Skip to main content
SpringerLink
Log in

Preventive Policy Enforcement with Minimum User Intervention Against SMS Malware in Android Devices

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

In this paper, we propose MinDroid, a user-centric preventive policy enforcement system against SMS malware in Android devices. The design of MinDroid takes into consideration the user’s little understanding of the Android permission system. This can be done by deriving the policy rules from the behavioral model of the malicious SMS applications rather than adopting user-defined rules. MinDroid requires user intervention only during the first T time units from the application installation time. The user during this time period is notified to accept or reject the SMS-sending operations. MinDroid execution is specified as a finite state machine, and its security properties are formally proven using Metric Temporal Logic. We also show that MinDroid is resilient against threats trying to compromise its correct functionality. In addition, an analytical study demonstrates that MinDroid offers good performance in terms of detection time and execution cost in comparison with intrusion detection systems based on static and dynamic analysis. The detection efficiency of MinDroid is also studied in terms of detection rate, false positive rate, and ROC distance. A prototype implementation of MinDroid is tested under Android emulator.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Jones T.: The emerging role of mobile: a look to 2020. E & i Elektrotechnik und Informationstechnik 131(1), 5–7 (2014)

    Article  Google Scholar 

  2. Cumiskey K.M., Ling R.: The social psychology of mobile communication. Handb. Psychol. Commun. Technol. 33, 228 (2015)

    Google Scholar 

  3. Park Y.J., Jang S.M.: Understanding privacy knowledge and skill in mobile communication. Comput. Hum. Behav. 38, 296–303 (2014)

    Article  Google Scholar 

  4. El Hajjaji El Idrissi Y., Zahid N., Jedra M.: A new handover authentication method for WiMAX architecture. Arab. J. Sci. Eng. 39(12), 8837–8850 (2014)

    Article  Google Scholar 

  5. He D., Chen Y., Chen J.: An id-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab. J. Sci. Eng. 38(8), 2055–2061 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  6. Sandhya M., Rangaswamy T.: Zero knowledge and hashbased secure access control scheme for mobile RFID systems. Arab. J. Sci. Eng. 39(3), 1897–1906 (2014)

    Article  Google Scholar 

  7. Sridevi B., Rajaram S.: Performance analysis of proposed cost reduction mechanisms for authentication in mobile WiMAX network entry process. Arab. J. Sci. Eng. 39(6), 4727–4735 (2014)

    Article  Google Scholar 

  8. Taheri M., Bagheri M.: High secure routing protocol with authentication and confidentiality increased in wireless ad hoc networks. Arab. J. Sci. Eng. 39(2), 1135–1145 (2014)

    Article  Google Scholar 

  9. Kenney M., Pon B.: Structuring the smartphone industry: is the mobile internet os platform the key?. J. Ind. Compet. Trade 11(3), 239–261 (2011)

    Article  Google Scholar 

  10. Mawston, N.: Android captures record 85% share of global smartphone shipments in q2 2014. http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=9921 (2014)

  11. Maslennikov, D.: Mobile malware evolution 2013. https://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013 (2014)

  12. Labs, F.S.: Mobile threat report: July–September 2013. http://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q3_2013 (2013)

  13. Labs, F.S.: Mobile threat report: Q1 2014. http://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014 (2014)

  14. Cloudmark: 2013 global messaging threat report. http://www.cloudmark.com/releases/docs/threat_report/cloudmark-2013-annual-threat-report (2014)

  15. Traynor, P.; Lin, M.; Ongtang, M.; Rao, V.; Jaeger, T.; McDaniel, P.; La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), pp. 223–234 (2009)

  16. Felt, A.P.; Ha, E.; Egelman, S.; Haney, A.; Chin, E.; Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

  17. Felt, A.P.; Chin, E.; Hanna, S.; Song, D.; Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

  18. Arzt S., Rasthofer S., Fritz C., Bodden E., Bartel A., Klein J., Le Traon Y., Octeau D., McDaniel P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  19. Batyuk, L.; Herpich, M.; Camtepe, S.; Raddatz, K.; Schmidt, A.D.; Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), pp. 66–72 (2011)

  20. Enck, W.; Octeau, D.; McDaniel, P.; Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security (SEC’11) (2011)

  21. Grace, M.C.; Zhou, Y.; Wang, Z.; Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: 19th Annual Network and Distributed System Security Symposium (NDSS) (2012)

  22. Schmidt, A.D.; Bye, R.; Schmidt, H.G.; Clausen, J.; Kiraz, O.; Yuksel, K.; Camtepe, S.; Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications (ICC ’09), pp. 1–5 (2009)

  23. Seo S.H., Gupta A., Sallam A.M., Bertino E., Yim K.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. Appl. 38(0), 43–53 (2014)

    Article  Google Scholar 

  24. Suarez-Tangil G., Tapiador J.E., Peris-Lopez P., Blasco J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41(4, Part 1), 1104–1117 (2014)

    Article  Google Scholar 

  25. Burguera, I.; Zurutuza, U.; Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’11), pp. 15–26 (2011)

  26. Bierma, M.; Gustafson, E.; Erickson, J.; Fritz, D.; Choe, Y.R.: Andlantis: large-scale android dynamic analysis. In: Security and Privacy Workshops: Mobile Security Technologies (MoST) (2014)

  27. Grace, M.; Zhou, Y.; Zhang, Q.; Zou, S.; Jiang, X.: Riskranker: Scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys ’12), pp. 281–294 (2012)

  28. Ham, H.S.; Kim, H.H.; Kim, M.S.; Choi, M.J.: Linear SVM-based android malware detection. In: Frontier and Innovation in Future Computing and Communications, pp. 575–585. Springer (2014)

  29. Rasthofer, S.; Arzt, S.; Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014) (2014)

  30. Salman, A.; Elhajj, I.; Chehab, A.; Kayssi, A.: Daids: An architecture for modular mobile ids. In: 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 328–333 (2014)

  31. Shabtai A., Tenenboim-Chekina L., Mimran D., Rokach L., Shapira B., Elovici Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43(0), 1–18 (2014)

    Article  Google Scholar 

  32. Zhang, Y.; Yang, M.; Xu, B.; Yang, Z.; Gu, G.; Ning, P.; Wang, X.S.; Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)

  33. Zhou, W.; Zhou, Y.; Jiang, X.; Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy (CODASPY’12), pp. 317–326 (2012)

  34. Siegfried Rasthofer, S.A.; Lovat, E.; Bodden, E.: Droidforce: enforcing complex, data-centric, system-wide policies in android. In: Proceedings of the 9th International Conference on Availability, Reliability and Security (ARES 2014) (2014)

  35. Nauman, M.; Khan, S.; Zhang, X.: Apex: extending android permission model and enforcement with userdefined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)

  36. Almohri, H.M.; Yao, D.D.; Kafura, D.: Droidbarrier: know what is executing on your android. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY’14), pp. 257–264 (2014)

  37. Derhab, A.; Saleem, K.; Youssef, A.: Third line of defense strategy to fight against sms-based malware in android smartphones. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014

  38. Xu, R.; Saïdi, H.; Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: USENIX Security Symposium, pp. 539–552 (2012)

  39. Sun, M.; Zheng, M.; Lui, J.C.; Jiang, X.: Design and implementation of an android host-based intrusion prevention system. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2014)

  40. Sakamoto S., Okuda K., Nakatsuka R., Yamauchi T.: DroidTrack: tracking and visualizing information diffusion for preventing information leakage on android. JISIS 4(2), 55–69 (2014)

    Google Scholar 

  41. Lee, H.T.; Kim, D.; Park, M.; Cho, S.J.: Protecting data on android platform against privilege escalation attack. Int. J. Comput. Math. (2014). doi:10.1080/00207160.2014.986113

  42. Allalouf, M.; Ben-Av, R.; Gerdov, A.: Storedroid: sensorbased data protection framework for android. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014

  43. Security alert: New rootsmart android malware utilizes the gingerbreak root exploit. http://www.csc.ncsu.edu/faculty/jiang/RootSmart (2012)

  44. Bellini P., Mattolini R., Nesi P.: Temporal logics for real-time system specification. ACM Comput. Surv. 32(1), 12–42 (2000)

    Article  Google Scholar 

  45. Luo, W.; Xu, S.; Jiang, X.: Real-time detection and prevention of android sms permission abuses. In: Proceedings of the first international workshop on Security in embedded systems and smartphones, pp. 11–18. ACM (2013)

  46. Tuck, N.; Sherwood, T.; Calder, B.; Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2004), vol. 4, pp. 2628–2639 (2004)

  47. Van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceedings of 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)

  48. Android Emulator. http://developer.android.com/tools/devices/emulator.html

  49. The Android Open Source Project. http://androidxref.com

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance (COEIA), King Saud University, Riyadh, Kingdom of Saudi Arabia

    Abdelouahid Derhab & Kashif Saleem

  2. College of Computer and Information Sciences (CCIS), King Saud University, Riyadh, Kingdom of Saudi Arabia

    Ahmed Youssef

  3. Faculty of Electronic and Computer Science, USTHB University, Algiers, Algeria

    Mohamed Guerroumi

Authors
  1. Abdelouahid Derhab
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kashif Saleem
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmed Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohamed Guerroumi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Youssef.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Derhab, A., Saleem, K., Youssef, A. et al. Preventive Policy Enforcement with Minimum User Intervention Against SMS Malware in Android Devices. Arab J Sci Eng 41, 479–493 (2016). https://doi.org/10.1007/s13369-015-1665-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-015-1665-2

Keywords

Search

Navigation