In this e-world, everyone wants to secure their electronic devices such
as smartphones or tablets and want to remain uninfected by viruses and
malware. For this purpose we have mobile security applications to
prevent our smartphones from getting infected by viruses and malwares.
But these applications are not efficient and make user-experience of the
smartphone dull (by consuming more RAM). To tackle this issue,
researchers from North Carolina State University have developed a new
tool named “Practical Root Exploit Containment” to detect and prevent
malware in downloaded applications, which tries to root exploit in
Android devices.
Root exploits take control of system administration functions of the operating system (Android, in this case). If a hacker successfully root exploits an Android smartphone then, it gives hacker an unrestricted control of user’s smartphone. The PREC tool is developed for the sole purpose of preventing root exploits done by malware. This tool improves the existing technique called 'anomaly detection' which is used to compare the behavior of particular smartphone's application. This technique will check whether the application is behaving properly (as expected) or not. If there is any change in the normal behavior of application, the anomaly detection technique reports the unexpected behavior. With this new tool called 'PREC', the researchers have been able to analyze the problem and check whether the unexpected behavior is malicious or harmless ’false positives’.
PREC targets the code written in C language, which is usually used by hackers to create malware. According to the co-author of this research paper Dr. Will Enck, anomaly detection technique is old and reports lots of false positives. Enck says they are focusing solely on C-code which helps to write this Android root exploits. Other co-author of this research paper Dr. Helen Gu believes, this approach will drive down the number of false positives reported, reduce the disturbances faced by user and make anomaly detection efficient.
Many application vendors upload their product for malicious purposes. Malware programmers have developed techniques that hide malware until the application is installed on the smartphone. Researchers want to take advantage of vendor’s screening efforts to create database of application’s normal behavior, by introducing PREC software into their application’s assessment. The research team also assures that PREC software will not affect the screening process by creating external database for storing application's normal behavior.
Root exploits take control of system administration functions of the operating system (Android, in this case). If a hacker successfully root exploits an Android smartphone then, it gives hacker an unrestricted control of user’s smartphone. The PREC tool is developed for the sole purpose of preventing root exploits done by malware. This tool improves the existing technique called 'anomaly detection' which is used to compare the behavior of particular smartphone's application. This technique will check whether the application is behaving properly (as expected) or not. If there is any change in the normal behavior of application, the anomaly detection technique reports the unexpected behavior. With this new tool called 'PREC', the researchers have been able to analyze the problem and check whether the unexpected behavior is malicious or harmless ’false positives’.
PREC targets the code written in C language, which is usually used by hackers to create malware. According to the co-author of this research paper Dr. Will Enck, anomaly detection technique is old and reports lots of false positives. Enck says they are focusing solely on C-code which helps to write this Android root exploits. Other co-author of this research paper Dr. Helen Gu believes, this approach will drive down the number of false positives reported, reduce the disturbances faced by user and make anomaly detection efficient.
Many application vendors upload their product for malicious purposes. Malware programmers have developed techniques that hide malware until the application is installed on the smartphone. Researchers want to take advantage of vendor’s screening efforts to create database of application’s normal behavior, by introducing PREC software into their application’s assessment. The research team also assures that PREC software will not affect the screening process by creating external database for storing application's normal behavior.
No comments:
Post a Comment