Browsing by Author "Mesbah, Abdelhak"
Now showing 1 - 7 of 7
- Results Per Page
- Sort Options
Item The hell forgery : self modifying codes shoot Again(2017) Mesbah, Abdelhak; Regnaud, Leo; Lanet, Jean-Louis; Mezghiche, MohamedItem Longcgdroid: android malware detection through longitudinal study for machine learning and deep learning(Scientific Research Support Fund of Jordan, 2023) Mesbah, Abdelhak; Baddari, Ibtihel; Riahla, Mohamed AmineThis study aims to compare the longitudinal performance between machine-learning and deep-learning classifiers for Android malware detection, employing different levels of feature abstraction. Using a dataset of 200k Android apps labeled by date within a 10-year range (2013-2022), we propose the LongCGDroid, an image-based effective approach for Android malware detection. We use the semantic Call Graph API representation that is derived from the Control Flow Graph and Data Flow Graph to extract abstracted API calls. Thus, we evaluate the longitudinal performance of LongCGDroid against API changes. Different models are used; machine-learning models (LR, RF, KNN, SVM) and deep-learning models (CNN, RNN). Empirical experiments demonstrate a progressive decline in performance for all classifiers when evaluated on samples from later periods. However, the deep-learning CNN model under the class abstraction maintains a certain stability over time. In comparison with eight state-of-the-art approaches, LongCGDroid achieves higher accuracy.Item Persistent fault injection attack from white-box to black-box(IEEE, 2017) Mesbah, Abdelhak; Mezghiche, Mohamed; Lanet, Jean-LouisAmong the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior installation. This prevents ill-formed applet to be loaded. In this article, the behavior of the Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, we demonstrate how one can use this breach to access to the system data of a frame, and persistently activate any code. Using both a white-box approach and fault injection that can transform a well-formed code to an ill-formed one during runtime executionItem Rétro-conception d'application Java Card(2018) Mesbah, AbdelhakItem Reverse engineering a Java Card memory management algorithm(2017) Mesbah, Abdelhak; Lanet, Jean-Louis; Mezghiche, MohamedItem Reverse engineering Java Card and vulnerability exploitation : a shortcut to ROM(Springer, 2017) Mesbah, Abdelhak; Lanet, Jean-Louis; Mezghiche, MohamedItem Towards a Longitudinal Comparison Between Different Strategies for Android Malware Detection(Institute of Electrical and Electronics Engineers Inc, 2023) Mesbah, Abdelhak; Baddari, Ibtihel; Riahla, Mohamed AmineThe growing popularity of the Android platform makes it a target of malware authors. The effective identification of such malware is an ongoing challenge. Several methods using machine learning have been proposed to prevent this threat. These methods are usually conventionally evaluated without considering the extent of performance over time. Given the evolving nature of both malware and benign apps, conventional evaluation may lack information. To imitate reality, this study compares the longitudinal performance of different machine learning models, using different strategies that combine permissions and API calls as features extracted through static analysis. Thus, to determine which strategy of features on which classifier are most effective to characterize malware for building a robust malware detector. To achieve this goal, on the one hand, we use a large real-world app set consisting of 100K (50k benign, 50k malware) apps date-labeled, collected across ten years, first seen between 2013 and 2022. On the other hand, each feature's strategy is fed into five classifiers (i.e., SVM, RF, LR, DT, and ANN), using old apps for the training and new apps for the evaluation. Among the assessed machine learning models, the SVM achieves the most promising results over time by employing the combination strategy of the high difference usage of API calls and permissions.