nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Signature Based Malicious Behavior Detection in Android

verfasst von : Vikas Sihag, Ashawani Swami, Manu Vardhan, Pradeep Singh

Erschienen in: Computing Science, Communication and Security

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

User’s security and privacy are of increasing concern with the popularity of Android and its applications. Apps of malicious nature attempts to perform activities like information leakage and user profiling, detection of which is a challenge for security researchers. In this paper, we try to solve this problem by proposing a behavior based approach to detect malicious nature of applications in Android. Events and behavioral activities of an application are used to generate signature, which then is matched with signature database for detection. Behavioral signatures are designed on the basis of information leakage attempt, jailbreak attempt, abuse of root privilege and access of critical permissions. 260 popular apps of different nature were evaluated in addition to 42 android apps, which were flagged malicious by Government of India. The proposed system shows promising results to detect malicious behaviors. It also defines the nature of malicious activity exploited by an app.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Coordinator Controller Election Algorithm to Provide Failsafe Through Load Balancing in Distributed SDN Control Plane

Nächstes Kapitel A Method for Malware Detection in Virtualization Environment

Bhandari, S., Panihar, R., Naval, S., Laxmi, V., Zemmari, A., Gaur, M.S.: Sword: semantic aware Android malware detector. J. Inf. Secur. Appl. 42, 46–56 (2018). https://doi.org/10.1016/j.jisa.2018.07.003CrossRef

Bhatia, T., Kaushal, R.: Malware detection in Android based on dynamic analysis. In: 2017 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–6. IEEE (2017). https://doi.org/10.1109/CyberSecPODS.2017.8074847

Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, pp. 225–238 (2008). https://doi.org/10.1145/1378600.1378626

Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011). https://doi.org/10.1145/2046614.2046619

Cai, H., Meng, N., Ryder, B., Yao, D.: DroidCat: effective Android malware detection and categorization via app-level profiling. IEEE Trans. Inf. Foren. Secur. 14(6), 1455–1470 (2018). https://doi.org/10.1109/TIFS.2018.2879302CrossRef

Dash, S.K., et al.: DroidScribe: classifying Android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016). https://doi.org/10.1109/SPW.2016.25

Doulamis, A., Pelekis, N., Theodoridis, Y.: Easytracker: an Android application for capturing mobility behavior. In: 16th Panhellenic Conference on Informatics, pp. 357–362. IEEE (2012). https://doi.org/10.1109/PCi.2012.22

Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for Android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 1011–1015. IEEE (2011). https://doi.org/10.1109/CIS.2011.226

Jang, J.W., Yun, J., Woo, J., Kim, H.K.: Andro-profiler: anti-malware system based on behavior profiling of mobile malware. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 737–738 (2014). https://doi.org/10.13089/JKIISC.2014.24.1.145

10.

Kong, D., Cen, L., Jin, H.: Autoreb: automatically understanding the review-to-behavior fidelity in Android applications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 530–541 (2015). https://doi.org/10.1145/2810103.2813689

11.

Kong, D., Jin, H.: Towards permission request prediction on mobile apps via structure feature learning. In: Proceedings of the 2015 SIAM International Conference on Data Mining, pp. 604–612. SIAM (2015). https://doi.org/10.1137/1.9781611974010.68

12.

Lindorfer, M., Neugschwandtner, M., Platzer, C.: Marvin: efficient and comprehensive mobile app classification through static and dynamic analysis. In: 2015 IEEE 39th Annual Computer Software and Applications Conference, vol. 2, pp. 422–433. IEEE (2015). https://doi.org/10.1109/COMPSAC.2015.103

13.

Ma, W., Duan, P., Liu, S., Gu, G., Liu, J.C.: Shadow attacks: automatically evading system-call-behavior based malware detection. J. Comput. Virol. 8(1–2), 1–13 (2012). https://doi.org/10.1007/s11416-011-0157-5CrossRef

14.

Mas’ ud, M.Z., Sahib, S., Abdollah, M.F., Selamat, S.R., Yusof, R.: Analysis of features selection and machine learning classifier in Android malware detection. In: 2014 International Conference on Information Science & Applications (ICISA), pp. 1–5. IEEE (2014). https://doi.org/10.1109/ICISA.2014.6847364

15.

Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based Android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15(1), 83–97 (2016). https://doi.org/10.1109/TDSC.2016.2536605CrossRef

16.

Statista: Mobile Operating Systems’ Market Share Worldwide from January 2012 to December 2019. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/

17.

Statista: Number of Apps Available in Leading App Stores as of 4th Quarter 2019. https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/

18.

Sun, M., Lui, J.C.S., Zhou, Y.: Blender: self-randomizing address space layout for Android apps. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 457–480. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_21CrossRef

19.

Sun, M., Wei, T., Lui, J.C.: Taintart: a practical multi-level information-flow tracking system for Android runtime. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 331–342 (2016). https://doi.org/10.1145/2976749.2978343

20.

Sun, M., Zheng, M., Lui, J.C., Jiang, X.: Design and implementation of an Android host-based intrusion prevention system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 226–235 (2014). https://doi.org/10.1145/2664243.2664245

21.

Team, K.: Malicious Android app had more than 100 million downloads in google play. https://www.kaspersky.com/blog/camscanner-malicious-android-app/28156

22.

Wang, W., et al.: Constructing features for detecting Android malicious applications: issues, taxonomy and directions. IEEE Access 7, 67602–67631 (2019). https://doi.org/10.1109/ACCESS.2019.2918139CrossRef

23.

Wang, X., Sun, K., Wang, Y., Jing, J.: DeepDroid: dynamically enforcing enterprise policy on Android devices. In: NDSS (2015). https://doi.org/10.14722/ndss.2015.23263

24.

Wu, W.C., Hung, S.H.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems, pp. 247–252 (2014). https://doi.org/10.1145/2663761.2664223

25.

Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on Android. IEEE Trans. Inf. Foren. Secur. 11(6), 1252–1264 (2016). https://doi.org/10.1109/TIFS.2016.2523912CrossRef

26.

Zhang, H., Luo, S., Zhang, Y., Pan, L.: An efficient Android malware detection system based on method-level behavioral semantic analysis. IEEE Access 7, 69246–69256 (2019). https://doi.org/10.1109/ACCESS.2019.2919796CrossRef

27.

Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware Android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1105–1116 (2014). https://doi.org/10.1145/2660267.2660359

Titel: Signature Based Malicious Behavior Detection in Android
verfasst von: Vikas Sihag
Ashawani Swami
Manu Vardhan
Pradeep Singh
Verlag: Springer Singapore
Buch: Computing Science, Communication and Security
Print ISBN: 978-981-15-6647-9

Electronic ISBN: 978-981-15-6648-6

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-981-15-6648-6_20

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner