INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
UK: Managing Editor International Journal of Innovative Technology and Creative Engineering 1a park lane, Cranford London TW59WA UK
USA: Editor International Journal of Innovative Technology and Creative Engineering Dr. Arumugam Department of Chemistry University of Georgia GA-30602, USA.
India: Editor International Journal of Innovative Technology & Creative Engineering 36/4 12th Avenue, 1st cross St, Vaigai Colony Ashok Nagar Chennai, India 600083 Email: editor@ijitce.co.uk
www.ijitce.co.uk
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
IJITCE PUBLICATION
International Journal of Innovative Technology & Creative Engineering Vol.11 No.11 November 2021
www.ijitce.co.uk
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
Dear Researcher, Greetings! Articles in this issue discusses about A Survey on Scalability of source code analysis in malware detection using KOTLIN for Android Application. We look forward many more new technologies in the next month. Thanks, Editorial Team IJITCE
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
Editorial Members Dr. Chee Kyun Ng Ph.D Department of Computer and Communication Systems, Faculty of Engineering,Universiti Putra Malaysia,UPMSerdang, 43400 Selangor,Malaysia. Dr. Simon SEE Ph.D Chief Technologist and Technical Director at Oracle Corporation, Associate Professor (Adjunct) at Nanyang Technological University Professor (Adjunct) at ShangaiJiaotong University, 27 West Coast Rise #08-12,Singapore 127470 Dr. sc.agr. Horst Juergen SCHWARTZ Ph.D, Humboldt-University of Berlin,Faculty of Agriculture and Horticulture,Asternplatz 2a, D-12203 Berlin,Germany Dr. Marco L. BianchiniPh.D Italian National Research Council; IBAF-CNR,Via Salaria km 29.300, 00015 MonterotondoScalo (RM),Italy Dr. NijadKabbara Ph.D Marine Research Centre / Remote Sensing Centre/ National Council for Scientific Research, P. O. Box: 189 Jounieh,Lebanon Dr. Aaron Solomon Ph.D Department of Computer Science, National Chi Nan University,No. 303, University Road,Puli Town, Nantou County 54561,Taiwan Dr. Arthanariee. A. M M.Sc.,M.Phil.,M.S.,Ph.D Director - Bharathidasan School of Computer Applications, Ellispettai, Erode, Tamil Nadu,India Dr. Takaharu KAMEOKA, Ph.D Professor, Laboratory of Food, Environmental & Cultural Informatics Division of Sustainable Resource Sciences, Graduate School of Bioresources,Mie University, 1577 Kurimamachiya-cho, Tsu, Mie, 514-8507, Japan Dr. M. Sivakumar M.C.A.,ITIL.,PRINCE2.,ISTQB.,OCP.,ICP. Ph.D. Technology Architect, Healthcare and Insurance Industry, Chicago, USA Dr. Bulent AcmaPh.D Anadolu University, Department of Economics,Unit of Southeastern Anatolia Project(GAP),26470 Eskisehir,TURKEY Dr. Selvanathan Arumugam Ph.D Research Scientist, Department of Chemistry, University of Georgia, GA-30602,USA. Dr. S.Prasath Ph.D Assistant Professor, Department of Computer Science, Nandha Arts & Science College, Erode , Tamil Nadu, India Dr. P.Periyasamy, M.C.A.,M.Phil.,Ph.D. Associate Professor, Department of Computer Science and Applications, SRM Trichy Arts and Science College, SRM Nagar, Trichy - Chennai Highway, Near Samayapuram, Trichy - 621 105, Mr. V N Prem Anand Secretary, Cyber Society of India
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
Review Board Members Dr. Rajaram Venkataraman Chief Executive Officer, Vel Tech TBI || Convener, FICCI TN State Technology Panel || Founder, Navya Insights || President, SPIN Chennai Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials,CSIRO Process Science & Engineering Private Bag 33, Clayton South MDC 3169,Gate 5 Normanby Rd., Clayton Vic. 3168, Australia Dr. Zhiming Yang MD., Ph. D. Department of Radiation Oncology and Molecular Radiation Science,1550 Orleans Street Rm 441, Baltimore MD, 21231,USA Dr. Jifeng Wang Department of Mechanical Science and Engineering, University of Illinois at Urbana-Champaign Urbana, Illinois, 61801, USA Dr. Giuseppe Baldacchini ENEA - Frascati Research Center, Via Enrico Fermi 45 - P.O. Box 65,00044 Frascati, Roma, ITALY. Dr. MutamedTurkiNayefKhatib Assistant Professor of Telecommunication Engineering,Head of Telecommunication Engineering Department,Palestine Technical University (Kadoorie), TulKarm, PALESTINE. Dr.P.UmaMaheswari Prof &Head,Depaartment of CSE/IT, INFO Institute of Engineering,Coimbatore. Dr. T. Christopher, Ph.D., Assistant Professor &Head,Department of Computer Science,Government Arts College(Autonomous),Udumalpet, India. Dr. T. DEVI Ph.D. Engg. (Warwick, UK), Head,Department of Computer Applications,Bharathiar University,Coimbatore-641 046, India. Dr. Renato J. orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business School,RuaItapeva, 474 (8° andar),01332-000, São Paulo (SP), Brazil Visiting Scholar at INSEAD,INSEAD Social Innovation Centre,Boulevard de Constance,77305 Fontainebleau - France Y. BenalYurtlu Assist. Prof. OndokuzMayis University Dr.Sumeer Gul Assistant Professor,Department of Library and Information Science,University of Kashmir,India Dr. ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg., Rm 120,Hampton University,Hampton, VA 23688 Dr. Renato J. Orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business SchoolRuaItapeva, 474 (8° andar),01332-000, São Paulo (SP), Brazil Dr. Lucy M. Brown, Ph.D. Texas State University,601 University Drive,School of Journalism and Mass Communication,OM330B,San Marcos, TX 78666 JavadRobati Crop Production Departement,University of Maragheh,Golshahr,Maragheh,Iran VineshSukumar (PhD, MBA) Product Engineering Segment Manager, Imaging Products, Aptina Imaging Inc. Dr. Binod Kumar PhD(CS), M.Phil.(CS), MIAENG,MIEEE Professor, JSPM's Rajarshi Shahu College of Engineering, MCA Dept., Pune, India. Dr. S. B. Warkad Associate Professor, Department of Electrical Engineering, Priyadarshini College of Engineering, Nagpur, India Dr. doc. Ing. RostislavChoteborský, Ph.D. Katedramateriálu a strojírenskétechnologieTechnickáfakulta,Ceskázemedelskáuniverzita v Praze,Kamýcká 129, Praha 6, 165 21
Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials,CSIRO Process Science & Engineering Private Bag 33, Clayton South MDC 3169,Gate 5 Normanby Rd., Clayton Vic. 3168 www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
DR.ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg.,HamptonUniversity,Hampton, VA 23688 Mr. Abhishek Taneja B.sc(Electronics),M.B.E,M.C.A.,M.Phil., Assistant Professor in the Department of Computer Science & Applications, at Dronacharya Institute of Management and Technology, Kurukshetra. (India). Dr. Ing. RostislavChotěborský,ph.d, Katedramateriálu a strojírenskétechnologie, Technickáfakulta,Českázemědělskáuniverzita v Praze,Kamýcká 129, Praha 6, 165 21
Dr. AmalaVijayaSelvi Rajan, B.sc,Ph.d, Faculty – Information Technology Dubai Women’s College – Higher Colleges of Technology,P.O. Box – 16062, Dubai, UAE
Naik Nitin AshokraoB.sc,M.Sc Lecturer in YeshwantMahavidyalayaNanded University Dr.A.Kathirvell, B.E, M.E, Ph.D,MISTE, MIACSIT, MENGG Professor - Department of Computer Science and Engineering,Tagore Engineering College, Chennai Dr. H. S. Fadewar B.sc,M.sc,M.Phil.,ph.d,PGDBM,B.Ed. Associate Professor - Sinhgad Institute of Management & Computer Application, Mumbai-BangloreWesternly Express Way Narhe, Pune - 41 Dr. David Batten Leader, Algal Pre-Feasibility Study,Transport Technologies and Sustainable Fuels,CSIRO Energy Transformed Flagship Private Bag 1,Aspendale, Vic. 3195,AUSTRALIA Dr R C Panda (MTech& PhD(IITM);Ex-Faculty (Curtin Univ Tech, Perth, Australia))Scientist CLRI (CSIR), Adyar, Chennai - 600 020,India Miss Jing He PH.D. Candidate of Georgia State University,1450 Willow Lake Dr. NE,Atlanta, GA, 30329 Jeremiah Neubert Assistant Professor,MechanicalEngineering,University of North Dakota Hui Shen Mechanical Engineering Dept,Ohio Northern Univ. Dr. Xiangfa Wu, Ph.D. Assistant Professor / Mechanical Engineering,NORTH DAKOTA STATE UNIVERSITY SeraphinChallyAbou Professor,Mechanical& Industrial Engineering Depart,MEHS Program, 235 Voss-Kovach Hall,1305 OrdeanCourt,Duluth, Minnesota 55812-3042 Dr. Qiang Cheng, Ph.D. Assistant Professor,Computer Science Department Southern Illinois University CarbondaleFaner Hall, Room 2140-Mail Code 45111000 Faner Drive, Carbondale, IL 62901 Dr. Carlos Barrios, PhD Assistant Professor of Architecture,School of Architecture and Planning,The Catholic University of America
Y. BenalYurtlu Assist. Prof. OndokuzMayis University Dr. Lucy M. Brown, Ph.D. Texas State University,601 University Drive,School of Journalism and Mass Communication,OM330B,San Marcos, TX 78666 Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials CSIRO Process Science & Engineering Dr.Sumeer Gul Assistant Professor,Department of Library and Information Science,University of Kashmir,India www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021 Dr. ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg., Rm 120,Hampton University,Hampton, VA 23688
Dr. Renato J. Orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business School,RuaItapeva, 474 (8° andar)01332-000, São Paulo (SP), Brazil Dr. Wael M. G. Ibrahim Department Head-Electronics Engineering Technology Dept.School of Engineering Technology ECPI College of Technology 5501 Greenwich Road - Suite 100,Virginia Beach, VA 23462 Dr. Messaoud Jake Bahoura Associate Professor-Engineering Department and Center for Materials Research Norfolk State University,700 Park avenue,Norfolk, VA 23504 Dr. V. P. Eswaramurthy M.C.A., M.Phil., Ph.D., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 007, India. Dr. P. Kamakkannan,M.C.A., Ph.D ., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 007, India. Dr. V. Karthikeyani Ph.D., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 008, India. Dr. K. Thangadurai Ph.D., Assistant Professor, Department of Computer Science, Government Arts College ( Autonomous ), Karur - 639 005,India. Dr. N. Maheswari Ph.D., Assistant Professor, Department of MCA, Faculty of Engineering and Technology, SRM University, Kattangulathur, Kanchipiram Dt - 603 203, India. Mr. Md. Musfique Anwar B.Sc(Engg.) Lecturer, Computer Science & Engineering Department, Jahangirnagar University, Savar, Dhaka, Bangladesh. Mrs. Smitha Ramachandran M.Sc(CS)., SAP Analyst, Akzonobel, Slough, United Kingdom. Dr. V. Vallimayil Ph.D., Director, Department of MCA, Vivekanandha Business School For Women, Elayampalayam, Tiruchengode - 637 205, India. Mr. M. Moorthi M.C.A., M.Phil., Assistant Professor, Department of computer Applications, Kongu Arts and Science College, India PremaSelvarajBsc,M.C.A,M.Phil Assistant Professor,Department of Computer Science,KSR College of Arts and Science, Tiruchengode Mr. G. Rajendran M.C.A., M.Phil., N.E.T., PGDBM., PGDBF., Assistant Professor, Department of Computer Science, Government Arts College, Salem, India. Dr. Pradeep H Pendse B.E.,M.M.S.,Ph.d Dean - IT,Welingkar Institute of Management Development and Research, Mumbai, India Muhammad Javed Centre for Next Generation Localisation, School of Computing, Dublin City University, Dublin 9, Ireland Dr. G. GOBI Assistant Professor-Department of Physics,Government Arts College,Salem - 636 007 Dr.S.Senthilkumar Post Doctoral Research Fellow, (Mathematics and Computer Science & Applications),UniversitiSainsMalaysia,School of Mathematical Sciences, Pulau Pinang-11800,[PENANG],MALAYSIA. Manoj Sharma Associate Professor Deptt. of ECE, PrannathParnami Institute of Management & Technology, Hissar, Haryana, India RAMKUMAR JAGANATHAN Asst-Professor,Dept of Computer Science, V.L.B Janakiammal college of Arts & Science, Coimbatore,Tamilnadu, India Dr. S. B. Warkad Assoc. Professor, Priyadarshini College of Engineering, Nagpur, Maharashtra State, India Dr. Saurabh Pal Associate Professor, UNS Institute of Engg. & Tech., VBS Purvanchal University, Jaunpur, India
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021 Manimala Assistant Professor, Department of Applied Electronics and Instrumentation, St Joseph’s College of Engineering & Technology, Choondacherry Post, Kottayam Dt. Kerala -686579 Dr. Qazi S. M. Zia-ul-Haque Control Engineer Synchrotron-light for Experimental Sciences and Applications in the Middle East (SESAME),P. O. Box 7, Allan 19252, Jordan Dr. A. Subramani, M.C.A.,M.Phil.,Ph.D. Professor,Department of Computer Applications, K.S.R. College of Engineering, Tiruchengode - 637215 Dr. SeraphinChallyAbou Professor, Mechanical & Industrial Engineering Depart. MEHS Program, 235 Voss-Kovach Hall, 1305 Ordean Court Duluth, Minnesota 558123042 Dr. K. Kousalya Professor, Department of CSE,Kongu Engineering College,Perundurai-638 052 Dr. (Mrs.) R. Uma Rani Asso.Prof., Department of Computer Science, Sri Sarada College For Women, Salem-16, Tamil Nadu, India. MOHAMMAD YAZDANI-ASRAMI Electrical and Computer Engineering Department, Babol"Noshirvani" University of Technology, Iran. Dr. Kulasekharan, N, Ph.D Technical Lead - CFD,GE Appliances and Lighting, GE India,John F Welch Technology Center,Plot # 122, EPIP, Phase 2,Whitefield Road,Bangalore – 560066, India. Dr. Manjeet Bansal Dean (Post Graduate),Department of Civil Engineering,Punjab Technical University,GianiZail Singh Campus,Bathinda -151001 (Punjab),INDIA Dr. Oliver Jukić Vice Dean for education,Virovitica College,MatijeGupca 78,33000 Virovitica, Croatia Dr. Lori A. Wolff, Ph.D., J.D. Professor of Leadership and Counselor Education,The University of Mississippi,Department of Leadership and Counselor Education, 139 Guyton University, MS 38677
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
Contents A Survey on Scalability of source code analysis in malware detection using KOTLIN for Android Application
……………………………...….…. [ 1045 ]
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
A Survey on Scalability of source code analysis in malware detection using KOTLIN for Android Application Dr.A.Edwin Robert Assistant professor,Department of Computer Science 1
edwinrobert.sms@cherancolleges.org
Abstract— Smart devices are built on a
and Tracer design (EMDT) using Hidden
foundation of software components from a
Markov model, which incorporates intrusion
variety of vendors. While critical applications
detection and tracing in an commercial
may
and
mobile operating system which leverages
evaluation procedures, the heterogeneity of
efficient coding and authentication schemes.
software sources threatens the integrity of
The
the execution environment for android based
consists of three actions: detecting, tracing,
application programs. For instance, if an
and restricting suspected intruders .The
attacker can combine an application exploit
novelty
with privilege escalation vulnerability, the
leverages light-weight intrusion detection
operating
system
and tracing techniques to automate security
corrupted.
The
undergo
extensive
(OS)
importance
testing
can
become
of
ensuring
proposed
label
approach
conceptually
of the proposed work is that it
configuration
that
is
widely
application integrity has been studied in
acknowledged as a tough issue when
existing work . In the proposed work stops
applying a MAC system in practice. The other
the application once corruption is detected.
is that, rather than restricting information
Mandatory Access Control (MAC) in an
flow as a traditional MAC does, it traces
Android based operating system to tackle
intruders and restricts only their critical
malware problem is a grand challenge but
malware
also a promising approach. The firmest
represent processes and executables that are
barriers to apply MAC to defeat malware
potential agents of a remote attacker. Our
programs are the incompatible ,unusable and
prototyping and experiments on Android
more comples problems in an existing MAC
operating system using Kotlin, which shows
systems. To address these issues, we
with minimized coding the Tracer can
manually analyse 2000 malware samples and
effectively defeat all malware samples tested
component one by one and two types of MAC
via blocking malware behaviours while not
enforced
causing a significant compatibility problem.
operating
systems,
and
then
behaviours,
where
intruders
designed a novel Efficient Malware Detection
1046
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
from performing legal operations; the lowKeywords: Intrusion, Tracing ,Malware, Kotlin, Android, Detection
usability problem is introduced, because existing MACs are unable to automatically label the huge number of entities in OS and thus require tough configuration work at end users. With these investigation results, a novel MAC enforcement
I. INTRODUCTION
Malicious
approach is proposed, EMDT, which uses a
software
(i.e.,
cross-platform, general purpose programming
Malware) has resulted in one of the most severe
language Kotlin as an implementation tool to
computer security problems today. A network of
provide solution to the above problems. Since,
hosts which are compromised by malware and
Kotlin runs on JVM(Java virtual Machine) which
controlled by attackers can cause a lot of
is more compatible with java[16]. Deployment of
damages to information systems. As a useful
web development and desktop applications can
malware defense technology, Mandatory Access
be made simple by its concise syntactic structure
Control (MAC) works without relying on malware
with the behaviour of structured concurrency.
signatures and blocks malware behaviours
The EMDT approach consists of three actions:
before they cause security damage. Even if an
detection, tracing, and restriction. Each process
intruder manages to breach other layers of
or executable has two states, suspicious or
defense, MAC is able to act as the last shelter to
benign. The contributions of this paper are as
prevent the entire host from being compromised.
follows: 1. we introduce EMDT, a novel MAC
However, as widely accepted [1], [2], [4], existing
enforcement approach which integrates intrusion
MAC mechanisms built in commercial operating
detection and tracing techniques to disable
systems (OS) often suffer from two problems
malware on a commercial OS in a compatible
which make general users reluctant to assume
and usable manner. 2. We have implemented
them. One problem is that a built-in MAC is
EMDT to disable malware timely without need of
incompatible with a lot of application software
malware signatures. 3. We investigate the root
and thus interferes with their running [1], [2], [4],
reason so find
and the other problem is low usability, which makes it difficult to configure MAC properly [1].
compatibility and low usability problems of
Our
The
existing MACs. Although not all the observations
incompatibility problem is introduced because
are brand new, we believe that understanding
the security labels of existing MACs are unable
these reasons more comprehensively and
to distinguish between malicious and benign
illustrating them through the design of an actual
entities, which causes a huge number of false
system are useful for other MAC researchers.
positives (FP) (i.e., treating benign operations as
The rest of the paper is organized as follows:
malicious) thus preventing many benign software
Sections 2 presents the related research,
observations
are
as
follows:
1047
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
Section 3 introduces in details our investigation and analysis on various behaviours of malware
Obtain 5.
System
programs existing problems in MAC. Section 4
Information
describes the design of EMDT and prototype
Inject into
approach. Section 5 discusses the approach
6.
from the perspectives of security, compatibility,
7.
model
Executable
to
confine
process
and types, respectively, and controls accesses
8.
modify OS
400
High
200
High
100
High
Change 9.
Ranking S.No Malware Type
based on behaviour
security setting
between
Add Harming Type
10. Unwanted Plug ins
Communicate 1. with remote
1000
TABLE 1.
High
Critical Malware Behaviour for Host based
Host
system
Create executable
950
High domains and types. Tracer can be regarded as a
File
simplified DTE that has two domains (i.e., benign
Modify register for
900
and suspicious) and four types (i.e., benign,
High
read-
start up Important
protected,
write-protected,
and
suspicious). Moreover,
Copy the 4.
High
series
which groups processes and files into domains
3.
450
Create or
execution,
2.
High
file
DTE proposed by Lee Badger et al. [5] is a MAC
500
Modify
II. RELATED WORK
classical
High
Process
and usability. Lastly, we conclude the work in Section 7.
other
750
800
Tracer can automatically configure the DTE
High
Application
attributes (i.e., domain and type) of processes
and files
and files under the support of intrusion detection and tracing so as to improve usability.PPI automates the generation of information flow policies
1048
by
analyzing
software
package
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
information and logs. MIC implements the no-
stores the analysis results of thousands of
write-up rule of classical BIBA model in Windows
malware samples from various sources and is
Vista kernel, but it does not implement the no-
thus valuable to malware researchers. To have a
read-down rule in order not to compromise
thorough understanding of the philosophies
compatibility significantly. PRECIP [6] addresses
behind
several practical issues that are critical to contain
considerable amount of time analyzing the
spyware
sensitive
behaviours of malware programs. Specifically,we
information.The risk-adaptive access control [10]
have read, recorded, and analyzed the technical
that targets to make access control more
details of 2,000 malware samples of a wide range
dynamic so as to achieve a better tradeoff
of formats and varieties, such as viruses, worms,
between
existing
backdoors, root kits, and Trojan horses. We
antimalware technologies are based on detection
discovered few common characteristics of
[7], [8]. Tracer tries to combine detection and
malware
access control so that it not only can detect but
antimalware design: Entrance characteristics. All
also can block malware behaviours before their
malware samples break into hosts through two
harming security. Antimalware technology that
entrances, network and removable drive. Most
resembles
behaviour
breaking instances are via network through
blocking [9], which can confine the behaviours of
frequently used protocols such as HTTP and
certain adverse programs that are profiled in
POP3.
that
risk
intends
and
to
benefit.
Proposed
EMDT
leak
Most
is
malware
that
design,
can
guide
we
our
have
spent
subsequent
advance. Many commercial antimalware tools [10], [11] also have a behaviour-based module to defend against unknown malware programs. B. Problems in MAC A. Malware Investigation
Incompatibility is a well-known problem when
Malware contribute to most Internet security
problems.
Antimalware
companies
typically receive thousands of new malware samples every day. An analyst generally attempts to understand the actions that each sample can perform, determines the type and severity of the threat that the sample constitutes, and then forms detection signatures and creates removal procedures. Symantec Threat Explorer [12] is such a publicly available database which
1049
enforcing a MAC modeling commercial operating system [1],[2],[4]. To investigate its root reason, in a secure network environment, we set up two machines to run MAC enforced mobile operating systems with MLS policy enabled and MAC module enabled. After a few days, we observed that these MAC systems produced a huge number of log records about denied accesses, which indicated that some applications failed and some acted abnormally. As the operation environment is secure without intrusion and
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
S.No
1
Malware
Remote Host
Benign
Suspicious
decisions on intrusion blocking which eventually
Process
Process
results in many FPs. Low usability is another
D
T
R
D
T
R
Nil
P
A
P
A
D
problem in a MAC-enabled system, as it often requires
complicated
configurations
and
unconventional ways of usage. In a modern OS, there are a wide range of entities including processes, files, directories, devices, pipes,
2
Exec File
Nil
P
A
P
A
D
3
Modify reg
Nil
P
A
P
A
D
Nil
P
A
P
A
D
4
Copy Application
III. PROPOSED SYSTEM
C.
Efficient
Tracer(EMDT)
Obtain 5
signals, shared memories, sockets, etc.
System
Nil
P
A
P
A
D
Malware
Detection
and
In this section,
we present our EMDT approach that aims to disable malware in a Android OS by disallowing
Info
malware behaviours. The adversaries of EMDT are malware programs that break into a host D-Detected T-Traced
through the network or removable drives. As OS
R-Restricted
is the most popularly attractive to hackers, the P-Possible A-Allow D-Deny
description of EMDT is designed applying it to Android operating systems with some changes.
TABLE 2 Malware Classification based on Behaviour
D.Overview malware, these denied accesses are thus “false positive.” However, from the view of intrusion
The design of an access control
prevention, these processes do not necessarily
mechanism is to define the security label. We
represent intruders so that their “read” or “write”
introduce a new form of security label called
accesses to the /tmp should not be simply
suspicious label for our EMDT approach. It has
denied. Although it is possible to resolve this
two values: suspicious and benign. Meanwhile,
problem by adding “hiding sub directories” under
EMDT only assigns a suspicious label to a
/tmp, it is still difficult to eliminate the FPs
process or an executable, because a process is
resulting from many
possibly the agent of an intruder and an executable determines the execution flow of a
other shared entities on an OS Relying on these
process which represents an intruder. When a
labels, a MAC system often fails to make correct
process requests to access these entities, EMDT
1050
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
mainly utilizes their DAC information to make
listed in Table 1, which contains the 30 critical
access control decisions, thus a huge amount of
malware
configuration work can be reduced while keeping
Moreover, EMDT allows dynamic addition of new
traditional usage conventions unchanged.
behaviours. The access control decision of
behaviours
shown
in
Table
2.
EMDT is made in accordance with normal MACs. EMDT uses the subject label and behaviour to make a decision while normal MACs use the subject label, operation, object label, and parameter. As a behaviour consists of operation, object, and parameter, EMDT actually uses the same four factors of normal MAC decision. Moreover,
EMDT’s
decision
procedure
generates three possible access control results: “allow,” “deny,” and “change label,” which
Figure 1: EMDT overview Fig.1. gives an overview of EMDT which consists of three types of actions, detection, tracing, and restriction. Each process or executable has two states, suspicious and benign. The restriction action forbids a suspected intruder to perform malware behaviours in order to protect CIAP. That is to protect confidentiality, integrity and availability, as well as to stop malware propagation. The three actions work as follows: Once detecting a suspected process or executable, EMDT labels it as suspicious and traces its descendent and interacted processes, as well as its generated executables. EMDT does not restrict benign processes at all, and permits suspicious processes to run as long as possible but stops their malware behaviours that would
resemble those of normal MACs. The detailed decision logic of Tracer is shown in Table 2. The detection and tracing actions lead to the decision result “change label,” while restriction action leads to “deny.” All access requests not denied are allowed. As an online approach, Tracer can produce the FP rate lower than that of behaviourblocking mechanisms in commercial antivirus software. This is achieved by two means. First, as a MAC system, EMDT blocks a behaviour based simultaneously on the behaviour and security label (i.e., the suspicious label of the current
process),
rather
than
merely
the
behaviour as done by a behaviour-blocking system. Second, EMDT does not simply refuse all critical malware behaviours in Table 1.
cause security damages. The object and parameter represent the target and parameter of the operation, respectively.
Specific
malware
behaviours
monitored in the current version of EMDT are
1051
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
1) Detecting Intruders The
treated as suspicious. Hence, we provide two detecting
action
is
responsible for identifying all potential intruders. We do not intend to design a complex intrusion detection algorithm to achieve a low FP rate at the cost of heavy overhead. Instead, we design a light-weight intrusion detection algorithm that can identify all potential intruders but may have a relatively higher FP rate at the initial step. Tracing and restricting actions, will still allow it to run rather than stop it immediately, but only prevent it from executing featured malware behaviours. As depicted in Fig. 1, the detection works at two
means to facilitate these system maintenance tasks. The Benign Process and Suspicious Process columns represent that the processes requesting the behaviours below are benign or suspicious, respectively.
Labelexecutable and
Labelprocess indicate changing the label of related process
or
respectively.
executable Deny
to
indicates
suspicious, denying
the
behaviour. This type of detection will not bring extra performance overhead since the restricting action of EMDT also needs to monitor such behaviours which will be presented in future.
levels: entrance and interior. D(P) =
Benign
otherwise
Suspicious
if s€p
(1)
2) Tracing Intruders To track intruders within an
Where D(P) is detection of process, signature s
operating
belongs to signature based, it comes in
information flow as done in [13], [14]. However, a
suspicious folder. The detection at entrance
major
attempts to check all possible venues through
information flow to trace suspicious entities is
which a malware program may break into the
that, file and process tagging usually leads the
system. Dangerous protocols are permitted by
entire system to be floated with “suspicious”
firewalls, thus malware programs often use these
labels and thus incurs too many FPs. To address
protocols to penetrate firewalls by disguising
this issue, we propose the following two methods
themselves as popular software that generate
to limit the number of tagged files and processes
benign network traffic. Dangerous protocols
in a single OS while preventing malware
mainly include HTTP, POP3, IRC, SMTP, FTP,
programs from evading the tracing as much as
and ICMP. With these detection approaches
possible. For tagging files, unlike the approaches
enforced,
system
in [13], [14] and the schemes of many malware
maintenance tasks, i.e., updating software
detection and MAC systems [2], [4], that trace
through the network and installing software from
information flow on OS level, Tracer only focuses
a removable drive, cannot be performed because
on the tagging of executables while ignoring
the processes that perform these tasks are
nonexecutables and directories. This is because
1052
www.ijitce.co.uk
however,
two
types
of
system,
challenge
one for
can
use OS-level
leveraging
OS
level
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
an executable represents the possible execution
The diagram
below shows the
flow of the process loading it, thus it should be
general architecture of an instantiated HMM.
deemed as an inactive intruder while a process
Each oval shape represents a random process
is considered as an active intruder.
that can adopt any of a number of files. The random process(t) is the hidden state at time t (with the model from the above diagram ,x(t) ∈ { x1, x2, x3 }). The Malware, y(t) is the
M
observation at time t (with y(t) ∈ { y1, y2, y3, y4 }). The arrows in the diagram denote conditional
B
S g S
D
H H
D
S
dependencies of the files .In the standard type of hidden Markov model considered here, the state
H S
S
D
H
space of the hidden variables is discrete, while the observations themselves can either be
S
D
discrete (typically generated from a categorical
H
distribution)
or
continuous
(typically
from
a Gaussian distribution). The parameters of a Fig 1.1. The mechanism to dynamically detecting
hidden Markov model are of two types, transition
the malware behaviours to OS
probabilities
and
emission probabilities (also
known as output probabilities). The transition For tagging processes, we observed that the excessive number of tags mainly
come
from
tracing
Interposes
Communication, i.e., marking a process as suspicious if it receives IPC data from a suspicious process. To address this issue, Tracer only tags a process receiving data from dangerous IPCs that can be exploited by a malware program to take control of the process to
perform
Concretely,
arbitrary we
malicious
analysed
behaviours.
all vulnerabilities
recorded in security bulletins related to namedpipes, local procedure calls, shared memories, mail slots, IPCs send free-formed data that can be crafted to exploit bugs in the receiving process by hidden morkov model.
probabilities control the way the hidden state at time
is chosen given the hidden state at
time
. The hidden state space is assumed
to consist of one of
possible values, modeled
as a categorical distribution. (See the section below on extensions for other possibilities.) This means that for each of the
possible states
that a hidden variable at time
can be in, there
is a transition probability from this state to each of the at time
possible states of the hidden variable , for a total of
transition
probabilities. Note that the set of transition probabilities for transitions from any given state must sum to 1. Thus, the transition
probabilities
is
matrix of aMarkov
matrix.
Because any one transition probability can be
1053
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
determined once the others are known, there are a total of
transition parameters. In addition, for each of the
3)
possible
Probability of an observed sequence of malware
states, there is a set of emission probabilities
The task is to compute, given the parameters of
governing the distribution of the observed
the model, the probability of a particular output
variable at a particular time given the state of the
sequence. This requires summation over all
hidden variable at that time. The size of this set
possible state sequences:
depends on the nature of the observed process
The probability of observing a sequence
of malware. For example, if the observed malware
is discrete with
governed
by
of
possible values,
a signature
based
system
distribution , there will be
separate
parameters, for a total of
emission
length L is given by
Where the sum runs over all possible
of hidden malware in the system over all hidden
hidden-node sequences
states in the code or process. On the other hand, if the observed malware is an vector
distributed
an
Applying the principle of dynamic
arbitrary multivariate Gaussian distribution, there
programming, this problem, too, can be handled
will
efficiently using the forward algorithm.Probability
be
according
-dimensional
parameters
the means and
to
controlling
of the latent files in Software’s: A number of
parameters
controlling the covariance matrix, for a total of
related tasks ask about the probability of one or more of the latent files, given the model's parameters
emission parameters. (In such a case, unless
observations
the value of
4) Filtering
is small, it may be more practical
to restrict the nature of the covariances between individual elements of the observation vector, e.g. by assuming that the elements are independent of each other, or less restrictively, are independent of all but a fixed number of adjacent elements.)
and
a
sequence
of
The task is to compute, given the model's
parameters
and
a
sequence
of
observations, the distribution over hidden states of the last latent contents at the end of the sequence,
i.e.
to .
compute This
task
is
normally used when the sequence of latent variables is thought of as the underlying states that a process moves through at a sequence of
1054
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
points of time, with corresponding observations
compressed
at each point in time. Then, it is natural to ask
documents.
files
and
Microsoft
Office
about the state of the process at the end. The result reveals that in reality it is quite difficult to propagate malware through local IPCs within a OS
.Consequently,
Tracer
employs
a
Dangerous-IPC-List to record and trace each type of dangerous IPC since there should be a very limited number of dangerous IPCs in a OS. Therefore, we have the following tracing rules to mark entities as suspicious:
5) Restricting Intruders In order to disable malware programs on a host, the restricting action monitors and blocks intruders’ requests for executing critical malware behaviours listed in Table1. To follow the principle of complete mediation for building a security protection
1. A process spawned by a suspicious process
system, Tracer further restricts two extensive
2. An executable or semi executable created or
behaviours, called generic malware behaviours, to protect security more widely. The first one is
modified by a suspicious process
“Steal confidential information,” which represents all illegal reading of confidential information from
3. A process loading an executable with a
files and registry entries. The other is “Damage suspicious label
system integrity,” which represents all illegal
4. A process receiving data from a suspicious process through a dangerous IPC; and A process reading a semi executable or script file with a suspicious label.
modifications of the files and registry entries that require preserving integrity. In addition, other behaviours that can be used to bypass Tracer mechanism also need to be monitored and restricted, including “Change file attributes,” “Change registry entry attributes,” “Execute non
A script file is written in interpreting language, e.g., JavaScript or VBScript, and thus needs execution
engine,
e.g.,
wscript.exe
or
cscript.exe, to load and run it. Accordingly, to defend against a script virus, Tracer should restrict the engine processes that are reading and interpreting a suspicious script file. On the other hand, a semi executable represents certain types of data files that might contain executable codes, which mainly involves various types of
executable files,” and “Execute Tracer special system calls.” The behaviour “Change file attributes” represents changing file extension names to executable or changing file DAC information. All behaviours restricted are listed on the column “restrict” in Table 2. In summary, the restricting action consists of three rules: 1. Restricting critical malware behaviours, 2. Restricting generic malware behaviours, 3. Restricting behaviours bypassing Tracer.
1055
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021 Input type for Malware
protected objects, respectively. However, it is
Tracer
difficult to identify the objects that need
EMDT System
signatures
protection among a large number of candidates
Extract Filtering
Benign
in a
Malware container
suspicious
OS in order to recognize the generic
malware behaviours Algorithm1:
Monitoring
the
Application
Process : Fig.1.2. Dynamically restricting and detecting the malware behaviours using EMDT process by mediating all these behaviours, Tracer is able
Input: File to be read , Buffer reader Process:
to preserve system security and prevent a
If
malware program from propagating itself in the
Process==Benign)
system. To be specific, confidentiality is mainly achieved by blocking the generic behaviour “Steal confidential information;” integrity is mainly protected by blocking the generic behaviour “Damage
system
integrity;”
availability
is
defended by blocking the behaviours listed in Table1
with the capital letter A attached;
propagation is prevented by blocking the
(File!=
Copying
Behaviour)||(Current
Return Operation To Buffer For (Node of file =Read list of Buffer) If(File==Node) Statement: Attach the File in the Buffer reader Else
behaviours in Table1 with the capital letter P
Statement: copy the File into Node(Stack) for
attached. Meanwhile, blocking these behaviours
Blocking
can help to defend against unknown malware programs
for
two
reasons.
First,
Then
these
behaviours are extracted from thousands of
Copy the file into buffer
malware samples and thus represent popular hacking techniques that are often used in unknown
malware
programs
by
Return (permit the File to monitor)
malware
authors. To efficiently restrict these malware behaviours, two issues need to be addressed.
The algorithms may impose a relatively high
The first is how to determine the generic malware
overhead only on the malware processes that
behaviours.
frequently exhibit file copying behaviours but not
We
identify
behaviours
“Steal
confidential information” and “Damage system
on
benign
processes
integrity” by monitoring illegal reading on read-
processes
protected objects and illegal writing on write-
algorithms only need to monitor the file-copying
1056
www.ijitce.co.uk
that
are
and actually
the
suspected
benign.
The
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
behaviour “Copy itself” by watching the read operation on the process’ image file. However, in reality a benign process rarely tries to copy itself, thus the read-list is often empty and the algorithms do not need to do anything. It only
4
Root Kit
needs to read an executable in two situations
protocol or system Channel Integrity
system Integrity
Removable Drive like pen drive or CD
Corrupt or modify driver softwar es
Corrupt or modify driver softwar es
FTP
Driver softwar e corrupti on
Driver softwar e corrupti on
while such read operations do not need to be recorded into the read-list. 5
Back Door
Algorithm for detection that correlate read and writes operations by comparing buffer contents are more difficult to be circumvented than other
Table 3: EMDT detected Malware Types
candidate algorithms, e.g., comparing buffer addresses. In the worst case that a malware program
successfully
circumvents
the
algorithms, EMDT still can tail it by monitoring related behaviours, e.g., “Create executables,” since file-copying behaviours need to create
6) Dynamic changes of Malware Behaviours detection Process: If the detection is purely based on known malware characteristics and behaviours,
executables.
1
Wor m
2
Troja n
3
P2P wor m
Website
Website
Behaviour detected by Directed Graph Behaviour technique Detected By EMDT
Migrating Channels
Malware Type
S. No
a detector may not be able to function effectively
Copy, Modify the Applicat ion content
Copy, Modify the Applicat ion content
Copy, Modify the Applicat ion content
Copy, Modify the Applicat ion content
in the long run as new malware characteristics and behaviours may emerge over the time. To address this limitation [15], a novel extensible mechanism is implemented in EMDT so it can dynamically add in new behaviours to monitor. A behaviour consists of operation, object, and parameter. For example, the operation create_ file corresponds to two system calls: NtOpenFile and NtCreateFile. In contrast, a single system call may contain more than one operation.
In each concerned system call, we set up one or Communic ation
Damag e
Damag e
1057
more checkpoints, each of which is responsible for checking the behaviours belonging to the
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
same operation with the support of a modifiable behaviour list in memory. The new malware behaviours are read from a configuration file and distributed
to
proper
behaviour
lists
8) Performance Measures Detection rate using Kotlin
corresponding to different operations in memory.
Algorithm2: Detecting Process :
At each checkpoint, Tracer searches for the
Input: File to be read , Buffer writer
object and parameter currently requested in the
Process:
corresponding list to determine whether the current access forms a malware behaviour.
the Malware
If (File != Copying Behaviour)||(Current Process==suspicious) Return Operation To Buffer
7) Evaluation Results
For (Node of file =Read list of Buffer) Table
3
describes
the
detailed test results of 7 selected malware samples. We can see that all the malware samples are successfully disabled via the restriction of their malware behaviours. For
If(File==Node) Statement: Attach the File in the Buffer writer Else
example, the worm “Worm.” downloaded from
Statement:
the local website has the following main steps for
Blocking file from Corruption Then
function: it first copies itself, i.e., regsv.exe, to
Copy the malware type into buffer writer
hard drive in OS, then runs regsv.exe as a new process, the new process then adds a value
Return (Malware type to buffer)
under registry key regsv.exe so that it can be launched when the system restarts, finally listens at port 113 to accept commands from a remote
It shows the EMDT system detection rate in
attacker. On a host without EMDT enabled, all
percentages with directed graph technique for
above
executed.
multiple OS systems. On an average, 85% of
However, after activating the EMDT protection,
malware types in the host (OS) can be effectively
the malware behaviour “Copy itself” is blocked,
determined
i.e., the malware cannot create a new copy of
processing of EMDT using Kotlin running in
itself in the system folder. Consequently, the rest
source code of the application 40% of coding is
of the behaviours do not appear anymore
reduced and hence the system detects the
steps
are
successfully
because these behaviours depend on the new process launched from the malware’s copy. In other words, the worm is disabled.
by
proposed
system.
[16]
In
malware with signature based system and machine learning based system
in which it
considerably reduces the false positive rate.
1058
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
9) Calculation for False positive
Conclusion and Future enhancement
False positive rate = 1- (No .of True Positive /
In this paper, we propose a novel MAC
(No.
enforcement approach that integrates intrusion
of
True
positives
+
No.
of
false
Negatives))
detection and tracing to defend against malware
The modules that block suspicious behaviours contribute to most of FPs of the antimalware tools. The fundamental reason is that the antimalware tools identify a suspicious behaviour only based on the behaviour itself while Tracer further considers the suspicious label of the process requesting the behaviour.
in an android OS developed by using Kotlin as a source code. We have extracted 30 critical malware behaviours and three common malware characteristics for the incompatibility and low usability problems in MAC, which will benefit other researchers in this area. Based on these studies, we propose a novel MAC enforcement approach, called EMDT using Hidden markov model, to disable malware timely without need of
10 8 6 4 2 0
malware signatures or other knowledge in advance. The novelty of Tracer design is two-
EMDT
fold. One is to use intrusion detection and tracing
Directed Graph
to automatically configure security labels. The other is to trace and restrict suspected intruders instead of information flows as done by
Figure 5: Detection Rate of Virus through EMDT and Directed graph
traditional MAC schemes. EMDT system doesn’t restrict the suspected intruders right away but allows them to run as long as possible except blocking their critical malware behaviours. This
False Positive Measures
design produces a MAC system with good compatibility
False positives
usability.
We
have
implemented Tracer in several OS and the
1.2
1.8 3.2
and
8.2
LOMAC
evaluation results show that it can successfully
DTE
defend against a set of real-world malware
Directed Graph
programs,
EMDT
including
unknown
malware
programs, with much lower FP rate than that of commercial antimalware techniques by using
Figure.6: Comparing the false positive rate of EMDT with other existing technique
Kotlin as a implementation tool which has a unique feature of reducing syntactic structure of the source code[16].In future we are going to launch this work for a large cloud server runs the
1059
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
application
front-end
logic
and
data
are
[14]
Intrusion Recovery System,” Proc. 20th ACM Symp.
outsourced to a database or file server where
Operating Systems Principles (SOSP ’05), pp. 163-176,
there is increase in application and data complexity.
A. Goel, K. Po, K. Farhadi, Z. Li, and E. Lara, “The Taser
2005. [15]
Z. Shan, X. Wang, and T. Chiueh, “Tracer: Enforcing Mandatory Access Control in Commodity OS with the Support of Light- Weight Intrusion Detection and Tracing,” Proc. Sixth ACM Symp. Information, Computer
REFERENCES [1].
and Comm. Security, pp. 135-144, Mar. 2011.
N. Li, Z. Mao, and H. Chen, “Usable Mandatory Integrity Protection for Operating Systems,” Proc. IEEE Symp. Security and Privacy (SP ’07), pp. 164-178, 2007.
[2]
T. Fraser, “LOMAC: Low Water-Mark Integrity Protection for COTS Environments,” Proc. IEEE Symp. Security and Privacy (SP ’00), pp. 230-245, 2000.
[3]
Microsoft,
Mandatory
Integrity
Control,
http://en.wikipedia.org/
wiki/
Mandatory_Integrity_Control, 2012. [4]
LucaArdito,Riccardo Coppola, Giovanni Malnati, Marco
Torchiano ,”Effectiveness of Kotlin vs. Java in android app development tasks”,
Journal of
Information and Software
Technology (ElseVier),Nov 2020,Vol 127,106374
ACKNOWLEDGEMENT Dr.A.EdwinRobert, MCA.,M.Phil.,Ph.D in Computer
X. Wang, Z. Li, J.Y. Choi, and N. Li, “PRECIP: Towards
Science. He is working as an Associate professor in
Practical and Retrofittable Confidential Information
Computer Science at SMS College of Arts and
Protection,” Proc. 15th Network and Distributed System
Science, Coimbatore, Tamilnadu,India. He had 13
Security Symp., 2008. [5]
[16]
L. Badger, D.F. Sterne, D.L. Sherman, K.M. Walker, and S.A.
Haghighat,
“Practical
Domain
and
Type
Enforcement for UNIX,” Proc. IEEE Symp. Security and
years of teaching experience. He has presented some papers in International Conferences. His area of research is Software Engineering and Security.
Privacy (S&P), pp. 66-77, 1995. [6]
X. Wang, Z. Li, J.Y. Choi, and N. Li, “PRECIP: Towards Practical and Retrofittable Confidential Information Protection,” Proc. 15th Network and Distributed System Security Symp., 2008.
[7]
E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R.A. Kemmerer, “Behaviour-Based Spyware Detection,” Proc. 15th Conf. USENIX Security Symp. (USENIX-SS ’06), 2006.
[8]
L. Martignoni, E. Stinson, M. Fredrikson, S. Jha, and J.C. Mitchell, “A Layered Architecture for Detecting Malicious Behaviours,” Proc. 11th Int’l Symp. Recent Advances in Intrusion Detection, pp. 78-97, 2008.
[9]
C. Nachenberg, “Behaviour Blocking: The Next Step in Anti-Virus
Protection,”
http://www.securityfocus.com/infocus/1557, Mar. 2002. [10]
Kaspersky Lab, http://www.kaspersky.com/, 2012.
[11]
Vipre, Inc., http://www.vipre.com/vipre/, 2012.
[12]
http://www.symantec.com/business/security_ response/ threat explorer/threats.jsp, 2012.
[13]
S.T. King and P.M. Chen, “Backtracking Intrusions,” Proc. 19th ACM Symp. Operating Systems Principles (SOSP ’03), pp. 223-236, 2003.
1060
www.ijitce.co.uk
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.11 NO.11 NOV 2021
1061
www.ijitce.co.uk