Jk7h.Pwcd.Slyfomdg.Setmain
Total Page:16
File Type:pdf, Size:1020Kb
Graduate School Form 30 Updated 1/15/2015 PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Wei Peng Entitled ON SEVERAL PROBLEMS REGARDING THE APPLICATION OF OPPORTUNISTIC PROXIMATE LINKS IN SMARTPHONE NETWORKS For the degree of Doctor of Philosophy Is approved by the final examining committee: Xukai Zou Chair Ninghui Li Feng Li Dongyan Xu To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Approved by Major Professor(s): Xukai Zou and Ninghui Li Approved by: Sunil Prabhakar 04/06/2015 Head of the Departmental Graduate Program Date ON SEVERAL PROBLEMS REGARDING THE APPLICATION OF OPPORTUNISTIC PROXIMATE LINKS IN SMARTPHONE NETWORKS A Dissertation Submitted to the Faculty of Purdue University by Wei Peng In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy May 2015 Purdue University West Lafayette, Indiana ii To Mom, Dad, and Q: you are the why. iii ACKNOWLEDGMENTS Four years have passed since I was last in this position, writing acknowledgments for my Master's thesis. A lot of things have changed during that time, but my gratitude to my mentors, Dr. Feng Li and Dr. Xukai Zou, remain the same. Again, I am grateful for you: • taking me onboard when I was wandering; • initiating me into the joys and pains of scientific research; • putting yourselves in my shoes and supporting me; • making a pitch for me beyond your duty; • trusting and encouraging me when I was in doubt; • not giving up on me; • and showing me life is, after all, larger than work. I am grateful for Dr. Ninghui Li and Dr. Dongyan Xu, who kindly serve on my advisory committee. Beyond their exemplary scholarship, they are the most kind, considerate, and accommodating committee members that I could ask for. Thank you, Dr. Li and Dr. Xu. Numerous kind souls have helped me in various ways along the journey. In par- ticular, I have lost count how many times Nicole and Sheila navigate me through complicated processes, and Scott provides excellent advise on using university IT resources. Thank you. To my dear wife, Min. I am grateful for your love, patience, support, and all the happiness that you bestow on me. Your companionship is what makes the past few years so wonderful; I am looking forward to our journey ahead, together. To my soon-to-be-born baby: Mom and dad love you; be good. iv TABLE OF CONTENTS Page LIST OF TABLES :::::::::::::::::::::::::::::::: ix LIST OF FIGURES ::::::::::::::::::::::::::::::: x ABSTRACT ::::::::::::::::::::::::::::::::::: xiv 1 Introduction :::::::::::::::::::::::::::::::::: 1 2 T -dominance: Prioritized Defense Deployment for BYOD Security :::: 4 2.1 Introduction ::::::::::::::::::::::::::::::: 4 2.2 Model :::::::::::::::::::::::::::::::::: 7 2.3 Design :::::::::::::::::::::::::::::::::: 9 2.3.1 Motivation: Prioritized Defense Deployment ::::::::: 9 2.3.2 T -dominance: The Concept :::::::::::::::::: 10 2.3.3 T -dominance: The Algorithm ::::::::::::::::: 11 2.3.3.1 Agents vs. Non-agents :::::::::::::::: 12 2.3.3.2 Deactivation ::::::::::::::::::::: 13 2.3.3.3 Activation ::::::::::::::::::::::: 14 2.3.3.4 T -dominance-based Prioritized Defense Deployment 16 2.4 Analysis ::::::::::::::::::::::::::::::::: 17 2.5 Experiment ::::::::::::::::::::::::::::::: 22 2.5.1 Dataset and Methodology ::::::::::::::::::: 22 2.5.2 Scenario and Results :::::::::::::::::::::: 23 2.5.2.1 T -dominating Agent Election :::::::::::: 23 2.5.2.2 Prioritized Defense Deployment ::::::::::: 24 2.6 Extended Discussion :::::::::::::::::::::::::: 28 2.7 Related Work :::::::::::::::::::::::::::::: 29 2.8 Summary and Future Work :::::::::::::::::::::: 30 3 The Virtue of Patience: Offloading Topical Cellular Content through Op- portunistic Proximate Links ::::::::::::::::::::::::: 32 3.1 Introduction ::::::::::::::::::::::::::::::: 32 3.2 Model :::::::::::::::::::::::::::::::::: 36 3.3 Design :::::::::::::::::::::::::::::::::: 38 3.3.1 Overview :::::::::::::::::::::::::::: 38 3.3.2 Temporal Tie Strength ::::::::::::::::::::: 38 3.3.3 Weighted Ego-centric Betweenness Centrality :::::::: 39 3.3.4 Interest Aggregation :::::::::::::::::::::: 40 v Page 3.3.5 Patience and Probabilistic Cellular Downloading Strategy :: 40 3.4 Analysis ::::::::::::::::::::::::::::::::: 41 3.4.1 Probabilistic Cellular Downloading Strategy Based on Patience 41 3.4.2 Temporal Tie Strength ::::::::::::::::::::: 44 3.4.3 Weighted Ego-centric Betweenness Centrality :::::::: 45 3.4.4 Interest Aggregation :::::::::::::::::::::: 45 3.5 Experiment ::::::::::::::::::::::::::::::: 46 3.5.1 Methodology :::::::::::::::::::::::::: 46 3.5.1.1 Dataset :::::::::::::::::::::::: 46 3.5.1.2 Procedure ::::::::::::::::::::::: 47 3.5.1.3 Metrics :::::::::::::::::::::::: 49 3.5.2 Results :::::::::::::::::::::::::::::: 50 3.6 Related Work :::::::::::::::::::::::::::::: 53 3.7 Summary and Future Work :::::::::::::::::::::: 54 4 Temporal Coverage Based Content Distribution in Heterogeneous Smart De- vice Networks ::::::::::::::::::::::::::::::::: 56 4.1 Introduction ::::::::::::::::::::::::::::::: 56 4.2 Design :::::::::::::::::::::::::::::::::: 59 4.2.1 Problem Formulation :::::::::::::::::::::: 59 4.2.2 Temporal Quality Metrics ::::::::::::::::::: 60 4.2.2.1 Temporal Quality of Proximate Channels ::::: 61 4.2.2.2 Temporally Covering Set ::::::::::::::: 63 4.2.2.3 Temporal Coverage Based Content Distribution :: 65 4.2.3 Algorithm :::::::::::::::::::::::::::: 65 4.3 Experiment ::::::::::::::::::::::::::::::: 68 4.3.1 Datasets and Setup ::::::::::::::::::::::: 68 4.3.2 Simulations and Results :::::::::::::::::::: 69 4.4 Related Work :::::::::::::::::::::::::::::: 72 4.5 Summary and Future Work :::::::::::::::::::::: 72 5 Behavioral Malware Detection in Delay Tolerant Networks :::::::: 74 5.1 Introduction ::::::::::::::::::::::::::::::: 74 5.2 Model :::::::::::::::::::::::::::::::::: 77 5.3 Design :::::::::::::::::::::::::::::::::: 79 5.3.1 Household Watch :::::::::::::::::::::::: 79 5.3.2 Neighborhood Watch :::::::::::::::::::::: 88 5.3.2.1 Challenges :::::::::::::::::::::: 89 5.3.2.2 Evidence ::::::::::::::::::::::: 89 5.3.2.3 Evidence Aging :::::::::::::::::::: 90 5.3.2.4 Evidence Consolidation ::::::::::::::: 91 5.4 Experiment ::::::::::::::::::::::::::::::: 95 5.4.1 Datasets ::::::::::::::::::::::::::::: 95 vi Page 5.4.2 Setup :::::::::::::::::::::::::::::: 95 5.4.3 Performance Metric ::::::::::::::::::::::: 96 5.4.4 Results :::::::::::::::::::::::::::::: 97 5.4.4.1 Look-ahead: Distribution vs. Maximizer :::::: 97 5.4.4.2 Look-ahead :::::::::::::::::::::: 98 5.4.4.3 Evidence Consolidation ::::::::::::::: 100 5.5 Related Work :::::::::::::::::::::::::::::: 103 5.6 Summary and Future Work :::::::::::::::::::::: 104 6 Web of APKs (WoA): A Declarative Approach for Static Android PacKage (APK) Binary Analysis :::::::::::::::::::::::::::: 105 6.1 Introduction ::::::::::::::::::::::::::::::: 105 6.1.1 Problem Definition and Motivation :::::::::::::: 105 6.1.2 A Preview of Declarative APK Analysis ::::::::::: 109 6.1.3 Objective :::::::::::::::::::::::::::: 113 6.1.4 Contribution :::::::::::::::::::::::::: 115 6.2 Related Work :::::::::::::::::::::::::::::: 116 6.2.1 Android App Repackaging/Plagiarism Detection ::::::: 116 6.2.2 Android Malware Detection :::::::::::::::::: 119 6.2.3 Dynamic Android App analysis :::::::::::::::: 121 6.2.4 APK Obfuscations ::::::::::::::::::::::: 124 6.3 Analysis of a Real Android Malware Sample ::::::::::::: 125 6.3.1 About the Malware Sample :::::::::::::::::: 126 6.3.2 Obtaining and Decompiling the Sample :::::::::::: 126 6.3.3 Analysis of an Invocation Path to Malicious Functionality : 128 6.3.3.1 Step 1: Jk7H.PwcD.SLYfoMdG.onCreate :::::: 129 6.3.3.2 Step 2: Jk7H.PwcD.SLYfoMdG.showScreen ::::: 129 6.3.3.3 Step 3: Jk7H.PwcD.SLYfoMdG.setMain ::::::: 132 6.3.3.4 Step 4: Jk7H.PwcD.SLYfoMdG.mainButtonClick1 : 133 6.3.3.5 Step 5: (Zero-arity) Jk7H.PwcD.SLYfoMdG.send :: 134 6.3.3.6 Step 6: Jk7H.PwcD.SLYfoMdG$1.run :::::::: 135 6.3.3.7 Step 7: (Two-arity) Jk7H.PwcD.SLYfoMdG.send :: 135 6.3.3.8 Summary ::::::::::::::::::::::: 136 6.3.4 The Need for More Robust Call Graph Extraction Algorithm 138 6.3.4.1 Call Graph Extraction in Androguard ::::::: 138 6.3.4.2 What this Work Provides :::::::::::::: 140 6.4 Web of Fibers :::::::::::::::::::::::::::::: 142 6.4.1 Introduction ::::::::::::::::::::::::::: 142 6.4.1.1 Relation to Existing Literature ::::::::::: 142 6.4.1.2 About the Queries :::::::::::::::::: 145 6.4.2 Fibers: The Property Graph Model of Individual APKs ::: 146 6.4.2.1 Overview ::::::::::::::::::::::: 146 6.4.2.2 Anatomy of the Model :::::::::::::::: 149 vii Page 6.4.3 A Review of WoF's Design ::::::::::::::::::: 155 6.4.3.1 How the element types/attributes are selected in WoF? 155 6.4.3.2 Why have both transitive invocatees and call graphs in Fiber? ::::::::::::::::::::::: 157 6.4.3.3 Why WoF does not include bytecode-level feature, e.g., bytecode k-gram? :::::::::::::::: 158 6.4.3.4 Why the Full Mode is optional and not the default? 159 6.4.4 Syntactic and Structural Similarity :::::::::::::: 160 6.4.4.1 Syntactic Similarity ::::::::::::::::: 160 6.4.4.2 Structural Similarity ::::::::::::::::: 161 6.5 Component Callback Call Graph Extraction (C3GE) :::::::: 166 6.5.1 Introduction ::::::::::::::::::::::::::: 166 6.5.2 Major Components