標題: Using ontologies to perform threat analysis and develop defensive strategies for mobile security
作者: Wang, Ping
Chao, Kuo-Ming
Lo, Chi-Chun
Wang, Yu-Shih
資訊管理與財務金融系 註:原資管所+財金所
Department of Information Management and Finance
關鍵字: Threat risk analysis;Mobile virus;Ontology;Behavior analysis;Code analysis
公開日期: 1-三月-2017
摘要: Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Prot,g, platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs.
URI: http://dx.doi.org/10.1007/s10799-014-0213-1
http://hdl.handle.net/11536/144497
ISSN: 1385-951X
DOI: 10.1007/s10799-014-0213-1
期刊: INFORMATION TECHNOLOGY & MANAGEMENT
Volume: 18
起始頁: 1
結束頁: 25
顯示於類別:期刊論文