistant Professor at King Saud University from 2012 to 2018. He is currently an Associate Professor at the Center of Excellence in Information Assurance (COEIA), King Saud University. He served as a lead guest editor of some peer-reviewed journals. He also served as workshop chair, technical committee chair, and reviewer for many journals and international conferences. He is the author of more than 100 papers in different peer-reviewed journals conferences, and book chapters. He is also a cyber security policy analyst at Global Foundation for Cyber Studies and Research (GFCYBER). His research interests are: malware analysis, network security, intrusion detection, mobile security, Internet of things, smart grid, blockchain, and cyber security policies.
Dr. Djedjiga Mouheb is an Assistant Professor at the Department of Computer Science, College of Computing and Informatics, University of Sharjah, UAE. She is a member of the University's Information and Network Security Research Group. Her research interests include social networking security, social bots, malware analysis, software fingerprinting, investigation of cyber-threat infrastructures, and software security. Before joining University of Sharjah, she was a Postdoctoral Fellow at Concordia University, Montreal, Canada. She was also a member of the National Cyber Forensics and Training Alliance (NCFTA) Canada. She holds a PhD degree in Computer Science from Concordia University, Montreal, Canada, Master's degree from École des Mines de Paris, France and Bachelors degree from Institut National d'Informatique (INI), Algeria.