EPSRC backs spotting malicious apps
“Malware attacks are rising year on year, and over one million new Android malware attacks were identified in 2013 by McAfee,” said the Engineering and Physical Sciences Research Council (EPSRC), which is providing the funding.
“Malicious apps can gain access to address books, GPS coordinates, passwords or pin numbers. They can redirect your data across the net, send you to phishing sites and also bypass the two-step authentication process used to access an ever-increasing number of online services such as banking or email.”
The £3m will be split five ways:
Royal Holloway University of London will study the behaviour of Android apps and develop techniques to spot cloaked malicious apps.
“You may think that the phone in your pocket is safe, but think again,” said Royal Holloway lecturer Dr Lorenzo Cavallaro. “We’re used to considering our phones as a trusted, private channel of communication, and suitable to receive authentication information to access specific online services. Unfortunately, this information can be leaked or abused by colluding malware if the mobile device is infected.”
Colluding is to be studied by a team spread across City University London, Coventry University, and Swansea University.
“The team will develop new techniques to detect colluding apps and will curtail the threat before it becomes widespread,” said EPSRC.
By design, Android is ‘open’ in its flexibility to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sand-boxing, and permissions. These restrictions can be by-passed without the user noticing by colluding apps whose combined permissions allow them to carry out attacks that neither app could carry out alone.
“Currently almost all academic and industry efforts are focusing on single malicious apps; almost no attention has been given to colluding apps. Existing antivirus products are not designed to detect collusion,” said project leader Professor Tom Chen.
Both the above teams are partnering with McAfee, which will give researchers access to a library of safe apps and will assist in analysing malware so their behaviours can be tested.
“We’re up against really sophisticated malware – some even used by nation states for spying,” said McAfee principal architect Dr Igor Muttik. “Attackers are well aware of the technology involved in detecting and tracking them. These cybercriminals often take an industrial approach to malware; they try to maximise their benefits from it. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate.”
The rest goes to three teams researching the UK-wide cyber-security. The five projects sharing £3m are:
|Mobsec: Malware and Security in the Mobile Age||Royal Holloway, University of London with partners, McAfee, a division of Intel Security.||Dr L Cavallaro|
|App Collusion Detection||City University London, Coventry University, Swansea University with partners, McAfee, a division of Intel Security.||Professor Tom Chen|
|CIPART: Cloud Intelligent Protection at Run-Time||Imperial College London||Dr E C Lupu|
|Bayesian Analysis of Competing Cyber Hypotheses||University of Liverpool||Professor S Maskell|
|Robustness-as-evolvability: building a dynamic control plane with Software-Defined Networking||University of Birmingham, University of Edinburgh||Dr S NagarajaDr D Aspinall|