Static Analysis Approach Research Articles

PHIGrader: Evaluating the effectiveness of Manifest file components in Android malware detection using Multi Criteria Decision Making techniques

The popularity of the Android operating system has itself become a reason for privacy concerns. To deal with such malware threats, researchers have proposed various detection approaches using static and dynamic features. Static analysis approaches are the most convenient for practical detection. However, several patterns of feature usage were found to be similar in the normal and malware datasets. Such high similarity in both datasets’ feature patterns motivates us to rank and select only the distinguishing set of features. Hence, in this study, we present a novel Android malware detection system, termed as PHIGrader for ranking and evaluating the efficiency of the three most commonly used static features, namely permissions, intents, and hardware components, when used for Android malware detection. To meet our goals, we individually rank the three feature types using frequency-based Multi-Criteria Decision Making (MCDM) techniques, namely TOPSIS and EDAS. Then, the system applies a novel detection algorithm to the rankings involving machine learning and deep learning classifiers to present the best set of features and feature type with higher detection accuracy as an output. The experimental results highlight that our proposed approach can effectively detect Android malware with 99.10% detection accuracy, achieved with the top 46 intents when ranked using TOPSIS, which is better than permissions, hardware components, or even the case where other popular MCDM techniques are used. Furthermore, our experiments demonstrate that the proposed system with frequency-based MCDM rankings is better than other statistical tests such as mutual information, Pearson correlation coefficient, and t-test. In addition, our proposed model outperforms various popularly used feature ranking methods such as Chi-square, Principal Component Analysis (PCA), Entropy-based Category Coverage Difference (ECCD), and other state-of-the-art Android malware detection techniques in terms of detection accuracy.

A Static Security Region Analysis of New Power Systems Based on Improved Stochastic–Batch Gradient Pile Descent

The uncertainty in the new power system has increased, leading to limitations in traditional stability analysis methods. Therefore, considering the perspective of the three-dimensional static security region (SSR), we propose a novel approach for system static stability analysis. To address the slow training speed of traditional deep learning algorithms using batch gradient descent (BGD), we introduce an improved stochastic–batch gradient descent (S-BGD) search method that combines the advantages of stochastic gradient descent (SGD) in fast training. This method ensures both speed and precision in parameter training. Moreover, to tackle the problem of getting trapped in local optima and saddle points during parameter training, we draw inspiration from kinematic theory and propose a gradient pile (GP) training method. By utilizing accumulated gradients as parameter corrections, this method effectively avoids getting stuck in local optima and saddle points, thereby enhancing precision. Finally, we apply the proposed methods to construct the static security region for the IEEE-118 new power system using its data as samples, demonstrating the effectiveness of our approach.

Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF

Ensuring the security of Android applications is paramount, especially for apps like Mobile JKN, launched by the Social Security Agency on Health “BPJS Kesehatan” under the Ministry of Health Republic Indonesia, which contain sensitive participant data. Such information is often targeted by cybercriminals seeking personal gain through data theft by exploiting security vulnerabilities within the application. To address these risks, a thorough analysis was conducted to detect security loopholes in the Mobile JKN application. The study used the Mobile Security Framework (MOBSF) tools and involved static and dynamic analyses. Despite the application’s implementation of secure SSL Pinning and detection of rooted devices, the static analysis revealed potential security loopholes, including dangerous permission access, weak cryptographic methods, and vulnerable hardcoded secrets. Moreover, the application was found vulnerable to Janus, SQL Injection, and padding oracle attacks. While the dynamic analysis showed satisfactory implementation of SSL Pinning and no performance degradation, it also revealed that root detection was lacking, and debugger connections were not detected while the application was running. These findings emphasize the critical need for immediate security enhancements in the Mobile JKN application.

A nonlocal higher-order shear deformation approach for nonline ar static analysis of magneto-electro-elastic sandwich Micro/Nano-plates with FG-CNT core in hygrothermal environment

In this study, the nonlocal static analysis of Magneto-Electro-Elastic (MEE) sandwich micro/nano-plates with Functionally Graded Carbon Nanotubes (FG-CNTs) core in a hygrothermal environment is studied. The nonlocal static formulation is developed based on Reddy's High-order Shear Deformation theory (HSDT). The von Kármán nonlinear strains are used and the governing equations of the HSDT are derived accounting for Eringen's nonlocal stress-gradient model. The governing equations are solved using the Galerkin method, which involves expanding the displacement field based on orthogonal functions. The variation of the volume fractions through the thickness of FG-CNTs core layer has been computed using two different homogenization techniques: the rule of mixtures and the Mori–Tanaka scheme. A detailed parametric study to show the characteristics of the FG-CNTs core, nonlocal parameters, thermal and moisture changes, types of CNT reinforcement and volume fraction, electric and magnetic potentials, and geometric parameters. The results are compared with the first-order shear deformation theory (FSDT) and classical plate theory to show the accuracy of nonlocal High-order Shear Deformation theory(NHSDT) formulation.

Leveraging deep learning and image conversion of executable files for effective malware detection: A static malware analysis approach

<abstract><p>The escalating sophistication of malware poses a formidable security challenge, as it evades traditional protective measures. Static analysis, an initial step in malware investigation, involves code scrutiny without actual execution. One static analysis approach employs the conversion of executable files into image representations, harnessing the potency of deep learning models. Convolutional neural networks (CNNs), particularly adept at image classification, have potential for malware detection. However, their inclination towards structured data requires a preprocessing phase to convert software into image-like formats. This paper outlines a methodology for malware detection that involves applying deep learning models to image-converted executable files. Experimental evaluations have been performed by using CNN models, autoencoder-based models, and pre-trained counterparts, all of which have exhibited commendable performance. Consequently, employing deep learning for image-converted executable analysis emerges as a fitting strategy for the static analysis of software. This research is significant because it utilized the largest dataset to date and encompassed a wide range of deep learning models, many of which have not previously been tested together.</p></abstract>

Software Fault Prediction Using FeatBoost Feature Selection Algorithm

A critical aspect of software engineering is Software fault prediction which aims to identify and prevent errors in software systems before their release which can cause failures or issues for its users. Various techniques and tools have been developed to detect software faults, including static code analysis, dynamic testing, and machine learning-based approaches. In past few years, the world has seen a growing interest in the use of ML models for predicting software faults, as they can effectively analyse high dimensional datasets and detect complex patterns which are difficult for human experts to detect. However, developing accurate and reliable software fault detection models requires careful selection of data, feature engineering, and model evaluation. This purpose of this paper is to present a comprehensive analysis of potential applications and future research directions in the field of software fault detection. The study emphasizes the importance of identifying and addressing software faults to ensure the reliability and efficiency of software systems. Additionally, the paper outlines various approaches and techniques that can be employed for effective software fault detection.

An improved FSDT with an efficient mesh-free approach for nonlinear static analysis of FG-GOPRC beams

The aim of this paper is to enhance the First Shear Deformation Theory (FSDT) beam and apply it to investigate the linear and nonlinear static bending behavior of beams containing functionally graded graphene oxide powder-reinforced composite (FG-GOPRC). In this study, we propose an improvement to the FSDT by utilizing a high-order mesh-free approach. Unlike some existing FSDT methods, our proposed study uses a nonlinear shear deformation term coupling, which is crucial to illustrate the effect of nonlinear cases of various boundary conditions under a strong formulation, even without selective or reduced integration, resulting in lower computation costs. Using the principle of minimum potential energy, the governing equations are rewritten in a matrix–vector strong form and discretized using the Radial Point Interpolation Method with variable shape parameter (VS-RPIM) and linearized using a High Order Path Following Techniques (HOPFT). To account for the behavior of GOPRC, we utilized the modified Halpin–Tsai model to estimate the effective Young’s modulus, while the rule of mixture was employed to determine the effective Poisson’s ratio. Furthermore, the weight fractions of the graphene oxide powder (GOP) vary continuously through the thickness direction of the composite beams. To validate the proposed numerical model, we provide various comparison studies to demonstrate its robustness and accuracy. Additionally, we conduct parametric studies to examine the effects of different parameters, such as length-to-thickness ratio, GOP distribution patterns, weight fraction, and size of GOP, types of loads, and boundary conditions on the nonlinear bending behavior of FG-GOPRC beams. We also investigate the neglected term in some literature, which is of interest in our study. In summary, this paper proposes an enhanced FSDT to investigate the nonlinear static behavior of FG-GOPRC beams. The proposed model is validated through various comparison studies and parametric analyses, demonstrating its robustness and accuracy. Our study provides useful insights into the nonlinear bending behavior of FG-GOPRC beams and highlights the importance of nonlinear shear deformation term coupling.

The role of program analysis in security vulnerability detection: Then and now

Program analysis techniques play an important role in detecting security vulnerabilities. In this paper we describe our experiences in developing a variety of tools that detect security vulnerabilities in an industrial setting. The main driving forces for adoption of program analysis tools by a development organisation are low false positive rate, ease of integration in the developer's workflow, scalability to handle industrial size systems and results that are easy to understand. Even if one the above dimensions is not supported, the tool will not be used in practice.We show how the analyses of program analysis tools have changed over more than a decade due to differences in languages, e.g., code written in systems-level languages like C tend to focus on memory-related vulnerabilities, in contrast to languages like Java, JavaScript and Python where the focus is more on injection vulnerabilities in web or cloud applications. Based on language, static or dynamic analysis approaches are needed, including hybrid approaches.We conclude with our vision on Intelligent Application Security – how program analysis tools will keep changing to enable the DevSecOps model given the fertile ground that the DevOps model provides today. We foresee different program analysis tools working together by sharing information, including the results they produce, while addressing newer security issues such as those related to supply chain issues. In this way, program analysis tools would be extended with relevant machine learning techniques and be integrated in all different phases of the code development, building, testing, deployment and monitoring cycle.

Finding Taint-Style Vulnerabilities in Lua Application of IoT Firmware with Progressive Static Analysis

With the rapid growth of IoT devices, ensuring the security of embedded firmware has become a critical concern. Despite advances in existing vulnerability discovery methods, previous research has been limited to vulnerabilities occurring in binary programs. Although an increasing number of vendors are utilizing Lua scripting language in firmware development, no automated method is currently available to discover vulnerabilities in Lua-based programs. To fill this gap, in this paper, we propose FLuaScan, a novel progressive static analysis approach specifically designed to detect taint-style vulnerabilities in Lua applications in IoT firmware. FLuaScan first heuristically locates the code that handles user input, then divides the code into different segments to conduct a progressive taint analysis. Finally, a graph-based search method is applied to identify vulnerable code that satisfies the conditions of taint propagation. To comprehensively compare FLuaScan with state-of-the-art tool Tscancode, we conducted various experiments on a dataset consisting of 13 real-world firmware samples from different vendors. The results demonstrate the superior performance of FLuaScan in terms of accuracy (increased TP rate from 0% to 42.50%), effectiveness (discovered 21 vulnerabilities, of which 7 are unknown), and practicality (acceptable time overhead and visual output to assist in manual analysis).

Examining an Islamic Financial Inclusivity and Its Impact on Fundamental Economic Variables in Indonesia (An Approach of Static Panel Data Analysis)

Examining an Islamic Financial Inclusivity and Its Impact on Fundamental Economic Variables in Indonesia (An Approach of Static Panel Data Analysis)

High-fidelity aeroelastic transonic analysis using higher-order structural models

A novel computational approach for static aeroelastic analysis of metal and composite wings in transonic flows is proposed. Static aeroelastic analysis is often performed coupling beam/plate structural formulations with low-fidelity inviscid and irrotational aerodynamics. When high subsonic, transonic or supersonic regimes are met, low-fidelity aerodynamics is unable to accurately describe flow separation, viscous phenomena, and/or shock waves, unless suitable corrections are considered. This work combines the use of a variable-order kinematics structural model with Computational Fluid Dynamics (CFD), with the aim of developing a flexible computational aeroelastic framework. In particular, the structural model is based on the Carrera Unified Formulation and Equivalent Plate Modelling, whose governing equations are then solved through the Finite Element Method. The CFD analysis is performed using the high-fidelity open-source software SU2. The fluid–structure interaction is captured resorting to an energetic approach based on the Moving Least Squares patch technique. The generality and flexibility of the developed tool is demonstrated considering: the structural analysis of a wing exhibiting taper ratio, sweep angle, spars and ribs; the aeroelastic static analysis of a transonic AGARD 445.6 wing; and a prototype aeroelastic tailoring study on a composite wing. Comparison with available literature results confirms the robustness of the approach.

A novel EFG meshless-ANN approach for static analysis of FGM plates based on the higher-order theory

An Element Free Galerkin (EFG) meshless formulation and solutions using higher order shear deformation theory with nine degrees of freedom for the static analysis of Functionally Graded Material (FGM) plates are provided. This technique estimates the shape function using Moving Least Squares (MLS) method. The proposed method is validated by comparing the present findings with those in the literature. A novel Artificial Neural Network (ANN) model is developed to forecast the deflection of FGM plates within less computational time. Detailed parametric and convergent studies reveal that the proposed EFG solution and the ANN technique are more efficient than their conventional counterparts. The validation and comparison of the generated results in the present investigation with the other analysis methods revealed that the EFG method and ANN model give more accurate results than the FEM and other meshless methods. The current EFG-ANN model reduces computing time by 99.94% when compared to the EFG approach. Also, the accuracy is enhanced using the EFG approach with HSDT9 for the FGM plate.

Machine learning and deep learning techniques for detecting malicious android applications: An empirical analysis

The open system architecture of android makes it vulnerable to a variety of cyberattacks. Cybercriminals use android applications to intrude into the system and steal confidential data. This situation poses a threat to user privacy and integrity of the system. This paper proposes a static analysis approach to detect malicious and benign Android applications using various machine learning and deep learning algorithms. The proposed work has been validated using a bench marked dataset comprising 11,449 benign and malicious Android applications. The proposed approach applies a wrapper-based feature selection method to filter irrelevant features. The results clearly show that the deep learning algorithms of DBN and MLP outperformed machine learning algorithms in detecting malicious Android applications.

Seismic Performance of Confined Versus Unreinforced Masonry Buildings on Hilly Slopes Using Linear Static and Dynamic Analysis Approaches

Seismic Performance of Confined Versus Unreinforced Masonry Buildings on Hilly Slopes Using Linear Static and Dynamic Analysis Approaches

BINO: Automatic recognition of inline binary functions from template classes

In this paper, we propose BINO, a static analysis approach that relieves reverse engineers from the challenging task of recognizing library functions that have been inlined. BINO recognizes inline calls of methods of C++ template classes (even with unknown data types). We do this through a binary fingerprinting and matching approach. Our fingerprint model captures syntactic and semantic features of an assembly function, along with its Control-Flow Graph structure. Using these fingerprints and subgraph isomorphism, it recognizes inline method calls in a target binary. BINO automates the fingerprints generation phase by parsing the source code of the template classes and automatically building appropriate binaries with representative inline calls of said methods. We evaluate BINO by performing experiments on a dataset of 555 GitHub C++ projects containing 10,600 inline functions, exploring several optimization levels that allow the compiler to inline function calls. We show that our approach can recognize inline function calls to the most used methods of well-known template classes with an F1-Score up to 63% with the -O2, -O3, and -Ofast optimizations levels.

SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-flow Analysis

Rust is an emerging programming language that aims to prevent memory-safety bugs. However, the current design of Rust also brings side effects, which may increase the risk of memory-safety issues. In particular, it employs ownership-based resource management and enforces automatic deallocation of unused resources without using the garbage collector. It may therefore falsely deallocate reclaimed memory and lead to use-after-free or double-free issues. In this article, we study the problem of invalid memory deallocation and propose SafeDrop , a static path-sensitive data-flow analysis approach to detect such bugs. Our approach analyzes each function of a Rust crate iteratively in a flow-sensitive and field-sensitive way. It leverages a modified Tarjan algorithm to achieve scalable path-sensitive analysis and a cache-based strategy for efficient inter-procedural analysis. We have implemented our approach and integrated it into the Rust compiler. Experiment results show that the approach can successfully detect all such bugs in our experiments with a limited number of false positives and incurs a very small overhead compared to the original compilation time.

A system call-based android malware detection approach with homogeneous & heterogeneous ensemble machine learning

The enormous popularity of Android in the smartphone market has gained the attention of malicious actors as well. Also, considering its open system architecture, malicious attacks don’t seem to wane anytime soon. Cybercriminals use deceptive attack strategies like obfuscation or dynamic code loading to evade the system. A conventional static analysis approach fails to identify such attacks. Mitigating a wide range of evasive attacks requires excogitating savvy dynamic analysis framework. This paper proposes a precise dynamic analysis approach to identify a slew of malicious attacks. The proposed method focus on behavioral analysis of malware that requires reconstructing the behavior of Android malware. The dynamic behavior features used include system calls, binders, and complex Android objects (composite behavior). For efficient malware detection and classification, a feature selection method is used to remove extraneous features. For classification, we use homogeneous and heterogeneous ensemble machine learning algorithms. The stacking approach has the best classification results with an accuracy rate of 98.08%. The rigorous experimental results show the effectiveness and superiority of the model.

A hybrid machine learning approach for analysis of stegomalware

PurposeGiven how smart today’s malware authors have become through employing highly sophisticated techniques, it is only logical that methods be developed to combat the most potent threats, particularly where the malware is stealthy and makes indicators of compromise (IOC) difficult to detect. After the analysis is completed, the output can be employed to detect and then counteract the attack. The goal of this work is to propose a machine learning approach to improve malware detection by combining the strengths of both supervised and unsupervised machine learning techniques. This study is essential as malware has certainly become ubiquitous as cyber-criminals use it to attack systems in cyberspace. Malware analysis is required to reveal hidden IOC, to comprehend the attacker’s goal and the severity of the damage and to find vulnerabilities within the system.Design/methodology/approachThis research proposes a hybrid approach for dynamic and static malware analysis that combines unsupervised and supervised machine learning algorithms and goes on to show how Malware exploiting steganography can be exposed.FindingsThe tactics used by malware developers to circumvent detection are becoming more advanced with steganography becoming a popular technique applied in obfuscation to evade mechanisms for detection. Malware analysis continues to call for continuous improvement of existing techniques. State-of-the-art approaches applying machine learning have become increasingly popular with highly promising results.Originality/valueCyber security researchers globally are grappling with devising innovative strategies to identify and defend against the threat of extremely sophisticated malware attacks on key infrastructure containing sensitive data. The process of detecting the presence of malware requires expertise in malware analysis. Applying intelligent methods to this process can aid practitioners in identifying malware’s behaviour and features. This is especially expedient where the malware is stealthy, hiding IOC.

Optimizing smart contract vulnerability detection via multi-modality code and entropy embedding

Smart contracts have been widely used in the blockchain world these years, and simultaneously vulnerability detection has gained more and more attention due to the staggering economic losses caused by the attacker. Existing tools that analyze vulnerabilities for smart contracts heavily rely on rules predefined by experts, which are labour-intense and require domain knowledge. Moreover, predefined rules tend to be misconceptions and increase the risk of crafty potential back-doors in the future. Recently, researchers mainly used static and dynamic execution analysis to detect the vulnerabilities of smart contracts and have achieved acceptable results. However, the dynamic method cannot cover all the program inputs and execution paths, which leads to some vulnerabilities that are hard to detect. The static analysis method commonly includes symbolic execution and theorem proving, which requires using constraints to detect vulnerability. These shortcomings show that traditional methods are challenging to apply and expand on a large scale. This paper aims to detect vulnerabilities via the Bug Injection framework and transfer learning techniques. First, we train a Transformer encoder using multi-modality code, which contains source code, intermediate representation, and assembly code. The input code consists separately of Solidity source code, intermediate representation, and assembly code. Specifically, we translate source code into the intermediate representation and decompile the byte code into assembly code by the EVM compiler. Then, we propose a novel entropy embedding technique, which combines token embedding, segment embedding, and positional embedding of the Transformer encoder in our approach. After that, we utilize the Bug Injection framework to automatically generate specific types of buggy code for fine-tuning and evaluating the performance of vulnerability detection. The experimental results show that our proposed approach improves the performance in detecting reentrancy vulnerabilities and timestamp dependence. Moreover, our approach is more flexible and scalable than static and dynamic analysis approaches in detecting smart contract vulnerabilities. Our approach improves the baseline approaches by an average of 11.89% in term of F1 score.

Bringing Energy Efficiency Closer to Application Developers: An Extensible Software Analysis Framework

Green, sustainable and energy-aware computing terms are gaining more and more attention during the last years. The increasing complexity of Internet of Things (IoT) applications makes energy efficiency an important requirement, imposing new challenges to software developers. Software tools capable of providing energy consumption estimations and identifying optimization opportunities are critical during all the phases of application development. This work proposes a novel framework that targets the energy efficiency at application development level. The proposed framework is implemented as a single user-friendly tool-flow, providing a variety of useful features, such as the estimation of the energy consumption without the need of executing the application on the targeted IoT devices and the estimation of potential gains by GPU acceleration on modern heterogeneous IoT architectures. The proposed methodology provides several novel contributions, such as the combination of static analysis and dynamic instrumentation approaches in order to exploit the advantages of both. The framework is evaluated on widely used benchmarks, achieving increased estimation accuracy (more than 90% for similar architectures and more than 72% for the potential use of the GPU). The effectiveness of the framework is further demonstrated using two industrial use-cases achieving an energy reduction from 91% up to 98%.