Chapter status report 2014

ORGANIZATION:
 
Ali Ghorbani : Chapter lead, research
Natalia Stakhanova: research
 
 
DEPLOYMENTS:
 
Many of the activities this year were done in collaboration with Hugo Gonzalez (Mexican Chapter).

* Conpot honeypot
* Tomcat honeypot: this setup came as a result of a tomcat server compromised at the university. We were asked to help with investigation.  After forensic analysis we could not determine the entrance of the attackers, so we replicated the setup.

From this two honeypots, we do not have interesting information yet.
 
Based on a paper published we have a beta-version of similarity analysis service for Android Malware based on the work described in [3]
There are some tools to help with the Android malware analysis, the code will be released after Annual Workshop in Stavanger.
 
RESEARCH AND DEVELOPMENT:
 
We are doing research on Botnets, mobile Botnets, Android malware and Anomaly detection. We do not have code to share, but several datasets are publicly available for research:
 
1)     Android malware datasets - a set of obfuscated samples,  a set of unique samples (no/various levels of  similarity)
2)     Botnet network traces dataset
 
We conduct forensic analysis of incidents for the university (so far 2 cases).
 
 
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS:
Papers:
[1] H. Gonzalez, A. A.Kadir, A. Alzahrani, N. Stakhanova, and A. A. Ghorbani. Exploring reverse engineering symptoms in Android apps. In European Workshop on Systems Security (EuroSec). IEEE, 2015
 
[2]J. Cazalas, J. McDonald, T. Andel, and N. Stakhanova. Probing the limits of virtualized software protection. In 4th Program Protection and Reverse Engineering Workshop (PPREW-4), 2014
 
[3]H. Gonzalez, N. Stakhanova, and A. Ghorbani. Droidkin: Lightweight detection of Android apps similarity. In Proceedings of International Conference on Security and Privacy in Communication Networks (SecureComm 2014), 2014
 
[4] E. BiglarBeigi, H. Hadian Jazi, N. Stakhanova, and A. Ghorbani. Towards effective feature selection in machine learning-based botnet detection approaches. In IEEE Conference on Communications and Network Security (CNS), 2014
 
[5]H. Gonzalez, M.-A. Gosselin-Lavigne, N. Stakhanova, and A. Ghorbani. The impact of application layer denial of service attacks. In B. Issac and N. Israr, editors, Case Studies in Secure Computing - Achievements and Trends. ISBN# 978-1-4822-0706-4. CRC Press, Taylor and Francis, 2014
 
[6] Characterizing Evaluation Practices of Intrusion Detection Methods for Smartphones. Journal of Cyber Security and Mobility, 2014 A. J. Alzahrani, N. Stakhanova, H. Gonzalez, and A. Ghorbani.
 
Presentations:
 
"Application layer Denial-of-Service Attacks" 9th Network Security Event for Latin America and the Caribbean, Mexico, May, 2014
"Security Data Science: Challenges and solutions" T4G Big Data Congress II, St. John,NB, Canada, February, 2014
 
 
FINDINGS:
 
Android apps contain large portion (~50%) of common code, most of which are various libraries and ads SDKs.
apkTool generates several patterns  that are identifiable in Android binaries. For details see [1]
 
 
 
GOALS:
Goals for 2014:
·         Rebuild the chapter  – were not very successful. This is still our objective.
·         We would also like to continue our work on offering security workshop sessions to community. – This was partially achieved
 
Goals for 2015: attract new members