| Aneri Chavda | Image Spam Detection | ||
| Rachel Gonsalves | Stealthy Ciphertext Generation Using Hidden Markov Models | ||
| Swathi Nambiar Kadala Manikoth | Masquerade Detection in Android | ||
| Prathiba Nagarajan | Analysis of Periodicity in Botnets | ||
| Guruswamy Nellaivadivelu | Black Box Analysis of Android Malware Detectors | ||
| Vikash Raja Samuel Selvin | Malware Scores Based on Image Processing |
Email is one of the most common forms of digital communication. Spam can be defined as unsolicited bulk email,
while image spam includes spam text embedded in an image. Image spam is used to evade text-based spam filters
and hence it poses a threat to email based communication. In this research, we analyze image spam detection methods
based on various combinations of image processing and machine learning techniques. Our detection results
provide a significant improvement over previous research in some challenging cases.
In some circumstances, encrypted data can attract unwanted attention. In previous work,
a tree-based method was developed to convert encrypted data into text that could pass for
English, assuming a specific type of automated filtering. In this research, we develop a
method for converting encrypted data to text that uses a hidden Markov model (HMM).
We test our HMM-based method and show that we can successfully encode and decode ciphertext.
We also analyze the encoded ciphertext to determine whether it is "stealthy" in the sense
that it can pass an automated test for English.
A masquerader is an attacker who pretends to be an authorized user
of a system in order to avoid detection. In this research we consider the problem of
masquerade detection for Android devices. Our goal is to improve on previous work by
considering more features and a wider variety of machine learning techniques. Our approach
consists of verifying the identity of users based on individual features and combinations of
features. We determine which features contribute the most to masquerade detection.
A botnet consists of a network of infected computers that is controlled remotely via a
command and control (C&C) server. A typical botnet employs frequent communication between
the C&C server and the infected nodes. In this research, we carefully analyze the periodicity
of botnet traffic for a wide variety of botnets.
We apply machine learning to publicly available datasets to determine the strength of this
periodicity feature as a means for detecting botnet activity.
Malware detectors can use a variety of features to classify a program as malware. In this research,
we obfuscate individual features of known Android malware and determine whether the obfuscated malware can be
detected. Using this approach, we perform a black box analysis of several popular malware detectors.
Our analysis clearly shows which features are used by each of the malware detectors under consideration.
Previous work has shown that a useful malware score can be obtained when binaries are treated as images.
In this research, we implement, test, and analyze malware scores based on image processing. We test a wide
variety of image processing techniques and we employ various machine learning techniques. Further, we develop
a dataset that is designed to evade detection mechanisms that are based on image analysis. We analyze the
strengths and weaknesses of this "improved" malware dataset.