Manoj Singh Gaur

Rishika Kohli, Shaifu Gupta, Manoj Singh Gaur

User profiling, the practice of collecting user information for personalized recommendations, has become widespread, driving progress in technology. However, this growth poses a threat to user privacy, as devices often collect sensitive data without their owners' awareness. This article aims to consolidate knowledge on user profiling, exploring various approaches and associated challenges. Through the lens of two companies sharing user data and an analysis of 18 popular Android applications in India across various categories, including $\textit{Social, Education, Entertainment, Travel, Shopping and Others}$, the article unveils privacy vulnerabilities. Further, the article propose an enhanced machine learning framework, employing decision trees and neural networks, that improves state-of-the-art classifiers in detecting personal information exposure. Leveraging the XAI (explainable artificial intelligence) algorithm LIME (Local Interpretable Model-agnostic Explanations), it enhances interpretability, crucial for reliably identifying sensitive data. Results demonstrate a noteworthy performance boost, achieving a $75.01\%$ accuracy with a reduced training time of $3.62$ seconds for neural networks. Concluding, the paper suggests research directions to strengthen digital security measures.

Rishika Kohli, Shaifu Gupta, Manoj Singh Gaur

There are many approaches in mobile data ecosystem that inspect network traffic generated by applications running on user's device to detect personal data exfiltration from the user's device. State-of-the-art methods rely on features extracted from HTTP requests and in this context, machine learning involves training classifiers on these features and making predictions using labelled packet traces. However, most of these methods include external feature selection before model training. Deep learning, on the other hand, typically does not require such techniques, as it can autonomously learn and identify patterns in the data without external feature extraction or selection algorithms. In this article, we propose a novel deep learning based end-to-end learning framework for prediction of exposure of personally identifiable information (PII) in mobile packets. The framework employs a pre-trained large language model (LLM) and an autoencoder to generate embedding of network packets and then uses a triplet-loss based fine-tuning method to train the model, increasing detection effectiveness using two real-world datasets. We compare our proposed detection framework with other state-of-the-art works in detecting PII leaks from user's device.

Vineeta Jain, Vijay Laxmi, Manoj Singh Gaur et al.

In this paper, we demonstrate a realistic variant of wireless Evil Twins (ETs) for launching device to device (D2D) attacks over the network, particularly for Android. We show an attack where an ET infects an Android device before the relay of network traffic through it, and disappears from the network immediately after inflicting the device. The attack leverages the captive portal facility of wireless networks to launch D2D attack. We configure an ET to launch a malicious component of an already installed app in the device on submission of the portal page. In this paper, we present an online, incremental, automated, fingerprinting based pre-association detection mechanism named as ETGuard which works as a client-server mechanism in real-time. The fingerprints are constructed from the beacon frames transmitted by the wireless APs periodically to inform client devices of their presence and capabilities in a network. Once detected, ETGuard continuously transmits deauthentication frames to prevent clients from connecting to an ET. ETGuard outperforms the existing state-of-the-art techniques from various perspectives. Our technique does not require any expensive hardware, does not modify any protocols, does not rely on any network specific parameters such as Round Trip Time (RTT), number of hops, etc., can be deployed in a real network, is incremental, and operates passively to detect ETs in real-time. To evaluate the efficiency, we deploy ETGuard in 802.11a/b/g wireless networks. The experiments are conducted using 12 different attack scenarios where each scenario differs in the source used for introducing an ET. ETGuard effectively detects ETs introduced either through a hardware, software, or mobile hotspot with high accuracy, only one false positive scenario, and no false negatives.

Shweta Bhandari, Wafa Ben Jaballah, Vineeta Jain et al.

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through collusion. In collusion malicious functionality is divided across multiple apps. Each participating app accomplish its part and communicate information to another app through Inter Component Communication (ICC). ICC do not require any special permissions. Also, there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey augments this through focusing only on collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for a possible collusion attack. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra and inter-app analysis. To the best of our knowledge this is the first survey on app collusion and state-of-the-art detection tools in Android.

Gaurav Somani, Manoj Singh Gaur, Dheeraj Sanghi et al.

Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as these issues affect budget, resource management, and service quality. Distributed Denial of Service (DDoS) attack is one such serious attack in the cloud space. In this paper, we present developments related to DDoS attack mitigation solutions in the cloud. In particular, we present a comprehensive survey with a detailed insight into the characterization, prevention, detection, and mitigation mechanisms of these attacks. Additionally, we present a comprehensive solution taxonomy to classify DDoS attack solutions. We also provide a comprehensive discussion on important metrics to evaluate various solutions. This survey concludes that there is a strong requirement of solutions, which are designed keeping utility computing models in mind. Accurate auto-scaling decisions, multi-layer mitigation, and defense using profound resources in the cloud, are some of the key requirements of the desired solutions. In the end, we provide a definite guideline on effective solution building and detailed solution requirements to help the cyber security research community in designing defense mechanisms. To the best of our knowledge, this work is a novel attempt to identify the need of DDoS mitigation solutions involving multi-level information flow and effective resource management during the attack.