nach oben

International Journal of Information Security

Erschienen in:

01.04.2015 | Special Issue Paper

Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques

verfasst von: Michael Spreitzenbarth, Thomas Schreck, Florian Echtler, Daniel Arp, Johannes Hoffmann

Erschienen in: International Journal of Information Security | Ausgabe 2/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Smartphones in general and Android in particular are increasingly shifting into the focus of cyber criminals. For understanding the threat to security and privacy, it is important for security researchers to analyze malicious software written for these systems. The exploding number of Android malware calls for automation in the analysis. In this paper, we present Mobile-Sandbox, a system designed to automatically analyze Android applications in novel ways: First, it combines static and dynamic analysis, i.e., results of static analysis are used to guide dynamic analysis and extend coverage of executed code. Additionally, it uses specific techniques to log calls to native (i.e., “non-Java”) APIs, and last but not least it combines these results with machine-learning techniques to cluster the analyzed samples into benign and malicious ones. We evaluated the system on more than 69,000 applications from Asian third-party mobile markets and found that about 21 % of them actually use native calls in their code.

Vorheriger Artikel Formal modeling and automatic enforcement of Bring Your Own Device policies

Nächster Artikel Lightweight energy consumption-based intrusion detection system for wireless sensor networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-level features for robust malware detection in android. In: Proc. of International Conference on Security and Privacy in Communication Networks (SecureComm) (2013)

Android Developers.: Using the Android emulator. https://developer.android.com/guide/developing/devices/emulator.html. Jan 2012

Android Developers.: Android platform versions. http://developer.android.com/about/dashboards/index.html. Jan 2014

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: Efficient and explainable detection of android malware in your pocket. In: Proc. of Network and Distributed System Security Symposium (NDSS) (2014)

Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S., Albayrak, S.: An android application sandbox system for suspicious software detection. In: Proc. of the 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)

Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)

Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)

Department of Computer Science Friedrich-Alexander-University Erlangen-Nuremberg. Mobile-Sandbox. http://www.mobile-sandbox.com. Jan 2012

Desnos, A.: Androguard. http://code.google.com/p/androguard/. Jan 2011

10.

Desnos, A., Gueguen, G.: Android: From reversing to decompilation. In: Proc. of Black Hat Abu Dhabi (2011)

11.

Echtler, F.: ltrace for Android. https://github.com/floe/ltrace

12.

Enck, W., Gilbert, P., gon Chun, B., Cox, L. P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010

13.

Felt, A., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM wWorkshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)

14.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proc. of the 18th ACM Conference on Computer and Communications Security (2011)

15.

Freke, J.: Smali—an disassembler for android’s dex format. http://code.google.com/p/smali/. Sept 2009

16.

Google Inc., Android SDK. http://developer.android.com/sdk/index.html. Oct 2009

17.

Groves, R.M.: Research on survey data quality. Public Opin. Q. 51(2), 157–172 (1987)

18.

Groves, R.M.: Survey Errors and Survey Costs. Wiley, New York (1989)CrossRef

19.

Hispasec Sistemas S.L.: Virustotal malware intelligence services. https://secure.vt-mis.com/vtmis/

20.

Hispasec Sistemas S.L.: Virustotal public API. https://www.virustotal.com/documentation/public-api/

21.

Lantz, P.: Droidbox—android application sandbox. http://code.google.com/p/droidbox/. Feb 2011

22.

Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proc. of the 23rd Annual Computer Security Applications Conference (2007)

23.

Peng, H., Gates, C.S., Sarma, B.P., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. pp. 241–252 (2012)

24.

Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: ISC, pp. 1–18 (2007)

25.

Rieck, K.: Derrick—a simple network stream recorder. https://github.com/rieck/derrick. Jan 2012

26.

Salton, G., Wong, A., Yang, C.S.: A vector space model for automatic indexing. Commun. ACM 18(11), 613–620 (1975)CrossRefMATH

27.

Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proc. of ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 13–22 (2012)

28.

Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yüksel, K., Camtepe, S., Sahin, A.: Static analysis of executables for collaborative malware detection on android. In: Proc. of the ICC Communication and Information Systems Security Symposium (2009)

29.

Six, J.: Application Security for the Android Platform: Processes, Permissions, and Other Safeguards. Oreilly & Assoc Inc, Sebastopol (2011)

30.

Spreitzenbarth, M.: Current Android malware. http://forensics.spreitzenbarth.de/android-malware/. Aug 2013

31.

Spreitzenbarth, M., Freiling, F.C.: Android Malware on the Rise. Technical Report CS-2012-04, Dept. of Computer Science, University of Erlangen-Nuremberg, April 2012

32.

The Debian Project. ltrace. http://anonscm.debian.org/gitweb/?p=collab-maint/ltrace.git;a=summary. Jan 2012

33.

Vienna University of Technology.: Andrubis—analysis of android apks. http://anubis.iseclab.org. May 2012

34.

Willems, C., Freiling, F.C.: Reverse code engineering—state of the art and countermeasures. it-Information Technology, pp. 53–63 (2011)

35.

Willems, C., Holz, T., Freiling, F.C.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5(2), 32–39 (2007)CrossRef

36.

Xie, L., Zhang, X., Seifert, J.-P., Zhu, S.: pbmds: a behavior-based malware detection system for cellphone devices. In: Proc. of the Third ACM Conference on Wireless Network Security (2010)

37.

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proc. of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012), May 2012

38.

Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious Apps in official and alternative Android markets. In: Proc. of the 19th Annual Symposium on Network and Distributed System Security (2012)

Titel: Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques
verfasst von: Michael Spreitzenbarth
Thomas Schreck
Florian Echtler
Daniel Arp
Johannes Hoffmann
Publikationsdatum: 01.04.2015
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 2/2015
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-014-0250-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2015

Lightweight energy consumption-based intrusion detection system for wireless sensor networks

Special issue on the Security Track at the ACM Symposium on Applied Computing 2013

An adaptive threat model for security ceremonies

Formal modeling and automatic enforcement of Bring Your Own Device policies

Multi-operator wireless mesh networks secured by an all-encompassing security architecture

Verifying multicast-based security protocols using the inductive method