nach oben

Arabian Journal for Science and Engineering

Erschienen in:

26.06.2022 | Research Article-Computer Engineering and Computer Science

ROOTECTOR: Robust Android Rooting Detection Framework Using Machine Learning Algorithms

verfasst von: Wael F. Elsersy, Nor Badrul Anuar, Mohd Faizal Ab Razak

Erschienen in: Arabian Journal for Science and Engineering | Ausgabe 2/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, the newly launched Google protect service alerts Android users from installing rooting tools. However, Android users lean toward rooting their Android devices to gain unlimited privileges, which allows them to customize their devices and allows Android Apps to bypass all Android security logging and security system. Rooting is one of the most malicious tactics that is used by Android malware that offers malware with the ability to open backdoor, server ports, access the Android kernel commands, and silently install malicious App and make them irremovable and undetectable. The existing Android malware detection frameworks propose embedded root-exploit code detection within the Android App. However, most frameworks overlook the rooted device detection part. In addition, many evasion techniques are developed to cloak the rooted devices. The above facts pose the challenging tasks of rooting detection and the current studies highlighted a deficiency in root detection research. Hence, this study proposes “Rootector” Android Rooting Detection Framework that uses machine learning classification techniques to detect Android rooted devices. The study proposes a model using machine learning algorithms that previously proves detection performance excellence in different fields of study. The research creates a rooting dataset with more than 13,000 mobile scans, which incorporates physical Android devices as well as simulators. Using the dataset, the study evaluates the performance of the ten machine learning classifiers to identify the best classification model. The study incorporates hyper-parameter optimization techniques to define the optimal machine learning parameters. The study adopts the LASSO (least absolute shrinkage and selection operator) regression algorithm to identify the best minimum number of classification features, which forms a compact dataset. Using LASSO regression, the study proposes a compact model for Android rooting detection. The experimental evaluation results show a very promising performance of Rootector framework with about 98.16% overall accuracy using the full dataset and slightly degraded to 97.13% using the compact dataset.

Vorheriger Artikel Efficient Storage and Encryption of 32-Slice CT Scan Images Using Phase Grating

Nächster Artikel Data Hiding and Integrity Verification based on Quotient Value Differencing and Merkle Tree

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

https://github.com/wfarouk/Rootector

https://github.com/samoa-moa/samoa-moa

https://www.h2o.ai/

https://github.com/cran/glmnet

Miller, C.: Android Market Share. https://9to5mac.com/2016/08/18/android-ios-smartphone-market-share/ (2016). Accessed 01/04/2017

Statista: Number of apps available in leading app stores as of March 2017. https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/ (2017). Accessed 1-May-2018 2018

Statista: statistics mobile-payment-transaction-volume and 2019 forecast. https://www.statista.com/statistics/226530/mobile-payment-transaction-volume-forecast/ (2018). Accessed 3rd June 208 2018

Oester, P.: Dirty Cow (CVE-2016–5195) (2016).

Zhang, V.: GODLESS Mobile Malware Uses Multiple Exploits to Root Devices. June. http://blog.trendmicro.com/trendlabs-security-intelligence/godless-mobile-malware-uses-multiple-exploits-root-devices/ (2016). Accessed 22/05/2017

NIST: Root Exploit TowelRoot CVE-2014–3153 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3153 (2014). Accessed 1/4/2017

Spreitzer, R.; Griesmayr, S.; Korak, T.; Mangard, S.: Exploiting data-usage statistics for website fingerprinting attacks on android. In: 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016 (2016). https://doi.org/10.1145/2939918.2939922

Geist, D., Nigmatullin, M., Bierens, R.: Jailbreak/Root Detection Evasion Study on iOS and Android. University of Amsterdam (2016)

Evans, N.S.; Benameur, A.; Shen, Y.: All your root checks are belong to us: the sad state of root detection. In: Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access (2015). https://doi.org/10.1145/2810362.2810364

10.

Nguyen-Vu, L.; Chau, N.-T.; Kang, S.; Jung, S.: Android rooting: An arms race between evasion and detection. In: Security and Communication Networks 2017 (2017).

11.

Sun, S.-T.; Cuadros, A.; Beznosov, K.: Android rooting: Methods, detection, and evasion. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2015). https://doi.org/10.1145/2808117.2808126

12.

Xu, M.; Song, C.; Ji, Y.; Shih, M.W.; Lu, K.; Zheng, C.; Duan, R.; Jang, Y.; Lee, B.; Qian, C.; Lee, S.; Kim, T.: Toward engineering a secure android ecosystem: A survey of existing techniques. ACM Comput. Surv. (2016). https://doi.org/10.1145/2963145CrossRef

13.

Hao, H.K.; Li, Z.J.; He, Y.Y.; Ma, J.X.: Characterization of android applications with root exploit by using static feature analysis. Lect. Notes Comput. Sci. 9532, 153–165 (2015). https://doi.org/10.1007/978-3-319-27161-3_14CrossRef

14.

Ham, Y.J.; Choi, W.-B.; Lee, H.-W.: Mobile root exploit detection based on system events extracted from android platform. In: Proceedings of the International Conference on Security and Management (SAM) 2013, p. 1. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp)

15.

Ho, T.-H.; Dean, D.; Gu, X.; Enck, W.: PREC: practical root exploit containment for android devices. In: Proceedings of the 4th ACM conference on Data and application security and privacy (2014). https://doi.org/10.1145/2557547.2557563

16.

Jang, W.J.; Cho, S.W.; Lee, H.W.; Ju, H.I.; Kim, J.N.: Rooting attack detection method on the android-based smart phone. In: 2011 International Conference on Computer Science and Network Technology (Iccsnt), Vols 1–4 (2012). https://doi.org/10.1109/ICCSNT.2011.6182000

17.

Kaspersky: Rooting your Android: Advantages, disadvantages, and snags. https://www.kaspersky.com/blog/android-root-faq/17135/ (2017). Accessed 26th May 2018 2018

18.

Zhang, H.; She, D.; Qian, Z.: Android root and its providers: A double-edged sword. In: 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 2015-October, pp. 1093–1104 (2015). https://doi.org/10.1145/2810103.2813714

19.

Jiang, X.: Gingermaster: First android malware utilizing a root exploit on android 2.3 (gingerbread). http://www.csc.ncsu.edu/faculty/jiang/GingerMaster (2011). Accessed 21/05/2017

20.

Shao, Y.R.; Luo, X.P.; Qian, C.X.: RootGuard: Protecting rooted android phones. Computer 47(6), 32–40 (2014). https://doi.org/10.1109/MC.2014.163CrossRef

21.

Admin, M.: Moto X, unlocking the bootloader does void the warranty. https://forums.lenovo.com/t5/Moto-X-Pure-Moto-X-Style/Bootloader-Policy-re-Warranty-for-Pure-Style/m-p/3202233#M5570 (2016). Accessed 20/05/2017

22.

Shen, Y.; Evans, N.; Benameur, A.: Insights into rooted and non-rooted Android mobile devices with behavior analytics. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing (2016). https://doi.org/10.1145/2851613.2851713

23.

Gasparis, I.; Qian, Z.; Song, C.; Krishnamurthy, S.V.: Detecting android root exploits by learning from root providers. In: 26th {USENIX} Security Symposium ({USENIX} Security 17) 2017, pp. 1129–1144. USENIX} Association}

24.

Feizollah, A.; Anuar, N.B.; Salleh, R.; Suarez-Tangil, G.; Furnell, S.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)CrossRef

25.

Afifi, F.; Anuar, N.B.; Shamshirband, S.; Choo, K.-K.R.: DyHAP: dynamic hybrid ANFIS-PSO approach for predicting mobile malware. PLoS ONE 11(9), e0162627 (2016). https://doi.org/10.1371/journal.pone.0162627CrossRef

26.

Razak, M.F.A.; Anuar, N.B.; Salleh, R.; Firdaus, A.: The rise of “malware”: Bibliometric analysis of malware study. J. Netw. Comput. Appl. 75, 58–76 (2016). https://doi.org/10.1016/j.jnca.2016.08.022CrossRef

27.

Yuan, Z.; Lu, Y.; Xue, Y.: Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21(1), 114–123 (2016). https://doi.org/10.1109/TST.2016.7399288CrossRef

28.

You-Joung, H.; Won-Bin, C.; Hyung-Woo, L.; Jaedeok, L.; Jeong Nyeo, K.: Vulnerability monitoring mechanism in Android based smartphone with correlation analysis on event-driven activities. In: 2012 2nd International Conference on Computer Science and Network Technology (ICCSNT), pp. 371–375 (2012). https://doi.org/10.1109/ICCSNT.2012.6525958

29.

MWR-Labs-Drozer: Drozer—A Comprehensive Security and Attack Framework for Android. https://labs.mwrinfosecurity.com/tools/drozer/ (2013). Accessed 1/2/2017

30.

Park, Y.; Lee, C.; Lee, C.; Lim, J.; Han, S.; Park, M.; Cho, S.-J.: RGBDroid: a novel response-based approach to android privilege escalation attacks. In: Presented as part of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (2012).

31.

HTC: Unlock Bootloader - Unlock the possibilities with total customization. http://www.htcdev.com/bootloader (2017). Accessed 20/05/2017

32.

Jaramillo, D.; Katz, N.; Bodin, B.; Tworek, W.; Smart, R.; Cook, T.: Cooperative solutions for bring your own device (BYOD). IBM J. Res. Dev. 57(6), 5:1-5:11 (2013). https://doi.org/10.1147/JRD.2013.2279600CrossRef

33.

Meng, H.; Thing, V.L.; Cheng, Y.; Dai, Z.; Zhang, L.: A survey of Android exploits in the wild. Comput. Secur. 76, 71–91 (2018)CrossRef

34.

Xu, W.; Fu, Y.: Own Your Android! Yet Another Universal Root. In: WOOT 2015

35.

Goodin, D.: New type of auto-rooting Android adware is nearly impossible to remove (ShiftyBug). https://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/ (2015). Accessed 22/05/2017

36.

Hojjati, A.; Adhikari, A.; Struckmann, K.; Chou, E.; Tho Nguyen, T.N.; Madan, K.; Winslett, M.S.; Gunter, C.A.; King, W.P.: Leave your phone at the door: Side channels that reveal factory floor secrets. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security 2016, pp. 883–894. ACM

37.

Spreitzer, R.; Moonsamy, V.; Korak, T.; Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. (2018).

38.

Kadir, A.F.A.; Stakhanova, N.; Ghorbani, A.A.: Understanding android financial malware attacks: taxonomy, characterization, and challenges. J. Cyber Secur. Mob. 7(3), 1–52 (2018)CrossRef

39.

Ward, B.: How Linux Works: What Every Superuser Should Know. No Starch Press, San Francisco (2014)MATH

40.

Salva, S.; Zafimiharisoa, S.R.: APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities. Int. J. Softw. Tools Technol. Transf. 17(2), 201–221 (2015). https://doi.org/10.1007/s10009-014-0303-8CrossRef

41.

Luyi, X., Xiaorui, P., Rui, W., Kan, Y., XiaoFeng, W.: Upgrading your android, elevating my malware: privilege escalation through mobile OS updating. In: 2014 IEEE Symposium on Security and Privacy (SP), 18–21 May 2014 2014, pp. 393–408

42.

Valcke, J.: Feature: best practices in mobile security. Biometric Technol. Today 2016, 9–11 (2016). https://doi.org/10.1016/S0969-4765(16)30051-0CrossRef

43.

Zhang, Z.W.; Wang, Y.W.; Jing, J.W.; Wang, Q.X.; Lei, L.G.: Once root always a threat: analyzing the security threats of android permission system. Inf. Secur. Privacy Acisp 2014(8544), 354–369 (2014). https://doi.org/10.1007/978-3-319-08344-5_23CrossRefMATH

44.

Amazon: Amazon Web Service - Device Farm. https://aws.amazon.com/device-farm/ (2018). Accessed 2-OCT-2018 2018

45.

PCloudy: PCloudy Device Farm. https://www.pcloudy.com/ (2015). Accessed 2 April 2017

46.

Casati, L., Visconti, A.: The dangers of rooting: data leakage detection in android applications. In: Mobile Information Systems 2018 (2018).

47.

Alam, M., Cheng, Z., Vuong, S.: Context-aware multi-agent based framework for securing Android. In: 2014 International Conference on 2014 Multimedia Computing and Systems (ICMCS), pp. 961–966. IEEE

48.

Genymotion: Genymotion Android Emulator – Fast • Easy • Anywhere. https://www.genymotion.com/ (2014). Accessed 2/4/2017

49.

Player, N.: Nox App Player. https://www.bignox.com/ (2015). Accessed 2/4/2017

50.

Vilkomir, S.: Multi-device coverage testing of mobile applications. Softw. Quality J. (2017). https://doi.org/10.1007/s11219-017-9357-7CrossRef

51.

Vilkomir, S., Marszalkowski, K., Perry, C., Mahendrakar, S.: Effectiveness of multi-device testing mobile applications. In: 2015 2nd ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), pp. 44–47 (2015). https://doi.org/10.1109/MobileSoft.2015.12

52.

Cyanogenmod: Cyanogen OS. http://www.cyanogenmods.org/ (2014). Accessed 26 March 2017

53.

Druffel, A.; Heid, K.: Davinci: Android app analysis beyond Frida via dynamic system call instrumentation. In: International Conference on Applied Cryptography and Network Security 2020, pp. 473–489. Springer

54.

Feizollah, A.; Anuar, N.B.; Salleh, R.; Amalina, F.: Comparative study of k-means and mini batch k-means clustering algorithms in android malware detection using network traffic analysis. In: 2014 4th International Symposium on Biometrics and Security Technologies, ISBAST 2014 2014, pp. 193–197. Institute of Electrical and Electronics Engineers Inc.

55.

Rastogi, V.; Chen, Y.; Jiang, X.: Catch me if you can: Evaluating android anti-malware against transformation attacks. IEEE Trans. Inf. Forensics Secur. 9(1), 99–108 (2014). https://doi.org/10.1109/TIFS.2013.2290431CrossRef

56.

Liaw, A.; Wiener, M.: Classification and regression by randomForest. R news 2(3), 18–22 (2002)

57.

Geurts, P.; Ernst, D.; Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63(1), 3–42 (2006). https://doi.org/10.1007/s10994-006-6226-1CrossRefMATH

58.

Freund, Y.; Schapire, R.E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: European Conference on Computational Learning Theory (1995). https://doi.org/10.1007/3-540-59119-2_166

59.

Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Stat. 46(3), 175–185 (1992). https://doi.org/10.1080/00031305.1992.10475879MathSciNetCrossRef

60.

Friedman, J.H.: Greedy function approximation: a gradient boosting machine. Ann. Stat. 1, 1189–1232 (2001)MathSciNetMATH

61.

Candel, A., Parmar, V., LeDell, E., Arora, A.: Deep Learning with H2O. H2O. ai Inc. (2016).

62.

Ng, S.S.Y., Zhu, W., Tang, W.W.S., Wan, L.C.H., Wat, A.Y.W.: An independent study of two deep learning platforms—H2O and SINGA. In: 2016 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), 4–7 Dec. 2016 2016, pp. 1279–1283

63.

Richter, A.N., Khoshgoftaar, T.M., Landset, S., Hasanin, T.: A multi-dimensional comparison of toolkits for machine learning with big data. In: IEEE International Conference on Information Reuse and Integration (IRI), 2015 (2015). https://doi.org/10.1109/IRI.2015.12

64.

Rong, C.: Using mahout for clustering wikipedia's latest articles: A comparison between k-means and fuzzy c-means in the cloud. In: 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom) (2011). https://doi.org/10.1109/CloudCom.2011.86

65.

Esteves, R.M., Pais, R., Rong, C.: K-means clustering in the cloud--a Mahout test. In: 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications (WAINA) (2011). https://doi.org/10.1109/WAINA.2011.136

66.

Riondato, M., DeBrabant, J.A., Fonseca, R., Upfal, E.: PARMA: a parallel randomized algorithm for approximate association rules mining in MapReduce. In: Proceedings of the 21st ACM International Conference on Information and Knowledge Management (2012). https://doi.org/10.1145/2396761.2396776

67.

Meng, X.; Bradley, J.; Yavuz, B.; Sparks, E.; Venkataraman, S.; Liu, D.; Freeman, J.; Tsai, D.; Amde, M.; Owen, S.: Mllib: Machine learning in apache spark. J. Mach. Learn. Res. 17(34), 1–7 (2016)MathSciNetMATH

68.

Morales, G.D.F.; Bifet, A.: SAMOA: scalable advanced massive online analysis. J. Mach. Learn. Res. 16, 149–153 (2015)

69.

Ooi, B.C., Tan, K.-L., Wang, S., Wang, W., Cai, Q., Chen, G., Gao, J., Luo, Z., Tung, A.K., Wang, Y.: SINGA: A distributed deep learning platform. In: Proceedings of the 23rd ACM International Conference on Multimedia (2015). doi:https://doi.org/10.1145/2733373.2807410

70.

Bengio, Y.: Learning deep architectures for AI. Foundations and trends®. Mach. Learn. 2(1), 1–127 (2009). https://doi.org/10.1561/2200000006

71.

Arnold, L., Rebecchi, S., Chevallier, S., Paugam-Moisy, H.: An introduction to deep learning. In: European Symposium on Artificial Neural Networks (ESANN) (2011).

72.

Glorot, X., Bordes, A., Bengio, Y.: Deep Sparse Rectifier Neural Networks. In: Aistats 2011, vol. 106, p. 275

73.

Ngiam, J., Coates, A., Lahiri, A., Prochnow, B., Le, Q.V., Ng, A.Y.: On optimization methods for deep learning. (2011)

74.

LeCun, Y.; Bengio, Y.; Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)CrossRef

75.

Bergstra, J.; Bengio, Y.: Random search for hyper-parameter optimization. J. Mach. Learn. Res. 13(Feb), 281–305 (2012)MathSciNetMATH

76.

Bergstra, J.S., Bardenet, R., Bengio, Y., Kégl, B.: Algorithms for hyper-parameter optimization. In: Advances in Neural Information Processing Systems, pp. 2546–2554 (2011)

77.

Friedman, J., Hastie, T., Tibshirani, R.: glmnet: Lasso and elastic-net regularized generalized linear models. R package version 1(4) (2009).

78.

Tibshirani, R.: Regression shrinkage and selection via the lasso. J. R. Stat. Soc. Ser. B (Methodol.) 267–288 (1996).

79.

Usai, M.G.; Goddard, M.E.; Hayes, B.J.: LASSO with cross-validation for genomic selection. Genet. Res. 91(06), 427–436 (2009). https://doi.org/10.1017/S0016672309990334CrossRef

80.

Wang, Q.; Garrity, G.M.; Tiedje, J.M.; Cole, J.R.: Naive Bayesian classifier for rapid assignment of rRNA sequences into the new bacterial taxonomy. Appl. Environ. Microbiol. 73(16), 5261–5267 (2007). https://doi.org/10.1128/AEM.00062-07CrossRef

81.

Kohavi, R.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: Ijcai 1995, vol. 2, pp. 1137–1145. Stanford, CA

82.

Guyon, I.: A scaling law for the validation-set training-set size ratio. AT & T Bell Laboratories, 80 (1997).

83.

Feurer, M., Springenberg, J.T., Hutter, F.: Initializing Bayesian Hyperparameter Optimization via Meta-Learning. In: AAAI 2015, pp. 1128–1135

84.

Powers, D.M.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. (2011). http://hdl.handle.net/2328/27165

Titel: ROOTECTOR: Robust Android Rooting Detection Framework Using Machine Learning Algorithms
verfasst von: Wael F. Elsersy
Nor Badrul Anuar
Mohd Faizal Ab Razak
Publikationsdatum: 26.06.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: Arabian Journal for Science and Engineering / Ausgabe 2/2023
Print ISSN: 2193-567X
Elektronische ISSN: 2191-4281
DOI: https://doi.org/10.1007/s13369-022-06949-5

Premium Partner

Marktübersichten

Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen.

Zur Marktübersicht

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 2/2023

Synchronization Methods of Multiple High Frame Rate Industrial Cameras Using a General-Purpose Computer

Modulation Format Identification Using Supervised Learning and High-Dimensional Features

Applying Hybrid Deep Neural Network for the Recognition of Sign Language Words Used by the Deaf COVID-19 Patients

Prewitt Logistic Deep Recurrent Neural Learning for Face Log Detection by Extracting Features from Images

Obstacle Avoidance Path Planning Using the Elite Ant Colony Algorithm for Parameter Optimization of Unmanned Aerial Vehicles

A Tuned Whale Optimization-Based Stacked-LSTM Network for Digital Image Segmentation

Premium Partner

Marktübersichten