Top

International Journal of Information Security

Published in:

03-06-2016 | Regular Contribution

ADroid: anomaly-based detection of malicious events in Android platforms

Authors: A. Ruiz-Heras, P. García-Teodoro, L. Sánchez-Casado

Published in: International Journal of Information Security | Issue 4/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

As mobile devices become more and more adopted by users for daily personal and professional activities, associated security risks and impact to them also increase. Although there are a number of proposals aimed at fighting against such incidents, the topic still remains challenging. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, application-related and communication-related features. Second, a lightweight anomaly-based detection procedure is performed over these features in order to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists to indicate in an easy way certain allowed/undesired activities which, if so, should trigger an alarm by the supervision system. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and the resources consumption involved in its operation show the goodness and promising capabilities of the system.

previous article Stateful Data Usage Control for Android Mobile Devices

next article Network-based detection of Android malicious apps

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

This ‘complexity’ refers to the detection phase only since: (a) the training phase does not necessarily have to take place on the mobile device itself, and, even if so, (b) its impact will be relative since this stage is usually just carried out once at the beginning.

It is remarkable that it is not necessary to root the device to run ADroid since no special permissions or actions are required beyond those specified in the associated AndroidManifest.xml file.

IDC: Worldwide Quarterly Smart Connected Device Tracker. International Data Corporation. https://www.idc.com/tracker/showproductinfo.jsp?prod_id=655. Accessed August 2015

Svajcer, V.: Sophos Mobile Security Threat Report. In: Mobile World Congress. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report. Accessed October 2014

Kaspersky: Kaspersky Security Bulletin 2013. http://media.kaspersky.com/pdf/KSB_2013_EN. Accessed October 2014

Mansfield-Devine, S.: Android architecture: attacking the weak points. In: Network Security, no. 10, pp. 5–12 (2012)

La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)CrossRef

Suárez, G., Tapiador, J.E., Peris, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)CrossRef

Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014)MathSciNetCrossRef

García-Teodoro, P., Díaz-Verdejo, J.E., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28, 18–28 (2009)CrossRef

Sato, R., Chiba, D., Goto, S.: Detecting Android malware by analyzing manifest files. Proc. Asia Pac. Adv. Netw. 36, 23–31 (2013)CrossRef

10.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638 (2011)

11.

Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 239–252 (2011)

12.

Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th Annual Symposium on Network and Distributed System Security (NDSS) (2012)

13.

Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 317–326 (2012)

14.

Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.:. Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the International Conference on Mobile Systems, Applications, and Services (MOBISYS), pp. 281–294 (2012)

15.

Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 393–407 (2010)

16.

Arp, D., Spreitzenbarth, M., Hbner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security (NDSS), pp. 23–26 (2014)

17.

Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 209–220 (2013)

18.

Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38, 161–190 (2012)CrossRef

19.

Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a Multi-level anomaly detector for Android malware. In: Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 240–253 (2012)

20.

Burguera, I., Zurutuza, U., Nadijm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)

21.

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), vol. 127, pp. 86–103 (2013)

22.

Sánchez-Casado, L., Maciá-Fernández, G., García-Teodoro, P., Magán-Carriń, R.: A model of data forwarding in MANETs for lightweight detection of malicious packet dropping. Comput. Netw. 87, 44–58 (2015)CrossRef

23.

Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. In: 22nd Annual Network and Distributed System Security Symposium (NDSS), pp. 1–15 (2015)

24.

Penning, N., Hoffman, M., Nikolai, J., Yong, W.: Mobile malware security challenges and cloud-based detection. In: International Conference on Collaboration Technologies and Systems (CTS), pp. 181–188 (2014)

25.

Jadhav, S., Dutia, S., Calangutkar, K., Tae, O., Young, H.K., Joeng, N.K.: Cloud-based Android botnet malware detection system. In: 17th International Conference on Advanced Communication Technology (ICACT), pp. 347–352 (2015)

26.

Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX Conference on Security, pp. 22–37 (2011)

27.

Sun, S.T., Cuadros. A., Beznosov, K.: Android rooting: methods, detection, and evasion. In: Proceedings of the 5th. Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 3–14 (2015)

28.

http://contagiodump.blogspot.com.es

29.

http://www.kernelmode.info/forum

Title: ADroid: anomaly-based detection of malicious events in Android platforms
Authors: A. Ruiz-Heras
P. García-Teodoro
L. Sánchez-Casado
Publication date: 03-06-2016
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 4/2017
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-016-0333-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2017

HiveSec: security in resource-constrained wireless networks inspired by beehives and bee swarms

Network-based detection of Android malicious apps

Stateful Data Usage Control for Android Mobile Devices

TermID: a distributed swarm intelligence-based approach for wireless intrusion detection

Designing vulnerability testing tools for web services: approach, components, and tools

Premium Partner