Mobile OS Vulnerabilities: Quantitative and Qualitative Analysis (行動作業系統漏洞:定量與定性分析)
Garg, Shivi, Baliyan, Niyati
- 出版商: CRC
- 出版日期: 2024-12-19
- 售價: $2,310
- 貴賓價: 9.5 折 $2,195
- 語言: 英文
- 頁數: 179
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1032407484
- ISBN-13: 9781032407487
尚未上市,無法訂購
相關主題
商品描述
This is book offers in-depth analysis of security vulnerabilities in different mobile operating systems. It provides methodology and solutions for handling Android malware and vulnerabilities and transfers the latest knowledge in machine learning and deep learning models towards this end. Further, it presents a comprehensive analysis of software vulnerabilities based on different technical parameters such as causes, severity, techniques, and software systems' type. Moreover, the book also presents the current state of the art in the domain of software threats and vulnerabilities. This would help analyze various threats that a system could face, and subsequently, it could guide the securityengineer to take proactive and cost-effective countermeasures.
Security threats are escalating exponentially, thus posing a serious challenge to mobile platforms. Android and iOS are prominent due to their enhanced capabilities and popularity among users. Therefore, it is important to compare these two mobile platforms based on security aspects. Android proved to be more vulnerable compared to iOS. The malicious apps can cause severe repercussions such as privacy leaks, app crashes, financial losses (caused by malware triggered premium rate SMSs), arbitrary code installation, etc. Hence, Android security is a major concern amongst researchers as seen in the last few years. This book provides an exhaustive review of all the existing approaches in a structured format.
The book also focuses on the detection of malicious applications that compromise users' security and privacy, the detection performance of the different program analysis approach, and the influence of different input generators during static and dynamic analysis on detection performance. This book presents a novel method using an ensemble classifier scheme for detecting malicious applications, which is less susceptible to the evolution of the Android ecosystem and malware compared to previous methods. The book also introduces an ensemble multi-class classifier scheme to classify malware into known families. Furthermore, we propose a novel framework of mapping malware to vulnerabilities exploited using Android malware's behavior reports leveraging pre-trained language models and deep learning techniques. The mapped vulnerabilities can then be assessed on confidentiality, integrity, and availability on different Android components and sub-systems, and different layers.
商品描述(中文翻譯)
本書深入分析了不同行動作業系統中的安全漏洞。它提供了處理 Android 惡意軟體和漏洞的方法論及解決方案,並將最新的機器學習和深度學習模型知識應用於此。此外,本書還根據不同的技術參數(如原因、嚴重性、技術和軟體系統類型)對軟體漏洞進行了全面分析。此外,本書還介紹了當前在軟體威脅和漏洞領域的最新技術,這將有助於分析系統可能面臨的各種威脅,並隨後指導安全工程師採取主動且具成本效益的對策。
安全威脅正在以指數級增長,對行動平台構成了嚴重挑戰。由於其增強的功能和在用戶中的受歡迎程度,Android 和 iOS 成為了突出的平台。因此,根據安全方面比較這兩個行動平台是非常重要的。與 iOS 相比,Android 被證明更容易受到攻擊。惡意應用程式可能導致嚴重後果,例如隱私洩漏、應用程式崩潰、財務損失(由惡意軟體觸發的高額簡訊費用)、任意代碼安裝等。因此,Android 安全在過去幾年中成為研究人員的主要關注點。本書以結構化的格式提供了對所有現有方法的全面回顧。
本書還專注於檢測妨害用戶安全和隱私的惡意應用程式、不同程式分析方法的檢測性能,以及在靜態和動態分析中不同輸入生成器對檢測性能的影響。本書提出了一種使用集成分類器方案來檢測惡意應用程式的新方法,與以往方法相比,這種方法對 Android 生態系統和惡意軟體的演變不那麼敏感。本書還介紹了一種集成多類別分類器方案,用於將惡意軟體分類為已知家族。此外,我們提出了一種新框架,利用預訓練的語言模型和深度學習技術,將惡意軟體映射到利用的漏洞。映射的漏洞可以在不同的 Android 組件和子系統以及不同層級上評估其機密性、完整性和可用性。
作者簡介
Shivi Garg has Doctor of Philosophy in December 2021 from Information Technology Department, Indira Gandhi Delhi Technical University for Women, (IGDTUW), Delhi, India. Thesis title: Design and Analysis of Mobile Application Vulnerabilities. She is also a post graduate in Information security from Delhi Technological University (DTU) Delhi, India. She has teaching and research experience since August 2016. Currently she is an Assistant Professor at J.C. Bose University of Science & Technology, YMCA, Faridabad. Her research interests include- Information Security, mobile security, cyber security, and Machine learning. Her publication and other details can be found at: https: //sites.google.com/view/shivigarg/home
Niyati Baliyan is an Assistant Professor, Department of Computer Engineering, National Institute of Technology Kurukshetra, Haryana. She has attained Doctor of Philosophy from Computer Science Department, Indian Institute of Technology (IIT) Roorkee, India. Her thesis title was "Quality Assessment of Semantic Web based Applications". She also has a Post Graduate Certificate in Information Technology from Sheffield Hallam University, Sheffield, U.K.Niyati obtained Chancellor's Gold Medal for being University topper during post graduate studies at Gautam Buddha University. She is co-author of "Semantic Web Based Systems: Quality Assessment Models, SpringerBriefs in Computer Science",2018. Her research interests include-Knowledge Engineering, Machine Learning, Healthcare analytics, Recommender systems, Information Security, and Natural Language Processing. Her publication and other details can be found at: https: //sites.google.com/site/niyatibaliyan.
作者簡介(中文翻譯)
Shivi Garg於2021年12月獲得印度德里Indira Gandhi女子技術大學(IGDTUW)資訊科技系的哲學博士學位。論文題目為《行動應用程式漏洞的設計與分析》。她同時擁有德里技術大學(DTU)資訊安全的碩士學位。自2016年8月以來,她擁有教學和研究經驗。目前,她是J.C. Bose科學與技術大學(YMCA,法里達巴德)的助理教授。她的研究興趣包括資訊安全、行動安全、網路安全和機器學習。她的出版物及其他詳情可在以下網址查詢:https://sites.google.com/view/shivigarg/home
Niyati Baliyan是哈里亞納邦國立技術學院(National Institute of Technology Kurukshetra)計算機工程系的助理教授。她在印度理工學院(IIT)魯爾基的計算機科學系獲得哲學博士學位。她的論文題目為《基於語義網的應用程式質量評估》。她還擁有英國謝菲爾德哈倫大學的資訊科技碩士證書。Niyati在高達姆布達大學的研究生學習期間因成為大學優等生而獲得校長金獎。她是《基於語義網的系統:質量評估模型,SpringerBriefs in Computer Science》的共同作者,該書於2018年出版。她的研究興趣包括知識工程、機器學習、醫療分析、推薦系統、資訊安全和自然語言處理。她的出版物及其他詳情可在以下網址查詢:https://sites.google.com/site/niyatibaliyan。