標題: | Using ontologies to perform threat analysis and develop defensive strategies for mobile security |
作者: | Wang, Ping Chao, Kuo-Ming Lo, Chi-Chun Wang, Yu-Shih 資訊管理與財務金融系 註:原資管所+財金所 Department of Information Management and Finance |
關鍵字: | Threat risk analysis;Mobile virus;Ontology;Behavior analysis;Code analysis |
公開日期: | 1-Mar-2017 |
摘要: | Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Prot,g, platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs. |
URI: | http://dx.doi.org/10.1007/s10799-014-0213-1 http://hdl.handle.net/11536/144497 |
ISSN: | 1385-951X |
DOI: | 10.1007/s10799-014-0213-1 |
期刊: | INFORMATION TECHNOLOGY & MANAGEMENT |
Volume: | 18 |
起始頁: | 1 |
結束頁: | 25 |
Appears in Collections: | Articles |