The Road to Hell is Paved with Good Intensions

A former colleague, a talented and accomplished user experience professional, recently wrote excitedly of her intension to attend an upcoming UX conference. It was a bit of a throwaway line, likely written in haste, but made in a public forum for consumption by contemporaries and customers alike. Her meaning was clear; the cringe from at least some in her audience equally so. Continue reading

How 1 Million App Calls can Tell you a Bit About Malware – Part 1

Recently, I collaborated with a number of researchers from the Software Systems Laboratory of Columbia University, on a study regarding POSIX (Portable Operating System Interface) abstractions. In a nutshell, we measured how and to what extent traditional POSIX abstractions are being used in modern operating systems, and whether new abstractions are taking form, dethroning traditional ones. The results of this study were presented at the 11th European Conference on Computer Systems (EuroSys ’16).

In one of our experiments, we examined which POSIX calls are used by both benign Android applications (~1 million) coming from the Google Play Store, and malicious Android applications (1260) taken from a well-known dataset. The popularity of POSIX calls between the benign and malicious applications can be seen in Figure 1. An interesting observation involves outliers illustrating that there are POSIX interfaces which are popular only for malicious applications. Table 1, presents a set of indicative abstractions that are popular among malicious apps and unpopular among benign ones.

StaticAnalysisMalicious

Figure 1: Comparing the popularity of POSIX calls between benign Google Play applications and malicious applications (taken from a popular dataset). There are some outliers identifying POSIX calls, which are popular only for malicious applications.

table1

Table 1: Popular POSIX abstractions among malicious applications (and at the same time unpopular among benign ones).

We attempted to create a simple filter that identifies potentially malicious applications based on the three most unpopular abstractions among benign applications and at the same time popular among malicious ones. In particular, we checked if an application uses at least one of the following abstractions: ptsname, unlockpt (two pseudo-terminal functions – malicious application developers are most likely attempting to exploit interfaces known to be old, poorly maintained, and buggy) and setsid. We checked our filter against a set of applications taken from the Google Play store (465000). Our initial findings though, were not significant. Specifically, our filter indicated that 1633 applications were suspicious. To validate our result, we checked these applications against the 54 antiviruses provided by the VirusTotal service. To achieve this, we used the framework that I presented in my previous blog post. We found that 413 (25.29%) of them are potentially malicious. Furthermore, Figure 2 indicates that in most cases only one antivirus issued an alarm, which is probably a false positive.

In my next post I will discuss about a more robust filter based on binary classifier and also about potentially malicious applications that include obfuscated libraries.

Figure 2: Potentially Malicious Applications found on Google Play Store. The identification was based on a simple filter that involved the three most unpopular POSIX abstractions among benign applications and at the same time popular among malicious ones.

Figure 2: Potentially Malicious Applications found on Google Play Store. The identification was based on a simple filter that involved the three most unpopular POSIX abstractions among benign applications and at the same time popular among malicious ones.

Diving into IBM’s Quantum Experience through your Browser

People tend to stay away when they hear the word “Quantum Computing”. The word itself gives the feeling that it targets scientists or physics researchers, but not your average person scrolling down in their newsfeed. However, quantum computing increasingly becomes more mature to kill its reputation as a hard field. Understanding quantum computing requires as much imagination as math or physics knowledge. In this post, I’m going to briefly spark your imagination about the next generation of computers and give you a glimpse of how IBM makes the experience accessible through your web browser; not access-restricted physics labs.

What is Quantum Computing?

Perhaps you are reading this blog post from your desktop, laptop, tablet or smartphone. All of these devices run on a traditional computer (or what we call: classical computer). Every piece of tech gadget you are using nowadays uses the concepts of classical computing. But what are classical computers and how are they different from quantum computers?  Continue reading

Presentation smells: How not to prepare your conference presentation

Recently, I was in Austin, Texas to attend ICSE (International Conference on Software Engineering) and MSR (Mining Software Repositories) conferences. The authors presented excellent papers on a variety of topics concerning software engineering. Despite their excellent technical content, I was discontented by the presentation skills exhibited by some of the authors. It’s not only the students, but even some of the experienced researchers gave not so exciting presentations. Continue reading

My Diary on the “The Hour of Code”

So what is Hour of Code? The Hour of Code is a global movement with a one-hour introduction to computer science, designed to demystify code, showing that anybody can learn the basics! Anyone anywhere can organize an Hour of Code event. No age limitations. No experience needed. By now, almost 1203 Hour of Code events were conducted in India. It is held every year from 7th Dec to 13th Dec. Continue reading