Skip to main content
Springer Nature Link
Log in

Using ontologies to perform threat analysis and develop defensive strategies for mobile security

  • Published:
Information Technology and Management Aims and scope Submit manuscript

Abstract

Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Protégé platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

References

  1. Jacob G, Debar H, Filiol E (2008) Behavioral detection of malware: from a survey towards an established taxonomy. J Comput Virol 4:251–266

    Article  Google Scholar 

  2. Bayne J (2012) An overview of threat and risk assessment. SANS Institute. http://www.sans.org/reading_room/whitepapers/auditing/overview-threat-risk-assessment_76. Accessed 14 Jan 2010

  3. Mitre Corporation (2011) Common vulnerabilities and exposures. http://www.cve.mitre.org. Accessed 8 Jan 2012

  4. NIST (2012) NVD (national vulnerability database). http://nvd.nist.gov/. Accessed 21 Sep 2012

  5. Sheyner O (2004) Scenario graphs and attack graphs. PhD thesis, Carnegie Mellon University

  6. Schneier B (1999) Attack trees: modeling security threats. Dr. Dobbs’ Journal. Retrieved from http://www.counterpane.com/attacktrees-ddj-ft.html

  7. Edge KS, Dalton II GC, Raines RA, Mills RF (2007) Using attack and protection trees to analyze threats and defenses to homeland security (MILCOM), pp 1–7

  8. Roy A, Kim D, Trivedi KS (2010) Cyber security analysis using attack countermeasure trees. In CSIIRW’10, April 21–23

  9. Clausing J (2009) Building an automated behavioral malware analysis environment using open source software. SANS Institute Reading Room

  10. Truman Sandbox (2013). http://www.secureworks.com/cyber-threat-intelligence/tools/truman/. Accessed 19 Mar 2012

  11. Stewart J (2006) Behavioural malware analysis using Sandnets. Comput Fraud Secur 2006(12):4–6

  12. Willems C, Holz T, Freiling F (2007) Toward automated dynamic malware analysis using CWSandbox. IEEE Secur Priv 5(2):32–39

    Article  Google Scholar 

  13. Blasing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak S (2010) An android application sandbox system for suspicious software detection. In 5th international conference of malicious and unwanted software (MALWARE)

  14. Honeynet Project (2012) DroidBox. http://www.honeynet.org/gsoc/slot11

  15. Marianne L (1987) The knowledge acquisition grid: a method for training knowledge engineers. Int J Man Mach Stud 26(2):245–255

    Article  Google Scholar 

  16. Berners-Lee T (1998) Semantic web roadmap. W3C design issues

  17. Noy NF, Hafner CD (1997) The state of the art in ontology design: a survey and comparative review. AI Mag 18(3):53–74

    Google Scholar 

  18. Noy NF, McGuinness DL (2001) Ontology development 101: a guide to creating your first ontology. Technical report KSL-01-05, Stanford Knowledge Systems Laboratory

  19. Uschold M, Grueninger M (1996) Ontologies: principles, methods and applications. Knowl Eng Rev 11(2):93–155

    Article  Google Scholar 

  20. Lee CS, Wang MH (2009) Ontology-based computational intelligent multi-agent and its application to CMMI assessment. Appl Intell 30(3):203–219

    Article  Google Scholar 

  21. Simmonds A, Sandilands P, Ekert LV (2003) An ontology for network security attacks, RAID 2003, LCNS 2820. Springer, Heidelberg

  22. Grit D, Lalana K, Tim F, Massimo P (2003) Security for DAML web services: annotation and matchmaking. In Proceedings of second international semantic web conference, September

  23. Weavor N, Paxson V, Staniford S, Cunningham R (2003) A taxonomy of computer worms. UC Berkeley, ICSI, Silicon Defense, MIT Lincoln Laboratory

  24. Dagon D, Gu G, Zou C, Grizzard J, Dwivedi S, Lee W, Lipton R (2006) A taxonomy of botnets. Georgia Institute of technology, University of Central Florida, Orlando, FL.

  25. Lee CS, Jian ZW, Huang LK (2005) A fuzzy ontology and its application to news summarization. IEEE Trans Syst Man Cybern Part B 35(5):859–880

    Article  Google Scholar 

  26. Huang HD, Chuang TY, Tsai YL, Lee CS (2010) Ontology-based intelligent system for malware behavioral analysis. In: 2010 IEEE international conference on fuzzy systems (FUZZ 2010), 1–6, July, 18–23, Barcelona, Spain

  27. Huang HD, Lee CS, Kao HY, Tsai YL, Chang JG (2011) Malware behavioral analysis system: TWMAN, 2011 IEEE symposium on intelligent agent (IA), Paris, France, pp 1–8

  28. Rauzy A (1993) New algorithms for fault tree analysis. Reliab Eng Syst Saf 40(3):203–211

    Article  Google Scholar 

  29. Kordy B, Mauw S, Radomirovic S, Schweitzer P (2010) Foundations of attack–defense trees, LNCS 2010. Springer, Heidelberg. http://satoss.uni.lu/members/barbara/papers/adt.pdf. Accessed 11 March 2012

  30. Wikipedia (2013) Mobile security. https://www.google.com.tw/#q=mobile+security+WIKI. Accessed 27 Nov 2013

  31. Farahmand F, Navathe BS, Sharp PG, Enslow HP (2005) A management perspective on risk of security threats to information systems. Inf Technol Manag 6(2–3):203–225

    Article  Google Scholar 

  32. Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Inf Technol Manag 11(1):7–23

    Article  Google Scholar 

  33. Wang P, Chao KM, Lo CC (2013) A novel threat and risk assessment mechanism for security controls in service management. In: IEEE international conference on e-business engineering (ICEBE 2013), pp 11–13

  34. Isograph (2010) AttackTree+. http://www.isograph.com/software/attacktree/. Accessed 9 Apr 2011

  35. International Organization for Standardization (2008) ISO/IEC 27005: 2008 information technology—security techniques—information security risk management

  36. Desnos A, Androguard (2013). http://code.google.com/p/androguard/wiki/Usage. Accessed 21 May 2013

  37. Mannila H, Toivonen H, Verkamo IA (1997) Discovery of frequent episodes in event sequences. Data Min Knowl Discov 1(3):259–289

    Article  Google Scholar 

  38. Cincotti A, Cutello V, Pappalardo F (2003) An ant algorithm for the weighted minimum hitting set problem. In: 2003 IEEE swarm intelligence symposium (SIS), pp 24–26

  39. Bulysheva L, Bulyshev A (2012) Segmentation modeling algorithm: a novel algorithm in data mining. Inf Technol Manag 13(4):263–271

    Article  Google Scholar 

  40. Jacks T, Palvia P (2013) SMeasuring value dimensions of IT occupational culture: an exploratory analysis. Inf Technol Manag. doi:10.1007/s10799-013-0170-0

    Google Scholar 

  41. Stanford University (2002) Protégé. http://protege.stanford.edu. Accessed 19 Oct 2011

  42. Symantec (2009) Zeus: king of the bots (PDF). https://www.google.com.tw/search?hl=zh-TW&rlz=1T4MXGB_zh-TWTW511TW512&q=King+of+the+Bots&oq=King+of+the+Bots. Accessed 27 Jan 2012

  43. Stevens K, Jackson D (2010) Zeus banking Trojan report. http://www.secureworks.com/research/threats/Zeus/?threat=Zeus. Accessed 08 Oct 2011

Download references

Acknowledgments

This work was supported partly by National Science Council under the Grant Nos. 103-2627-E-168-001, 103-N-358-NSC-R-040 and NSC 102-2218-E-168-044.

Author information

Authors and Affiliations

  1. Department of Information Management, Kun Shan University, No. 195, Kun Da Rd., Yongkang District, Tainan County, 710, Taiwan

    Ping Wang & Yu-Shih Wang

  2. School of MIS, Coventry University, Coventry, UK

    Kuo-Ming Chao

  3. Institute of Information Management, National Chiao Tung University, Hsinchu, Taiwan

    Chi-Chun Lo

Authors
  1. Ping Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Kuo-Ming Chao
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Chi-Chun Lo
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Yu-Shih Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Ping Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, P., Chao, KM., Lo, CC. et al. Using ontologies to perform threat analysis and develop defensive strategies for mobile security. Inf Technol Manag 18, 1–25 (2017). https://doi.org/10.1007/s10799-014-0213-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10799-014-0213-1

Keywords