Yajin Zhou,Xuxian Jiang

DOI: https://doi.org/10.1109/sp.2012.16

2012-01-01

Abstract:The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Bela Amro

DOI: https://doi.org/10.48550/arXiv.1801.02837

2018-01-09

Cryptography and Security

Abstract:Mobile devices have become very popular nowadays, due to its portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In this paper, analysis of different malware detection techniques used for mobile operating systems is provides. The focus of the analysis will be on the to two competing mobile operating systems - Android and iOS. Finally, an assessment of each technique and a summary of its advantages and disadvantages is provided. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.

Suhaib Jasim Hamdi,Naaman Omar,Adel AL-zebari,Karwan Jameel Merceedi,Abdulraheem Jamil Ahmed,Nareen O. M. Salim,Sheren Sadiq Hasan,Shakir Fattah Kak,Ibrahim Mahmood Ibrahim,Hajar Maseeh Yasin,Azar Abid Salih

DOI: https://doi.org/10.9734/ajrcos/2021/v11i330266

2021-09-07

Asian Journal of Research in Computer Science

Abstract:Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. Android is now the world's most popular OS. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices, they are incorporated in many aspects of our everyday lives. In today’s digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. Android OS, which is the most prevalent operating system (OS), has enjoyed immense popularity for smart phones over the past few years. Seizing this opportunity, cybercrime will occur in the form of piracy and malware. Traditional detection does not suffice to combat newly created advanced malware. So, there is a need for smart malware detection systems to reduce malicious activities risk. The present paper includes a thorough comparison that summarizes and analyses the various detection techniques.

Mohammad Ghafari,Pascal Gadient,Oscar Nierstrasz

DOI: https://doi.org/10.1109/SCAM.2017.24

2020-06-02

Abstract:The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to proliferate. Research has shown that many vulnerabilities are due to insecure programming practices. However, each study has often dealt with a specific issue, making the results less actionable for practitioners. To promote secure programming practices, we have reviewed related research, and identified avoidable vulnerabilities in Android-run devices and the "security code smells" that indicate their presence. In particular, we explain the vulnerabilities, their corresponding smells, and we discuss how they could be eliminated or mitigated during development. Moreover, we develop a lightweight static analysis tool and discuss the extent to which it successfully detects several vulnerabilities in about 46,000 apps hosted by the official Android market.

Cryptography and Security,Software Engineering

Shuying Liang,Matthew Might,David Van Horn

DOI: https://doi.org/10.1016/j.entcs.2015.02.002

2015-02-01

Electronic Notes in Theoretical Computer Science

Abstract:Today's mobile platforms provide only coarse-grained permissions to users with regard to how third-party applications use sensitive private data. Unfortunately, it is easy to disguise malware within the boundaries of legitimately-granted permissions. For instance, granting access to “contacts” and “internet” may be necessary for a text-messaging application to function, even though the user does not want contacts transmitted over the internet. To understand fine-grained application use of permissions, we need to statically analyze their behavior. Even then, malware detection faces three hurdles: (1) analyses may be prohibitively expensive, (2) automated analyses can only find behaviors that they are designed to find, and (3) the maliciousness of any given behavior is application-dependent and subject to human judgment. To remedy these issues, we propose semantic-based program analysis, with a human in the loop as an alternative approach to malware detection. In particular, our analysis allows analyst-crafted semantic predicates to search and filter analysis results. Human-oriented semantic-based program analysis can systematically, quickly and concisely characterize the behaviors of mobile applications. We describe a tool that provides analysts with a library of the semantic predicates and the ability to dynamically trade speed and precision. It also provides analysts the ability to statically inspect details of every suspicious state of (abstract) execution in order to make a ruling as to whether or not the behavior is truly malicious with respect to the intent of the application. In addition, permission and profiling reports are generated to aid analysts in identifying common malicious behaviors.

English Else

Xiao-Chuan MIAO,Rui WANG,Lei XU,Wei-Feng ZHANG,Bao-Wen XU

DOI: https://doi.org/10.13328/j.cnki.jos.005177

2017-01-01

Abstract:Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).

Xiaoyu Sun

DOI: https://doi.org/10.48550/arXiv.2302.07467

2023-02-15

Abstract:Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking, etc. Even though the Android OS offers powerful communication and application execution capabilities, it is riddled with defects (e.g., security risks, and compatibility issues), new vulnerabilities come to light daily, and bugs cost the economy tens of billions of dollars annually. For example, malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are reported [Google, 2022] to exhibit malicious behaviours, including privacy stealing, unwanted programs installed, etc. To counteract these threats, many works have been proposed that rely on static analysis techniques to detect such issues. However, static techniques are not sufficient on their own to detect such defects precisely. This will likely yield false positive results as static analysis has to make some trade-offs when handling complicated cases (e.g., object-sensitive vs. object-insensitive). In addition, static analysis techniques will also likely suffer from soundness issues because some complicated features (e.g., reflection, obfuscation, and hardening) are difficult to be handled [Sun et al., 2021b, Samhi et al., 2022].

Cryptography and Security,Software Engineering

Yue BIAN,Hang DAI,De-jun MU

DOI: https://doi.org/10.3969/j.issn.1673-629X.2014.11.045

2015-01-01

Abstract:The wide use of smart phones results in a sharp increase in the number of phone malicious code,especially in recent years, phone with Android operating system dominates the smartphone market,malicious code to the Android system increases rapidly. Malicious software on mobile phones mainly collects personal privacy information such as user location,telephone calls,text messages and so on, those software may also engage in malicious payment,costing of system resources,bringing great harm to the user and cell phone system. Accurate analysis of malware behavior characteristics can provide powerful basis for the subsequent removal of malicious software. Tradi-tional malware analysis techniques include static analysis and dynamic analysis,some analysis and detection technology and its defects are introduced,analyzing the main behavior characteristic of existing Android malware from three sides,inclusive of the installation,activation and malicious load in detail.

Emre Erturk

DOI: https://doi.org/10.48550/arXiv.1504.06893

2015-04-27

Abstract:The goal of this paper is to analyze the behavior and intent of recent types of privacy invasive Android adware. There are two recent trends in this area: more financial motives instead of ego motives, and the development of more dynamic analysis tools. This paper starts with a review of Android mobile operating system security, and also addresses the pros and cons of open source operating system security. Static analysis of malware provides high quality results and leads to a good understanding as shown in this paper. However, as malware grows in number and complexity, there have been recent efforts to automate the detection mechanisms and many of the static tasks. As Android's market share is rapidly growing around the world. Android security will be a crucial area of research for IT security professionals and their academic counterparts. The upside of the current situation is that malware is being quickly exposed, thanks to open source software development tools. This cooperation is important in curbing the widespread theft of personal information with monetary value.

Cryptography and Security

Weiping WEN,Yang TANG,Li SHEN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2016.08.004

2016-01-01

Abstract:In the era of intelligent mobile terminal, because of the characteristics of openness and free of charge, Android has become one of the major operation systems on the market. However, a large number of Android viruses, Trojans and malicious software have been serious threats to the privacy and property securities of smart phone users. In the Android operation system, although it is necessary to apply the authorities to the system for sensitive operations, and there are some system modules related to authority control, malicious software can use the system vulnerabilities or third party program vulnerabilities to carry out the attack. To meet the need of Android applications sensitive behaviors detection, this paper analyzes the popular applications behaviors detection tools in the Android system, designs and implements an Android applications dynamic detection system. The system can monitor the Android applications sensitive behaviors in real time, and provides help for the detection of malicious programs.

Roman Drahuntsov,Dmytro Rabchun,Zoreslava Brzhevska

DOI: https://doi.org/10.28925/2663-4023.2020.8.4960

2020-01-01

Abstract:In this article common attack vectors on the information systems, which are based on the Android client applications, are observed, analyzed and compared. The purpose of this analysis consists in creating the theoretical base for development the practical principles of securing the architecture level of such systems. To accomplish the aims set, there was conducted the categorization of attacks and vulnerabilities specific to the Android information infrastructure and environment. There were also conducted analysis of Android application functional components and typical underlying infrastructure which have possible impact on a system security. Available data about the widespread vulnerabilities of the described elements was analyzed in context of possible exploitation. Based on the Android application usage model there were figured out several adversary models and attack vectors related to the researched information system type. Developed adversary models were formed with a focus on technical possibilities and threat abstraction. Mentioned vectors can be used by an attacker to violate the confidentiality and integrity of critical information in the system. The carried out research was used to form the characteristic comparison of the mentioned vectors and adversary models to evaluate the attack surface on the different parts of information system represented as attack vectors. As a result, we have developed the theoretical principles for securing the architecture of Android applications-driven information systems. Achieved results can be used to form the threat and adversary model, create practical recommendations for the information risk reducing practices in Android-applications driven information systems and to develop the technical requirements for security testing and development.

Seil Kim,Jae Ik Cho,Hee Won Myeong,Dong Hoon Lee

DOI: https://doi.org/10.1007/978-94-007-2792-2_50

2011-12-10

Abstract:Since mobile application market drastically extended, there have been many problems related to proliferative malicious applications that leak user’s private information stored in own smart device. In Korea, government strives to protect smart device users from these problems and to establish legal basis through ‘Privacy Act’ as a preceding step but studies on analysis models and verification tools for mobile application have not yet much developed. The purpose of this research is to suggest an analysis system to prevent propagation of harmful applications, which compromise the user’s personal information, by extracting signatures from malicious code samples detected in Android. Maliciousness of the applications has determined by learning their parsing information on the components such as DEX, Manifest, SO etc.

Noor Afiza Mohd Ariffin,Hanna Pungo Casinto

DOI: https://doi.org/10.37934/araset.33.3.8697

2023-11-09

Journal of Advanced Research in Applied Sciences and Engineering Technology

Abstract:The increase of mobile device enhancement grows. With this development, mobile phones are supporting many programs, and everyone takes advantage of them. Nevertheless, malware applications are increasing more and more so that people can come across lots of problems. Android is a mobile operating system that is the most used on smart mobile phones. Because it is the most used and open source, it has been the target of attackers. Android security is related to the permissions allowed by users to the applications. There have been many studies on permission-based Android malware detection. In this study, a permission-based Android malware system is analyzed. Unlike other studies, we propose a permission weight approach. Each of the permissions is given a different score using this approach. Then, K-nearest Neighbor (KNN) and Naïve Bayes (NB) algorithms are applied, and the proposed method is compared with the previous studies and the expected experimental results of the proposed approach will be higher.

Ruicong Huang

DOI: https://doi.org/10.48550/arXiv.2109.00805

2021-09-02

Cryptography and Security

Abstract:Due to the continuous improvement of performance and functions, Android remains the most popular operating system on mobile phone today. However, various malicious applications bring great threats to the system. Over the past few years, significant changes occured in both malwares and counter measures. Specifically, malwares are continuously evolving, and advanced approaches are adopted for more accurate detection. To keep up with the latest situation, in this paper, we conduct a wide range of analysis, including latest malwares, Android security features, and approaches. We also provide some finding when we are gathering information and carrying on experiments, which we think is useful for further researches and has not been mentioned in previous works.

Yan Zhang,Zhoujun Li,Dianfu Ma

DOI: https://doi.org/10.17706/jsw.11.7.677-684

2016-01-01

Abstract:Revealing security vulnerabilities is one of great challenges for the Android ecosystem.Static analysis is the usual approach of the security analysis for computer software.However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application systematically from the main entry point.In order to adapt to the event-driven feature of Android applications, a model guided security analysis approach for Android applications is introduced and implemented into the prototype tool MSAS.This approach builds and utilizes the Operation Security Model to guide the targeted analysis process, and then concentrate on the identified analysis surface to reduce analysis workload, thereby achieving fast analysis speed and on-demand code coverage based on the security rules.The test result shows that this approach can improve the efficiency and effect of security analysis for Android applications, and it has revealed 11 security vulnerabilities by analyzing several popular Android applications.

WEN Wei-ping,MEI Rui,NING Ge,WANG Liang-liang

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.08.011

2014-01-01

Abstract:For the Android platform security problem, a mobile client and server collaborative malware detection pro-posal was proposed, where mobile client application was mainly based on permission detection technology and imple-mented lightweight testing. The server-side detection system is mainly responsible for testing suspicious samples submit-ted by the mobile terminals, meanwhile implements the functions of software behavior analysis, signature library updates, and mobile client synchronization, etc. The server-side detection techniques include permission-based detection technol-ogy, bytecode-based static detection technology and root-based dynamic detection technology. The result of the experi-ment shows that the three detection techniques can achieve better detection results.

Rajesh Kumar,Zhang Xiaosong,Riaz Ullah Khan,Jay Kumar,Ijaz Ahad

DOI: https://doi.org/10.1145/3194452.3194465

2018-01-01

Abstract:The across the board reception of android devices and their ability to get to critical private and secret data have brought about these devices being focused by malware engineers. Existing android malware analysis techniques categorized into static and dynamic analysis. In this paper, we introduce two machine learning supported methodologies for static analysis of android malware. The First approach based on statically analysis, content is found through probability statistics which reduces the uncertainty of information. Feature extraction were proposed based on the analysis of existing dataset. Our both approaches were used to high-dimension data into low-dimensional data so as to reduce the dimension and the uncertainty of the extracted features. In training phase the complexity was reduced 16.7% of the original time and detect the unknown malware families were improved.

Futai Zou,Siyu Zhang,Tianqi Wan,Li Pan

DOI: https://doi.org/10.1049/ic.2014.0155

2014-01-01

Abstract:Mobile devices have become high-value attacked targets since they contain numerous private or business information. Android, the most popular mobile computing platform, also known for its openness, is facing various threats from system vulnerabilities to malicious applications. After analyzing Android's security model and threat, we summarize the technic possibility for remote or physical attacks, privacy stealing, communication hijacking and malware C&C. According to these threatens, research progress in malware detection technologies and systems strengthening methods is also reviewed.

Zhenyu Cheng,Xunxun Chen,Yongzheng Zhang,Shuhao Li,Yafei Sang

DOI: https://doi.org/10.1109/nas.2017.8026853

2017-01-01

Abstract:With the widespread use of smartphones, more and more malicious attacks happen with information leakage from apps installed on users' devices. The adversary always uses a malware as the client to take remote control of smartphones, and leverages the vulnerability of operation systems to send back the collected information without users' permissions. All the information has to be transferred by network traffic. In this paper, we consider that different apps maybe generate different network flows by different operations, and the "shapes" of the benign flows and malicious ones will be diverse. Thus we propose a detection model based on the analysis of relationships between behavior patterns and network flows, which achieves our goal by using the Random Forest machine learning algorithm to classify the network flows into benign or malicious. To further improve the controllability of the experiment, we design an app called Moledroid to simulate malwares by uploading the user's privacy without authorization, in addition, we can change the behavior pattern of the app to complete our evaluation. Finally, we run this app and several benign apps to generate traffic to detect the malicious network flows, and it shows that our detection model can achieve precision and accuracy higher than 95%, which demonstrates that our model is suitable for detecting the network flows of information theft.

Irina Măriuca Asăvoae,Jorge Blasco,Thomas M. Chen,Harsha Kumara Kalutarage,Igor Muttik,Hoang Nga Nguyen,Markus Roggenbach,Siraj Ahmed Shaikh

DOI: https://doi.org/10.1007/978-3-319-59439-2_3

2017-01-01

Abstract:Malware has been a major problem in desktop computing for decades. With the recent trend towards mobile computing, malware is moving rapidly to smartphone platforms. “Total mobile malware has grown 151% over the past year”, according to McAfee®’s quarterly treat report in September 2016. By design, AndroidTM is “open” to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps for which combined permissions allow them to carry out attacks. In this chapter we report on recent and ongoing research results from our ACID project which suggest a number of reliable means to detect collusion, tackling the aforementioned problems. We present our conceptual work on the topic of collusion and discuss a number of automated tools arising from it.