Browsing by Author "Peng, Wei"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item ACTS: Extracting Android App Topological Signature through Graphlet Sampling(IEEE, 2016-10) Peng, Wei; Gao, Tianchong; Sisodia, Devkishen; Saha, Tanay Kumar; Li, Feng; Al Hasan, Mohammad; Computer Information and Graphics Technology, School of Engineering and TechnologyAndroid systems are widely used in mobile & wireless distributed systems. In the near future, Android is believed to dominate the mobile distributed environment. However, with the popularity of Android-based smartphones/tablets comes the rampancy of Android-based malware. In this paper, we propose a novel topological signature of Android apps based on the function call graphs (FCGs) extracted from their Android App Packages (APKs). Specifically, by leveraging recent advances in graphlet sampling, the proposed method fully captures the invocator-invocatee relationship at local neighborhoods in an FCG without exponentially inflating the state space. Using real benign app and malware samples, we demonstrate that our method, ACTS (App topologiCal signature through graphleT Sampling), can detect malware and identify malware families robustly and efficiently. More importantly, we demonstrate that, without augmenting the FCG with any semantic features such as bytecode-based vertex typing, local topological information captured by ACTS alone can achieve a high malware detection accuracy. Since ACTS only uses structural features, which are orthogonal to semantic features, it is expected that combining them would give a greater improvement in malware detection accuracy than combining non-orthogonal semantic features.Item Android Malware Detection via Graphlet Sampling(IEEE, 2018-11) Gao, Tianchong; Peng, Wei; Sisodia, Devkishen; Saha, Tanay Kumar; Li, Feng; Al Hasan, Mohammad; Computer Information and Graphics Technology, School of Engineering and TechnologyAndroid systems are widely used in mobile & wireless distributed systems. In the near future, Android is believed to dominate the mobile distributed environment. However, with the popularity of Android-based smartphones/tablets comes the rampancy of Android-based malware. In this paper, we propose a novel topological signature of Android apps based on the function call graphs (FCGs) extracted from their Android App PacKages (APKs). Specifically, by leveraging recent advances on graphlet mining, the proposed method fully captures the invocator-invocatee relationship at local neighborhoods in an FCG without exponentially inflating the state space. Using real benign app and malware samples, we demonstrate that our method, ACTS (App topologiCal signature through graphleT Sampling), can detect malware and identify malware families robustly and efficiently. More importantly, we demonstrate that, without augmenting the FCG with any semantic features such as bytecode-based vertex typing, local topological information captured by ACTS alone can achieve a high malware detection accuracy. Since ACTS only uses structural features, which are orthogonal to semantic features, it is expected that combining them would give a greater improvement in malware detection accuracy than combining non-orthogonal semantic features.Item The Internet Based Electronic Voting Enabling Open and Fair Election(Office of the Vice Chancellor for Research, 2014-04-11) Zou, Xukai; Li, Huian; Sui, Yan; Peng, Wei; Li, FengVoting is the pillar of modern democracies. However, examination of current voting systems (including E-voting techniques) shows a gap between casting secret ballots and tallying and verifying individual votes. This gap is caused by either disconnection between the vote-casting process and the vote-tallying process, or opaque transition (e.g. due to encryption) from vote- casting to vote-tallying and thus, damages voter assurance, i.e. failing to answer the question: “Will your vote count?” We proposed a groundbreaking E-voting protocol that fills this gap and provides a fully transparent election. In this new voting system, this transition is seamless, viewable, and verifiable. As a result, the above question can be answered assuredly: “Yes, my vote counts!” The new E-voting protocol is fundamentally different from all existing voting/E-voting protocols in terms of both concepts and the underlying mechanisms. It consists of three innovative Technical Designs: TD1: universal verifiable voting vector; TD2: forward and backward mutual lock voting; and TD3: in-process verification and enforcement. The new technique is the first fully transparent E-voting protocol which fills the aforementioned gap. The trust is split equally among all tallying authorities who are of conflict-of-interest and will technologically restrain from each other. As a result, the new technique enables open and fair elections, even for minor or weak political parties. It is able to mitigate errors and risk and detect fraud and attacks including collusion, with convincingly high probability 1 − 2−(m−log(m))n (n: #voters and m ≥ 2:#candidates). It removes many existing requirements such as trusted central tallying authorities, tailored hardware or software, and complex cryptographic primitives. In summary, the new e- voting technique delivers voter assurance and can transform the present voting booth based voting and election practice. Besides voting and elections, the new technique can also be adapted to other applications such as student class evaluation, rating and reputation systems.Item On Several Problems Regarding the Application of Opportunistic Proximate Links in Smartphone Networks(2015) Peng, Wei; Li, Feng; Zou, Xukai; Li, NinghuiA defining characteristic of smartphones is the availability of short-range radio transceivers (the proximate channel) such as Bluetooth, NFC, and Wi-Fi Direct, in addition to traditional long-range cellular telecommunication technologies (the cellular channel). Coupled with smartphones’ portability and their human users’ mobility, the proximate channel provides opportunistic proximate links as a supplement/alternative to the cellular channel’s persistent infrastructural links for data communication. Opportunistic proximate links have a diverse set of applications, with each application scenario bringing a unique set of often conflicting objectives to balance. This dissertation presents a study on several problems regarding the application of opportunistic proximate links in smartphone networks. The first part of this dissertation, which includes Chapter 2, 3, and 4, focuses on the cost-effective distribution of content using opportunistic proximate links, and examines several applications: 1. Chapter 2 is on the use of opportunistic proximate links in selecting a representative subset from a set of smartphones for prioritized defense deployment in a Bring-Your-Own-Device (BYOD) enterprise network environment. 2. Chapter 3 is on the use of opportunistic proximate links for offloading bounded-delay-tolerant topical content from cellular persistent infrastructural links. 3. Chapter 4 is on the use of opportunistic proximate links in a generalized scenario of content distribution in a smartphone network that is heterogeneous in the availability of cellular persistent infrastructural links. The second part of this dissertation, which includes Chapter 5 and 6, considers the opposite problem of preventing the distribution of unwanted content (mobile malware) over opportunistic proximate links and the supplementary problem of detecting mobile malware. Chapter 5 considers a probabilistic behavioral malware detection framework for delay-tolerant smartphone networks that are connected by opportunistic proximate links. Solutions to several challenging problems that are unique to decentralized and opportunistic nature of such networks, including “balance between insufficient evidence and evidence collection risk,” “liars,” and “defectors” are proposed and evaluated. Based on the widely used Android mobile computing platform, Chapter 6 presents the design, implementation, and evaluation of a novel declarative approach to static binary analysis of Android apps, which underlies the problem of detecting malware on the Android platform. Real Android malware samples are analyzed, and techniques to robustly handle them are proposed and evaluated.Item Seed and Grow: An Attack Against Anonymized Social Networks(2012-08-07) Peng, Wei; Li, Feng; Zou, Xukai, 1963-; Xia, YuniDigital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services. To demonstrate the feasibility of abuse and raise public awareness of this issue, I propose an algorithm, Seed and Grow, to identify users from an anonymized social graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations. This work identifies and relaxes implicit assumptions taken by previous works, eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim.Item Temporal Coverage Based Content Distribution in Heterogeneous Smart Device Networks(IEEE, 2015-06) Peng, Wei; Li, Feng; Zou, Xukai; Department of Computer & Information Science, School of ScienceThe present work studies content distribution in heterogeneous smart device networks, in which all smartphones/ tablets can communicate through proximity channels such as Bluetooth/NFC/Wi-Fi Direct when they are in proximity, but only some devices have the cellular data communication capability. In the context of recent applications of content distribution in smart device networks such as mobile offloading and enterprise network defense prioritization, we propose a temporal coverage based scheme that exploits nodes' encounter regularity and content's delivery delay tolerance to reduce content delivery costs. Using kernel-density estimation (KDE) on the readily available proximity encounter records, we propose a network structural property, T-covering set, and a corresponding localized algorithm that distributedly elects a T-covering set from the underlying network. Using real Bluetooth encounter traces, we demonstrate that temporal coverage based content distribution using T-covering set can significantly reduce content delivery cost with minimal delay and no sacrifice in coverage.Item Transparent, Auditable, and Stepwise Verifiable Online E-Voting Enabling an Open and Fair Election(MDPI, 2017-08-17) Zou, Xukai; Li, Huian; Li, Feng; Peng, Wei; Sui, Yan; Computer and Information Science, School of ScienceMany e-voting techniques have been proposed but not widely used in reality. One of the problems associated with most existing e-voting techniques is the lack of transparency, leading to a failure to deliver voter assurance. In this work, we p verifiable, viewable, and mutual restraining e-voting protocol that exploits the existing multi-party political dynamics such as in the US. The new e-voting protocol consists of three original technical contributions—universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement—that, along with a public real time bulletin board, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent/viewable to anyone, which allow any voter to visually verify that his vote is indeed counted and also allow any third party to audit the tally, thus, enabling open and fair election. Depending on the voting environment, our interactive protocol is suitable for small groups where interaction is encouraged, while the non-interactive protocol allows large groups to vote without interaction.