Threat Assessment for Android Environment with Connectivity to IoT from the Perspective of SA

“

Many studies have focused on the detection of these malicious applications, and their accuracy and efficiency are approaching commercialization. However, there is a limit to utilize the detected result of a malicious application for decision-making from the manager's point of view. Also, existing risk assessment studies are concentrated on owning assets, so there are limitations that simplify the threat, and there are few studies evaluating threats in connection with research on threat detection through machine learning. This study proposes a method to extend and assess threat detection using machine learning for applications installed in the Android OS. The proposed scheme is Malware Awareness (Level 1) aimed at detecting malicious behavior for Android application, Threat Awareness (Level 2) for rating it, and Decision-Making Awareness (Level 3) for optimizing threat class. The reasons for approaching from the viewpoint of SA are also related to CTI which is a recent issue. The availability of CTI is an essential element of threat assessment. The TARA developed by MITER also emphasizes the ability to identify countermeasures through threat assessment. In addition, cyber-SA framework research from the “Cybaware” project has resulted in an asset, configuration, impact, threat, and visualization as key areas of research . In particular, the threat area has identified and evaluated the types of attackers (TTP, Tactics/Techniques/Procedures) and objectives and developed countermeasures as research results. Therefore, the proposed approach can contribute to threat detection, production, measurement, and evaluation of CTI in the security field.

”