Using ontologies to perform threat analysis and develop defensive strategies for mobile security

P. Wang, K-M Chao, Chichun Lo, Y-S. Wang

    Research output: Contribution to journalArticle

    13 Citations (Scopus)

    Abstract

    Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Protégé platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs.
    Original languageEnglish
    JournalInformation Technology and Management
    VolumeIn press
    DOIs
    Publication statusPublished - Jan 2015

    Bibliographical note

    This article is not yet available on the repository.

    Keywords

    • Behavior analysis
    • Code analysis
    • Mobile virus
    • Ontology
    • Threat risk analysis

    Fingerprint

    Dive into the research topics of 'Using ontologies to perform threat analysis and develop defensive strategies for mobile security'. Together they form a unique fingerprint.

    Cite this