Abstract
In this paper, we propose MinDroid, a user-centric preventive policy enforcement system against SMS malware in Android devices. The design of MinDroid takes into consideration the user’s little understanding of the Android permission system. This can be done by deriving the policy rules from the behavioral model of the malicious SMS applications rather than adopting user-defined rules. MinDroid requires user intervention only during the first T time units from the application installation time. The user during this time period is notified to accept or reject the SMS-sending operations. MinDroid execution is specified as a finite state machine, and its security properties are formally proven using Metric Temporal Logic. We also show that MinDroid is resilient against threats trying to compromise its correct functionality. In addition, an analytical study demonstrates that MinDroid offers good performance in terms of detection time and execution cost in comparison with intrusion detection systems based on static and dynamic analysis. The detection efficiency of MinDroid is also studied in terms of detection rate, false positive rate, and ROC distance. A prototype implementation of MinDroid is tested under Android emulator.
Similar content being viewed by others
References
Jones T.: The emerging role of mobile: a look to 2020. E & i Elektrotechnik und Informationstechnik 131(1), 5–7 (2014)
Cumiskey K.M., Ling R.: The social psychology of mobile communication. Handb. Psychol. Commun. Technol. 33, 228 (2015)
Park Y.J., Jang S.M.: Understanding privacy knowledge and skill in mobile communication. Comput. Hum. Behav. 38, 296–303 (2014)
El Hajjaji El Idrissi Y., Zahid N., Jedra M.: A new handover authentication method for WiMAX architecture. Arab. J. Sci. Eng. 39(12), 8837–8850 (2014)
He D., Chen Y., Chen J.: An id-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab. J. Sci. Eng. 38(8), 2055–2061 (2013)
Sandhya M., Rangaswamy T.: Zero knowledge and hashbased secure access control scheme for mobile RFID systems. Arab. J. Sci. Eng. 39(3), 1897–1906 (2014)
Sridevi B., Rajaram S.: Performance analysis of proposed cost reduction mechanisms for authentication in mobile WiMAX network entry process. Arab. J. Sci. Eng. 39(6), 4727–4735 (2014)
Taheri M., Bagheri M.: High secure routing protocol with authentication and confidentiality increased in wireless ad hoc networks. Arab. J. Sci. Eng. 39(2), 1135–1145 (2014)
Kenney M., Pon B.: Structuring the smartphone industry: is the mobile internet os platform the key?. J. Ind. Compet. Trade 11(3), 239–261 (2011)
Mawston, N.: Android captures record 85% share of global smartphone shipments in q2 2014. http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=9921 (2014)
Maslennikov, D.: Mobile malware evolution 2013. https://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013 (2014)
Labs, F.S.: Mobile threat report: July–September 2013. http://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q3_2013 (2013)
Labs, F.S.: Mobile threat report: Q1 2014. http://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014 (2014)
Cloudmark: 2013 global messaging threat report. http://www.cloudmark.com/releases/docs/threat_report/cloudmark-2013-annual-threat-report (2014)
Traynor, P.; Lin, M.; Ongtang, M.; Rao, V.; Jaeger, T.; McDaniel, P.; La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), pp. 223–234 (2009)
Felt, A.P.; Ha, E.; Egelman, S.; Haney, A.; Chin, E.; Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)
Felt, A.P.; Chin, E.; Hanna, S.; Song, D.; Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
Arzt S., Rasthofer S., Fritz C., Bodden E., Bartel A., Klein J., Le Traon Y., Octeau D., McDaniel P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Batyuk, L.; Herpich, M.; Camtepe, S.; Raddatz, K.; Schmidt, A.D.; Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), pp. 66–72 (2011)
Enck, W.; Octeau, D.; McDaniel, P.; Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security (SEC’11) (2011)
Grace, M.C.; Zhou, Y.; Wang, Z.; Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: 19th Annual Network and Distributed System Security Symposium (NDSS) (2012)
Schmidt, A.D.; Bye, R.; Schmidt, H.G.; Clausen, J.; Kiraz, O.; Yuksel, K.; Camtepe, S.; Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications (ICC ’09), pp. 1–5 (2009)
Seo S.H., Gupta A., Sallam A.M., Bertino E., Yim K.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. Appl. 38(0), 43–53 (2014)
Suarez-Tangil G., Tapiador J.E., Peris-Lopez P., Blasco J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41(4, Part 1), 1104–1117 (2014)
Burguera, I.; Zurutuza, U.; Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’11), pp. 15–26 (2011)
Bierma, M.; Gustafson, E.; Erickson, J.; Fritz, D.; Choe, Y.R.: Andlantis: large-scale android dynamic analysis. In: Security and Privacy Workshops: Mobile Security Technologies (MoST) (2014)
Grace, M.; Zhou, Y.; Zhang, Q.; Zou, S.; Jiang, X.: Riskranker: Scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys ’12), pp. 281–294 (2012)
Ham, H.S.; Kim, H.H.; Kim, M.S.; Choi, M.J.: Linear SVM-based android malware detection. In: Frontier and Innovation in Future Computing and Communications, pp. 575–585. Springer (2014)
Rasthofer, S.; Arzt, S.; Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014) (2014)
Salman, A.; Elhajj, I.; Chehab, A.; Kayssi, A.: Daids: An architecture for modular mobile ids. In: 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 328–333 (2014)
Shabtai A., Tenenboim-Chekina L., Mimran D., Rokach L., Shapira B., Elovici Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43(0), 1–18 (2014)
Zhang, Y.; Yang, M.; Xu, B.; Yang, Z.; Gu, G.; Ning, P.; Wang, X.S.; Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)
Zhou, W.; Zhou, Y.; Jiang, X.; Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy (CODASPY’12), pp. 317–326 (2012)
Siegfried Rasthofer, S.A.; Lovat, E.; Bodden, E.: Droidforce: enforcing complex, data-centric, system-wide policies in android. In: Proceedings of the 9th International Conference on Availability, Reliability and Security (ARES 2014) (2014)
Nauman, M.; Khan, S.; Zhang, X.: Apex: extending android permission model and enforcement with userdefined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)
Almohri, H.M.; Yao, D.D.; Kafura, D.: Droidbarrier: know what is executing on your android. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY’14), pp. 257–264 (2014)
Derhab, A.; Saleem, K.; Youssef, A.: Third line of defense strategy to fight against sms-based malware in android smartphones. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014
Xu, R.; Saïdi, H.; Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: USENIX Security Symposium, pp. 539–552 (2012)
Sun, M.; Zheng, M.; Lui, J.C.; Jiang, X.: Design and implementation of an android host-based intrusion prevention system. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2014)
Sakamoto S., Okuda K., Nakatsuka R., Yamauchi T.: DroidTrack: tracking and visualizing information diffusion for preventing information leakage on android. JISIS 4(2), 55–69 (2014)
Lee, H.T.; Kim, D.; Park, M.; Cho, S.J.: Protecting data on android platform against privilege escalation attack. Int. J. Comput. Math. (2014). doi:10.1080/00207160.2014.986113
Allalouf, M.; Ben-Av, R.; Gerdov, A.: Storedroid: sensorbased data protection framework for android. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014
Security alert: New rootsmart android malware utilizes the gingerbreak root exploit. http://www.csc.ncsu.edu/faculty/jiang/RootSmart (2012)
Bellini P., Mattolini R., Nesi P.: Temporal logics for real-time system specification. ACM Comput. Surv. 32(1), 12–42 (2000)
Luo, W.; Xu, S.; Jiang, X.: Real-time detection and prevention of android sms permission abuses. In: Proceedings of the first international workshop on Security in embedded systems and smartphones, pp. 11–18. ACM (2013)
Tuck, N.; Sherwood, T.; Calder, B.; Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2004), vol. 4, pp. 2628–2639 (2004)
Van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceedings of 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)
Android Emulator. http://developer.android.com/tools/devices/emulator.html
The Android Open Source Project. http://androidxref.com
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Derhab, A., Saleem, K., Youssef, A. et al. Preventive Policy Enforcement with Minimum User Intervention Against SMS Malware in Android Devices. Arab J Sci Eng 41, 479–493 (2016). https://doi.org/10.1007/s13369-015-1665-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-015-1665-2