DOCSLIB.ORG

Open Zhixu-Dissertation.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Open Zhixu-Dissertation.Pdf The Pennsylvania State University The Graduate School College of Engineering SECURITY AND PRIVACY OF NEW FEATURES ON SMARTPHONES A Dissertation in Computer Science and Engineering by Zhi Xu ⃝c 2012 Zhi Xu Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy December 2012 The dissertation of Zhi Xu was reviewed and approved∗ by the following: Sencun Zhu Associate Professor of Computer Science and Engineering Associate Professor of Information Sciences and Technology Dissertation Advisor Chair of Committee Guohong Cao Professor of Computer Science and Engineering Tom La Porta Professor of Computer Science and Engineering Dennis K.J. Lin Professor of Statistics Lee Coraor Associate of Computer Science and Engineering Director of Academic Affairs ∗Signatures are on file in the Graduate School. Abstract Smartphones have become an indispensable part of our daily lives. Thanks to advances in both hardware and software, modern smartphones provide innovative features to third party applications (a.k.a., apps) running on their platforms. Those features, including various onboard sensors and notification services, have been widely applied in third party applications. They allow the developers to build innovative third party applications. Also, they greatly improve the interactive experience for phone users. As these features and their provided services are becoming more and more popular, concerns are raised about whether the features and the services they provide might introduce security vulnerabilities to the smartphone or cause private information leakages of phone users. Because these features are newly introduced and never appear on the previous dumbphones, they have been barely studied from the perspectives of security and privacy in previous literatures. In this dissertation, we present our studies focusing on two types of popular features on smartphones: onboard sensors (and the sensor services they provide) and notification services. For each feature, we elaborate our studies from both the attack side (i.e., exploring attack approaches on phone users utilizing the feature) and the defense side (i.e., proposing designs and solutions to prevent potential feature-based attacks). For the onboard sensors on smartphones, we present a study of inferring a user's tap inputs on a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the device movements and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrences of tap events on the touchscreen as well as the iii tapped positions on the touchscreen. To manage the onboard sensors and prevent sensor-based attacks, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide the compre- hensive and fine-grained access control over onboard sensors. SemaDroid allows the smartphone user to know the sensor usage of every installed application, spec- ify context-aware and quality-of-sensing based access control policies, and enforce the policies in real-time. Further, considering the trade-off between functionali- ties of installed third party applications and privacy of users, SemaDroid provides a privacy bargain feature that allows users to control the disclosure of sensing information while keeping the application running. For the notification service, we show that notification customization may allow an installed trojan application to launch phishing attacks or anonymously post spam notifications. Through our studies on four major smartphone platforms, we show that both Android and BlackBerry OS are vulnerable under the phishing and spam notification attacks. iOS and Windows Phone allow little notification cus- tomization, thus launching the phishing and spam attacks will expose the identity of the trojan application. Our notification service studies point out the important vulnerability of lacking view authentication in the existing view-based smartphone platforms. To prevent the user from being tricked by the phishing notification and to lo- cate the malware application spreading phishing and spam notifications, while still allowing notification customization, we propose a Semi-OS-Controlled notification view design principle and a Notification Logging service. Moreover, to protect applications from fraudulent views, we propose a view authentication framework, named SecureView, which enables the third party applications to add the authen- tication image and text to their sensitive views (e.g. the account login view). The design, implementation, demonstrations, and evaluation of proposed attack and defense approaches are elaborated in the dissertation. iv Contents List of Figures xi List of Tables xiii Acknowledgments xiv Chapter 1 Introduction 1 1.1 New Features on Smartphones . 1 1.2 Motivation . 2 1.3 Contributions . 3 1.3.1 Motion Sensor based Logging Attacks . 4 1.3.2 Proposed Sensor Management Framework . 4 1.3.3 Notification based Phishing and Spam Attacks . 5 1.3.4 Preventing Notification based Phishing and Spam Attacks . 6 1.4 Dissertation Outline . 7 Chapter 2 Onboard Sensors and Notification Services on Smartphones 8 2.1 Mobile Phone Sensing . 9 2.1.1 Types of Onboard Sensors . 9 2.1.2 Phone Sensing Applications . 10 2.1.3 Existing Sensor Management on Android . 11 2.2 Notification Services . 12 2.2.1 Notification Categorization . 12 2.2.2 Notification Customization . 12 v Chapter 3 Inferring User Inputs on Touchscreens Using Motion Sensors 15 3.1 Technical Background . 16 3.1.1 User Inputs on Touchscreen . 16 3.1.2 Motion Sensors . 16 3.1.2.1 Accelerometer Sensor . 17 3.1.2.2 Orientation Sensor . 18 3.1.2.3 Hardware Specifications . 18 3.1.3 Tap-To-Open/Active Interactive Pattern . 18 3.2 Related Work . 19 3.2.1 Logging Attacks on Smartphones . 19 3.2.2 Attacks Relying on Mobile Sensors . 20 3.3 Attack Overview . 21 3.3.1 Assumptions . 21 3.3.2 Attack Goals . 21 3.3.3 Attack Workflow . 22 3.3.4 Challenges . 23 3.4 Tap Event Detection . 23 3.4.1 Observed Pattern of Tap Events . 24 3.4.2 Proposed Statistic Approach . 25 3.4.2.1 Pattern Learning in Training Mode . 25 3.4.2.2 Tap Event Detection in Logging Mode . 27 3.4.3 Evaluations . 28 3.5 Tap Position Inference . 30 3.5.1 Gesture Change Analysis . 30 3.5.2 Screen Division . 32 3.5.3 Proposed Inference Approach . 32 3.5.3.1 Classifier Generation in Training Mode . 33 3.5.3.2 Inference in Logging Mode . 34 3.5.4 Evaluation . 35 3.6 Applications on Android ........................ 37 3.6.1 Implementation on Android . 37 3.6.1.1 Training Mode . 37 3.6.1.2 Logging Mode . 37 3.6.2 Number Pad Logging Attack . 38 3.6.2.1 Attack Overview . 38 3.6.2.2 Tap Position Inference . 39 3.6.2.3 Evaluations . 39 3.6.3 Password Stealing Attack . 41 3.6.3.1 Attack Overview . 41 vi 3.6.3.2 Tap Position Inference . 41 3.6.3.3 Evaluations . 43 3.7 Discussion . 43 3.7.1 Security Permission Requirements . 43 3.7.2 Overhead Analysis . 44 3.7.3 Attack on Other Platforms . 45 3.7.4 Countermeasures . 45 Chapter 4 A Privacy-Aware Sensor Management Framework for Smart- phones 47 4.1 Overview of SemaDroid ........................ 47 4.2 Related Works . 49 4.2.1 Access Control on Smartphones . 49 4.2.2 Sensor Management on Smartphones . 50 4.3 Security Model . 51 4.3.1 Attack Model . 51 4.3.2 Trust Model . 52 4.4 SemaDroid Design . 52 4.4.1 SemaDroid Framework Design . 53 4.4.2 SemaDroid Workflow . 54 4.4.2.1 Allowing Sensor Usage Management . 55 4.4.2.2 Enforcing Sensor Usage Policies . 55 4.5 Usage Policy Design and Enforcement . 56 4.5.1 Policy Design . 57 4.5.1.1 app-info Section . 57 4.5.1.2 policy-info Section . 58 4.5.2 Policy Enforcement Context . 58 4.5.3 Quality-of-Sensing based Enforcement Rules . 60 4.5.4 Policy Enforcement . 60 4.6 Privacy Bargain . 61 4.6.1 Definition of Privacy Bargain . 61 4.6.2 Bargain Procedure using SemaDroid . 62 4.6.3 QoSn Adjustment using SemaDroid . 63 4.6.3.1 Data Adjustment Rules . 63 4.6.3.2 Data Manipulation Rules . 63 4.6.3.3 Mock Data Rules . 64 4.6.3.4 Rules Refinement . 64 4.7 Implementation of SemaDroid ..................... 64 4.7.1 Unrestricted Sensors . 64 vii 4.7.1.1 Normal Sensor Data Collection . 65 4.7.1.2 Policy Enforcement with SemaDroid . 67 4.7.2 GPS and Network Location Providers . 67 4.7.2.1 Normal Sensor Data Collection . 68 4.7.2.2 Policy Enforcement with SemaDroid . 68 4.7.3 Camera . 69 4.7.3.1 Normal Sensor Data Collection . 69 4.7.3.2 Policy Enforcement . 69 4.7.4 Microphone . 70 4.7.4.1 Normal Sensor Data Collection . 70 4.7.4.2 Policy Enforcement . 71 4.7.5 Media Recorder . 71 4.7.5.1 Normal Sensor Data Collection . 71 4.7.5.2 Policy Enforcement . 72 4.7.6 Mock Data Generator Service . 73 4.8 Application and Demonstration . 74 4.8.1 Preventing Private Sensor Data Leakage . 74 4.8.1.1 Sensor Usage Review . 74 4.8.1.2 Policy Design . 74 4.8.2 Managing Sensor Usages . 75 4.9 Discussions . 77 4.9.1 Extending SemaDroid to iOS and BlackBerry OS . 77 4.9.2 Mock Sensor Data . 78 4.9.3 Coverage of SemaDroid ...................
Load more

Recommended publications
  • A Rule Based Approach for Spam Detection
    A RULE BASED APPROACH FOR SPAM DETECTION Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering In Computer Science & Engineering By: Ravinder Kamboj (Roll No. 800832030) Under the supervision of: Dr. V.P Singh Mrs. Sanmeet Bhatia Assistant Professor Assistant Professor Computer Science & Engineering Department of SMCA COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 JULY- 2010 i ii Abstract Spam is defined as a junk Email or unsolicited Email. Spam has increased tremendously in the last few years. Today more than 85% of e-mails that are received by e-mail users are spam. The cost of spam can be measured in lost human time, lost server time and loss of valuable mail. Spammers use various techniques like spam via botnet, localization of spam and image spam. According to the mail delivery process anti-spam measures for Email Spam can be divided in to two parts, based on Emails envelop and Email data. Black listing, grey listing and white listing techniques can be applied on the Email envelop to detect spam. Techniques based on the data part of Email like heuristic techniques and Statistical techniques can be used to combat spam. Bayesian filters as part of statistical technique divides the income message in to words called tokens and checks their probability of occurrence in spam e-mails and ham e-mails. Two types of approaches can be followed for the detection of spam e-mails one is learning approach other is rule based approach. Learning approach required a large dataset of spam e-mails and ham e-mails is required for the training of spam filter; this approach has good time characteristics filter can be retrained quickly for new Spam.
    [Show full text]
  • A Survey on Spam Detection Techniques
    ISSN (Online) : 2278-1021 ISSN (Print) : 2319-5940 International Journal of Advanced Research in Computer and Communication Engineering Vol. 3, Issue 12, December 2014 A survey on spam detection techniques Anjali Sharma1, Manisha 2, Dr.Manisha 3 , Dr.Rekha Jain 4 1,2,3,4 Bansthali Vidyapith, Jaipur Campus, India Abstract: Today e-mails have become one of the most popular and economical forms of communication for Internet users. Thus due to its popularity, the e-mail is going to be misused. One such misuse is the posting of unwelcome, unwanted e-mails known as spam or junk e-mails [1]. E-mail spam has various consequences. It reduces productivity, takes extra space in mail boxes, extra time, extend software damaging viruses, and materials that contains potentially harmful information for Internet users, destroy stability of mail servers, and as a result users spend lots of time for sorting incoming mail and deleting unwanted correspondence. So there is a need of spam detection so that its consequences can be reduced [2]. In this paper, we present various spam detection techniques. Keywords: Spam, Spam detection techniques, Email classification I. INTRODUCTION Spam refers to unsolicited commercial email. Also known firewalls; therefore, it is an especially useful way for as junk mail, spam floods Internet users’ electronic spammers. It targets the users when they join any chat mailboxes. These junk mails can contain various types of room to find new friends. It spoils enjoy of people and messages such as pornography, commercial advertising, waste their time also. doubtful product, viruses or quasi legal services [3].
    [Show full text]
  • Asian Anti-Spam Guide 1
    Asian Anti-Spam Guide 1 © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 2 • Combating the latest inbound threat: Spam and dark traffic, Pg. 13 • Secure Email Policy Best Practices, Pg. 17 • The Continuous Hurdle of Spam, Pg. 29 • Asian Anti Spam Acts, Pg. 42 Contents: • Email Spam: A Rising Tide 4 • What everyone should know about spam and privacy 7 • Scary Email Issues of 2008 12 • Combating the latest inbound threat: Spam and dark 13 • Proofpoint survey viewed spam as an increasing threat 16 • Secure Email Policy Best Practices 17 • Filtering Out Spam and Scams 24 • The Resurgence of Spam 26 • 2008 Q1 Security Threat landscape 27 • The Continuous Hurdle of Spam 29 • Spam Filters are Adaptive 30 • Liberating the inbox: How to make email safe and pro- 31 ductive again • Guarantee a clear opportunity to opt out 33 • The Great Balancing Act: Juggling Collaboration and 34 Authentication in Government IT Networks • The Not So Secret Cost of Spam 35 • How to Avoid Spam 36 • How to ensure your e-mails are not classified as spam 37 • Blue Coat’s Top Security Trends for 2008 38 • The Underground Economy 40 • Losing Email is No Longer Inevitable 42 • Localized malware gains ground 44 • Cyber-crime shows no signs of abating 45 MEDIABUZZ PTE LTD • Asian Anti-Spam Acts 47 ASIAN ANTI-SPAM GUIDE © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 3 • Frost & Sullivan: Do not underestimate spam, Pg. 65 • Unifying email security is key, Pg. 71 • The many threats of network security, Pg. 76 • The UTM story, Pg.
    [Show full text]
  • Internet Security
    In the News Articles in the news from the past month • “Security shockers: 75% of US bank websites Internet Security have flaws” • “Blank robbers swipe 3,000 ‘fraud-proof’ UK passports” • “Korean load sharks feed on hacked data” • “Worms spread via spam on Facebook and Nan Niu ([email protected]) MySpace” CSC309 -- Fall 2008 • “Beloved websites riddled with crimeware” • “Google gives GMail always-on encryption” http://www.theregister.co.uk 2 New Targets of 2007 Scenario 1 • Cyber criminals and cyber spies have • The Chief Information Security Officer shifted their focus again of a medium sized, but sensitive, federal – Facing real improvements in system and agency learned that his computer was network security sending data to computers in China. • The attackers now have two new targets • He had been the victim of a new type of spear phishing attack highlighted in this – users who are easily misled year’s Top 20. – custom-built applications • Once they got inside, the attackers had • Next, 4 exploits scenarios… freedom of action to use his personal • Reported by SANS (SysAdmin, Audit, Network, computer as a tunnel into his agency’s Security), http://www.sans.org systems. 3 4 Scenario 2 Scenario 3 • Hundreds of senior federal officials and business • A hospital’s website was compromised executives visited a political think-tank website that had been infected and caused their computers to because a Web developer made a become zombies. programming error. • Keystroke loggers, placed on their computers by the • Sensitive patient records were taken. criminals (or nation-state), captured their user names and passwords when their stock trading accounts and • When the criminals proved they had the their employers computers, and sent the data to data, the hospital had to choose between computers in different countries.
    [Show full text]
  • Design of SMS Commanded-And-Controlled and P2P-Structured Mobile Botnets
    Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets Yuanyuan Zeng, Kang G. Shin, Xin Hu The University of Michigan, Ann Arbor, MI 48109-2121, U.S.A. fgracez, kgshin, [email protected] Abstract—Botnets have become one of the most serious security is usually capable of only one or two functions. Although the threats to the Internet and personal computer (PC) users. number of mobile malware families and their variants has been Although botnets have not yet caused major outbreaks in mobile growing steadily over the recent years, their functionalities networks, with the rapidly-growing popularity of smartphones such as Apple’s iPhone and Android-based phones that store have remained simple until recently. more personal data and gain more capabilities than earlier- SymbOS.Exy.A trojan [2] was discovered in February 2009 generation handsets, botnets are expected to move towards this and its variant SymbOS.Exy.C resurfaced in July 2009. This mobile domain. Since SMS is ubiquitous to every phone and can mobile worm, which is said to have “botnet-esque” behavior delay message delivery for offline phones, it is a suitable medium patterns, differs from other mobile malware because after for command and control (C&C). In this paper, we describe how a mobile botnet can be built by utilizing SMS messages infection, it connects back to a malicious HTTP server and for C&C, and how different P2P structures can be exploited reports information of the device and its user. The Ikee.B for mobile botnets. Our simulation results demonstrate that a worm [3] targets jailbroken iPhones, and has behavior similar modified Kademlia—a structured architecture—is a better choice to SymbOS.Exy.
    [Show full text]
  • Anti-Spam Methods
    INTRODUCTION Spamming is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi- legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender. There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems. Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.
    [Show full text]
  • Spam (Spam 2.0) Through Web Usage
    Digital Ecosystems and Business Intelligence Institute Addressing the New Generation of Spam (Spam 2.0) Through Web Usage Models Pedram Hayati This thesis is presented for the Degree of Doctor of Philosophy of Curtin University July 2011 I Abstract Abstract New Internet collaborative media introduce new ways of communicating that are not immune to abuse. A fake eye-catching profile in social networking websites, a promotional review, a response to a thread in online forums with unsolicited content or a manipulated Wiki page, are examples of new the generation of spam on the web, referred to as Web 2.0 Spam or Spam 2.0. Spam 2.0 is defined as the propagation of unsolicited, anonymous, mass content to infiltrate legitimate Web 2.0 applications. The current literature does not address Spam 2.0 in depth and the outcome of efforts to date are inadequate. The aim of this research is to formalise a definition for Spam 2.0 and provide Spam 2.0 filtering solutions. Early-detection, extendibility, robustness and adaptability are key factors in the design of the proposed method. This dissertation provides a comprehensive survey of the state-of-the-art web spam and Spam 2.0 filtering methods to highlight the unresolved issues and open problems, while at the same time effectively capturing the knowledge in the domain of spam filtering. This dissertation proposes three solutions in the area of Spam 2.0 filtering including: (1) characterising and profiling Spam 2.0, (2) Early-Detection based Spam 2.0 Filtering (EDSF) approach, and (3) On-the-Fly Spam 2.0 Filtering (OFSF) approach.
    [Show full text]
  • Statistics Survey 357528 'Survey on Internet Attitudes'
    Quick statistics Survey 357528 'Survey on Internet Attitudes' Results Survey 357528 Number of records in this query: 1000 Total records in survey: 1000 Percentage of total: 100.00% page 1 / 226 Quick statistics Survey 357528 'Survey on Internet Attitudes' Field summary for QA1 I agree to these terms and want to participate in the survey. I confirm that I am 16 years of age or over. Answer Count Percentage Yes (A1) 1000 100.00% No answer 0 0.00% page 2 / 226 Quick statistics Survey 357528 'Survey on Internet Attitudes' Field summary for QB1a(SQ001) How often do you go online and for which of the following activities (for private purposes)? [a. Check my email] Answer Count Percentage Several times a day (A1) 893 89.30% Daily (A2) 92 9.20% Weekly (A3) 10 1.00% Monthly (A4) 2 0.20% Less than monthly (A5) 0 0.00% Never (A6) 3 0.30% No answer 0 0.00% page 3 / 226 Quick statistics Survey 357528 'Survey on Internet Attitudes' Field summary for QB1a(SQ002) How often do you go online and for which of the following activities (for private purposes)? [b. Use instant messaging (e.g. WhatsApp, Facebook Messenger)] Answer Count Percentage Several times a day (A1) 577 57.70% Daily (A2) 165 16.50% Weekly (A3) 87 8.70% Monthly (A4) 28 2.80% Less than monthly (A5) 33 3.30% Never (A6) 110 11.00% No answer 0 0.00% page 4 / 226 Quick statistics Survey 357528 'Survey on Internet Attitudes' Field summary for QB1a(SQ003) How often do you go online and for which of the following activities (for private purposes)? [c.
    [Show full text]
  • Strong Cash Flow Lifts Stocks up VN Index Surging Back to Previous Peak
    Stock market Strong cash flow lifts stocks up 08/May/2017 Intellasia| The Saigon Times The local market reported seesaw trading around the strong resistance of 720 points on May 4 but stocks went up in the afternoon thanks to strong cash flow into the property sector. The VN Index extended its winning streak to the fourth straight session, gaining 2.48 points, or 0.34 percent, at 722.02, while turnover eased slightly to VND4.6 trillion. Market breadth narrowed down as advancers slightly outnumbered decliners by 148 to 114 while 41 others closed at the reference prices. The banking sector maintained active trading with VCB rising 2.2 percent on volume of nearly 2.2 million shares, STB up 4.3 percent with 6.4 million shares, BID up 1.2 percent with 3.6 million shares and CTG up 1.7 percent with nearly one million shares. Meanwhile, MBB lost 1.8 percent to VND16,500 a share with 2.2 million shares changing hands. Large cap VNM contributed positively to the market, closing up 1.5 percent at VND148,500 a share on volume of nearly one million shares. Forward moves were partly offset by PVD, which lost ground for the fourth straight session and plunged to the floor price for the second consecutive day, ending at VND15,400 per share with matching volume of 8.3 million shares. Notably, the property sector strongly attracted the cash flow. QCG, DIC, DIG, VPH and HQC went up to the ceiling prices on high trading volumes, in which HQC reported matching volume of over 8.5 million shares.
    [Show full text]
  • Studienbriefe-Spam.Pdf
    Spam [Spam] Autoren: Dr. Christopher Wolf Sebastian Uellenbeck Ruhr-Universität Bochum Modul Spam [Spam] Studienbrief 1: Grundlagen Studienbrief 2: Spam-Techniken Studienbrief 3: Anti-Spam-Techniken Autoren: Dr. Christopher Wolf Sebastian Uellenbeck 1. Auflage Ruhr-Universität Bochum © 2017 Ruhr-Universität Bochum Universitätsstraße 150 44801 Bochum 1. Auflage (30. Mai 2017) Didaktische und redaktionelle Bearbeitung: Bärbel Wolf-Gellatly Das Werk einschließlich seiner Teile ist urheberrechtlich geschützt. Jede Ver- wendung außerhalb der engen Grenzen des Urheberrechtsgesetzes ist ohne Zustimmung der Verfasser unzulässig und strafbar. Das gilt insbesondere für Vervielfältigungen, Übersetzungen, Mikroverfilmungen und die Einspei- cherung und Verarbeitung in elektronischen Systemen. Um die Lesbarkeit zu vereinfachen, wird auf die zusätzliche Formulierung der weiblichen Form bei Personenbezeichnungen verzichtet. Wir weisen des- halb darauf hin, dass die Verwendung der männlichen Form explizit als geschlechtsunabhängig verstanden werden soll. Das diesem Bericht zugrundeliegende Vorhaben wurde mit Mitteln des Bun- desministeriums für Bildung, und Forschung unter dem Förderkennzeichen 16OH12026 gefördert. Die Verantwortung für den Inhalt dieser Veröffentli- chung liegt beim Autor. Inhaltsverzeichnis Seite3 Inhaltsverzeichnis Einleitung zu den Studienbriefen5 I. Abkürzungen der Randsymbole und Farbkodierungen......... 5 II. Zu den Autoren.............................. 6 III. Modullehrziele.............................. 7 Studienbrief 1 Grundlagen9
    [Show full text]
  • Histogram Based Image Spam Detection Using Back Propagation Neural Networks GJCST Classifications: M
    Global Journal of Computer Science and Technology Vol. 9 Issue 5 (Ver 2.0), January 2010 P a g e | 62 Histogram based Image Spam Detection using Back propagation Neural Networks GJCST Classifications: M. Soranamageswari and Dr. C. Meena I.2.10, K.6.5, F.1.1, I.4.0, I.5.4 PT Abstract-In general words, image spam is a type of e- them emails also have similar properties as image-based mail in which the text message is presented as a picture in an emails; existing spam filters are no longer capable of image file. This prevents the text based spam filters from detecting between image-based spam and image ham [1]. detecting and blocking such spam messages. In our study we This provides a way for the spammers to easily foil the spam have considered the valid message as “ham” and the invalid filters. The text messages embedded in all image spam will message as “spam”. Though there are several techniques available for detecting the image spam (DNSBL, Greylisting, convey the intent of the spammer and this text is usually an Spamtraps, etc.,) each one has its own advantages and advertisement and often contains text, which has been disadvantages. On behalf of their weakness, they become blacklisted by spam filters (drug store, stock tip, etc). controversial to one another. This paper includes a general study on image spam detection using some of the well-liked II. NEURAL NETWORKS methods. The methods comprise, image spam filtering based on File type, RGB Histogram, and HSV histogram, which are This image spam can be identified using various methods.
    [Show full text]
  • Based on May 2011 Occupational Standards
    Ethiopian TVET-System INFORMATION TECHNOLOGY SUPPORT SERVICE Level I Based on May 2011 Occupational Standards October, 2019 Module Title: Protecting Application or System Software TTLM Code: ICT ITS1 TTLM1019 v1 This module includes the following Learning Guides LG33: Ensure User Accounts are Controlled LG Code: ICT ITS1 M09LO1LG33 LG34: Detect and Remove Destructive Software LG Code: ICT ITS1 M09 LO2LG34 LG35: Identify and Take Action to Stop Spam LG Code: ICT ITS1 M09 LO3 – LG35 Version:01 ICT ITS1 Page No.2 Copyright: Ethiopia Federal TVET Agency Instruction Sheet LG33: Ensure User Accounts are Controlled This learning guide is developed to provide you the necessary information regarding the following content coverage and topics – User Account Control User Account Configuration Notifications Displayed at Logon Utilities Used to Check Strength of Passwords Accessing Information Services This guide will also assist you to attain the learning outcome stated in the cover page. Specifically, upon completion of this Learning Guide, you will be able to – Modify default user settings to ensure that they conform to security policy Previously created user settings are modified to ensure they conform to updated security policy Ensure legal notices displayed at logon are appropriate Appropriate utilities are used to check strength of passwords and consider tightening rules for password complexity Emails are monitored to uncover breaches in compliance with legislation information services are accessed to identify security gaps and take appropriate action using hardware and software or patches Learning Instructions: 1. Read the specific objectives of this Learning Guide. 2. Follow the instructions described below 3 to 6. 3.
    [Show full text]