[owasp_seraphimdroid_project] GSoC - Behavioral malware and intrusion analysis

Nikola Milosevic nikola.milosevic at owasp.org
Mon Mar 14 15:28:31 UTC 2016


Hello Athos,

It is nice to meet you and I hope we may collaborate during the GSoC. I see
you have quite a lot of experience in static analysis. However, we have
already done some work during OWASP Code Summer Sprint on static code
analysis and a bit afterwards. We are currently in the process of
publishing the research we did as a paper and permission scanner already
has some sort of static analysis that uses machine learning integrated. For
this year the idea was more to do behavioral analysis, or how can we detect
intrusions and malware beside analyzing binary (i.e. some other indication,
such as op-codes, battery use and similar). The problem with static
analysis was that you cannot decompile the binary on device, so we used
just analysis over permissions. However, it performs with accuracy of
around 89%. So we thought about integrating another system for malware
detection based on some other approach.

The idea of application is to have some sort of proposition, what would you
like to do and how. That includes reviewing literature for the best
solution and/or in case you have some experience you can use that as well.
There have been a number of papers that tried to detect malware on android
using op-codes or battery usage as well as some other techniques. Some
search for behavioral malware or intrusion detection on android on Google
Scholar will give you the list that can work quite well for you. You also
need to provide some time schedule of the project over the 3 months that
Google Summer of Code lasts, or in other terms what you will be doing each
week.

It would be great if you can download the code and set up your environment
so you can build Seraphimdroid before submitting proposal. As well as
familiarize yourself with some bits of code and documentation that can be
found on the Seraphimdroid page and GitHub. There is also my 20+ minute
presentation on OWASP Seraphimdroid that was recorded on OWASP Manchester
meeting and can be helpful to get some overview of the project.

You can send me proposal before submitting, so I can have a look and maybe
give you some advises, however, you need to submit proposal finally over
GSoC web portal.

Good luck!

Best regards,

Nikola Milošević
OWASP Seraphimdroid project leader
nikola.milosevic at owasp.org
OWASP - Open Web Application Security Project
<https://www.owasp.org/index.php/Main_Page>
OWASP Seraphimdroid Project
<https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>

On Mon, Mar 14, 2016 at 3:03 PM, Athos Ribeiro <athoscribeiro at gmail.com>
wrote:

> Hello,
>
> My name is Athos Ribeiro,
>
> I am a software engineer and a M.S. student at University of São Paulo,
> Brazil.
>
> Currently, my research interests are in source code static analysis and
> machine learning. I worked at NIST (National Institute of Standards and
> Technology) as a Guest Researcher during 2014 working with static analysis
> tools evaluation. Now, for my master degree, I want to apply machine
> learning techniques to identify false positives and false negatives based
> on previous analysis of test suites provided by NIST.
>
> I believe the expected results for the "Behavioral malware and intrusion
> analysis" would help me improving my knowledge on the machine learning
> field which I could then apply to my research goals. I also know OWASP is
> interested in source code static analysis, so being involved with OWASP
> would also be good in that matter.
>
> As for the prerequisites, I am taking a machine learning course in
> coursera right now, but I have little experience with android (I do have
> the environment for android development running in my computer and would
> have no problem picking it up by reading the seraphimdroid code). Right
> now, my favorite programming languages are Perl, Ruby, Shell and Python,
> but it would be ok to work with Java. I do understand CSV and XML and have
> wirked with both in different programming languages before.
>
> Are there any tasks I should accomplish before applying for this project?
> Also, is there a list of scientific papers you would recommend for the
> first item in the expected results ("Reviewing scientific literature and
> find feasible approach we can take") or finding related papers are also
> part of it?
>
> Thank you.
>
> --
> Athos Ribeiro
>
> http://www.ime.usp.br/~athoscr
> http://ccsl.ime.usp.br/
> http://lappis.unb.br/
>
> _______________________________________________
> Owasp_seraphimdroid_project mailing list
> Owasp_seraphimdroid_project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_seraphimdroid_project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_seraphimdroid_project/attachments/20160314/14d61309/attachment.html>


More information about the Owasp_seraphimdroid_project mailing list