Arabian Journal for Science and Engineering

, Volume 41, Issue 2, pp 479–493 | Cite as

Preventive Policy Enforcement with Minimum User Intervention Against SMS Malware in Android Devices

  • Abdelouahid Derhab
  • Kashif Saleem
  • Ahmed Youssef
  • Mohamed Guerroumi
Research Article - Computer Engineering and Computer Science
First Online:
Received:
Accepted:
  • 190 Downloads

Abstract

In this paper, we propose MinDroid, a user-centric preventive policy enforcement system against SMS malware in Android devices. The design of MinDroid takes into consideration the user’s little understanding of the Android permission system. This can be done by deriving the policy rules from the behavioral model of the malicious SMS applications rather than adopting user-defined rules. MinDroid requires user intervention only during the first T time units from the application installation time. The user during this time period is notified to accept or reject the SMS-sending operations. MinDroid execution is specified as a finite state machine, and its security properties are formally proven using Metric Temporal Logic. We also show that MinDroid is resilient against threats trying to compromise its correct functionality. In addition, an analytical study demonstrates that MinDroid offers good performance in terms of detection time and execution cost in comparison with intrusion detection systems based on static and dynamic analysis. The detection efficiency of MinDroid is also studied in terms of detection rate, false positive rate, and ROC distance. A prototype implementation of MinDroid is tested under Android emulator.

Keywords

SMS malware Policy enforcement Prevention Android 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Jones T.: The emerging role of mobile: a look to 2020. E & i Elektrotechnik und Informationstechnik 131(1), 5–7 (2014)CrossRefGoogle Scholar
  2. 2.
    Cumiskey K.M., Ling R.: The social psychology of mobile communication. Handb. Psychol. Commun. Technol. 33, 228 (2015)Google Scholar
  3. 3.
    Park Y.J., Jang S.M.: Understanding privacy knowledge and skill in mobile communication. Comput. Hum. Behav. 38, 296–303 (2014)CrossRefGoogle Scholar
  4. 4.
    El Hajjaji El Idrissi Y., Zahid N., Jedra M.: A new handover authentication method for WiMAX architecture. Arab. J. Sci. Eng. 39(12), 8837–8850 (2014)CrossRefGoogle Scholar
  5. 5.
    He D., Chen Y., Chen J.: An id-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab. J. Sci. Eng. 38(8), 2055–2061 (2013)MATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    Sandhya M., Rangaswamy T.: Zero knowledge and hashbased secure access control scheme for mobile RFID systems. Arab. J. Sci. Eng. 39(3), 1897–1906 (2014)CrossRefGoogle Scholar
  7. 7.
    Sridevi B., Rajaram S.: Performance analysis of proposed cost reduction mechanisms for authentication in mobile WiMAX network entry process. Arab. J. Sci. Eng. 39(6), 4727–4735 (2014)CrossRefGoogle Scholar
  8. 8.
    Taheri M., Bagheri M.: High secure routing protocol with authentication and confidentiality increased in wireless ad hoc networks. Arab. J. Sci. Eng. 39(2), 1135–1145 (2014)CrossRefGoogle Scholar
  9. 9.
    Kenney M., Pon B.: Structuring the smartphone industry: is the mobile internet os platform the key?. J. Ind. Compet. Trade 11(3), 239–261 (2011)CrossRefGoogle Scholar
  10. 10.
    Mawston, N.: Android captures record 85% share of global smartphone shipments in q2 2014. http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=9921 (2014)
  11. 11.
    Maslennikov, D.: Mobile malware evolution 2013. https://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013 (2014)
  12. 12.
    Labs, F.S.: Mobile threat report: July–September 2013. http://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q3_2013 (2013)
  13. 13.
  14. 14.
  15. 15.
    Traynor, P.; Lin, M.; Ongtang, M.; Rao, V.; Jaeger, T.; McDaniel, P.; La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), pp. 223–234 (2009)Google Scholar
  16. 16.
    Felt, A.P.; Ha, E.; Egelman, S.; Haney, A.; Chin, E.; Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)Google Scholar
  17. 17.
    Felt, A.P.; Chin, E.; Hanna, S.; Song, D.; Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)Google Scholar
  18. 18.
    Arzt S., Rasthofer S., Fritz C., Bodden E., Bartel A., Klein J., Le Traon Y., Octeau D., McDaniel P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  19. 19.
    Batyuk, L.; Herpich, M.; Camtepe, S.; Raddatz, K.; Schmidt, A.D.; Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), pp. 66–72 (2011)Google Scholar
  20. 20.
    Enck, W.; Octeau, D.; McDaniel, P.; Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security (SEC’11) (2011)Google Scholar
  21. 21.
    Grace, M.C.; Zhou, Y.; Wang, Z.; Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: 19th Annual Network and Distributed System Security Symposium (NDSS) (2012)Google Scholar
  22. 22.
    Schmidt, A.D.; Bye, R.; Schmidt, H.G.; Clausen, J.; Kiraz, O.; Yuksel, K.; Camtepe, S.; Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications (ICC ’09), pp. 1–5 (2009)Google Scholar
  23. 23.
    Seo S.H., Gupta A., Sallam A.M., Bertino E., Yim K.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. Appl. 38(0), 43–53 (2014)CrossRefGoogle Scholar
  24. 24.
    Suarez-Tangil G., Tapiador J.E., Peris-Lopez P., Blasco J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41(4, Part 1), 1104–1117 (2014)CrossRefGoogle Scholar
  25. 25.
    Burguera, I.; Zurutuza, U.; Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’11), pp. 15–26 (2011)Google Scholar
  26. 26.
    Bierma, M.; Gustafson, E.; Erickson, J.; Fritz, D.; Choe, Y.R.: Andlantis: large-scale android dynamic analysis. In: Security and Privacy Workshops: Mobile Security Technologies (MoST) (2014)Google Scholar
  27. 27.
    Grace, M.; Zhou, Y.; Zhang, Q.; Zou, S.; Jiang, X.: Riskranker: Scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys ’12), pp. 281–294 (2012)Google Scholar
  28. 28.
    Ham, H.S.; Kim, H.H.; Kim, M.S.; Choi, M.J.: Linear SVM-based android malware detection. In: Frontier and Innovation in Future Computing and Communications, pp. 575–585. Springer (2014)Google Scholar
  29. 29.
    Rasthofer, S.; Arzt, S.; Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014) (2014)Google Scholar
  30. 30.
    Salman, A.; Elhajj, I.; Chehab, A.; Kayssi, A.: Daids: An architecture for modular mobile ids. In: 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 328–333 (2014)Google Scholar
  31. 31.
    Shabtai A., Tenenboim-Chekina L., Mimran D., Rokach L., Shapira B., Elovici Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43(0), 1–18 (2014)CrossRefGoogle Scholar
  32. 32.
    Zhang, Y.; Yang, M.; Xu, B.; Yang, Z.; Gu, G.; Ning, P.; Wang, X.S.; Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)Google Scholar
  33. 33.
    Zhou, W.; Zhou, Y.; Jiang, X.; Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy (CODASPY’12), pp. 317–326 (2012)Google Scholar
  34. 34.
    Siegfried Rasthofer, S.A.; Lovat, E.; Bodden, E.: Droidforce: enforcing complex, data-centric, system-wide policies in android. In: Proceedings of the 9th International Conference on Availability, Reliability and Security (ARES 2014) (2014)Google Scholar
  35. 35.
    Nauman, M.; Khan, S.; Zhang, X.: Apex: extending android permission model and enforcement with userdefined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)Google Scholar
  36. 36.
    Almohri, H.M.; Yao, D.D.; Kafura, D.: Droidbarrier: know what is executing on your android. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY’14), pp. 257–264 (2014)Google Scholar
  37. 37.
    Derhab, A.; Saleem, K.; Youssef, A.: Third line of defense strategy to fight against sms-based malware in android smartphones. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014Google Scholar
  38. 38.
    Xu, R.; Saïdi, H.; Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: USENIX Security Symposium, pp. 539–552 (2012)Google Scholar
  39. 39.
    Sun, M.; Zheng, M.; Lui, J.C.; Jiang, X.: Design and implementation of an android host-based intrusion prevention system. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2014)Google Scholar
  40. 40.
    Sakamoto S., Okuda K., Nakatsuka R., Yamauchi T.: DroidTrack: tracking and visualizing information diffusion for preventing information leakage on android. JISIS 4(2), 55–69 (2014)Google Scholar
  41. 41.
    Lee, H.T.; Kim, D.; Park, M.; Cho, S.J.: Protecting data on android platform against privilege escalation attack. Int. J. Comput. Math. (2014). doi:10.1080/00207160.2014.986113
  42. 42.
    Allalouf, M.; Ben-Av, R.; Gerdov, A.: Storedroid: sensorbased data protection framework for android. In: International Wireless Communications and Mobile Computing Conference (IWCMC 2014), August 2014Google Scholar
  43. 43.
    Security alert: New rootsmart android malware utilizes the gingerbreak root exploit. http://www.csc.ncsu.edu/faculty/jiang/RootSmart (2012)
  44. 44.
    Bellini P., Mattolini R., Nesi P.: Temporal logics for real-time system specification. ACM Comput. Surv. 32(1), 12–42 (2000)CrossRefGoogle Scholar
  45. 45.
    Luo, W.; Xu, S.; Jiang, X.: Real-time detection and prevention of android sms permission abuses. In: Proceedings of the first international workshop on Security in embedded systems and smartphones, pp. 11–18. ACM (2013)Google Scholar
  46. 46.
    Tuck, N.; Sherwood, T.; Calder, B.; Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2004), vol. 4, pp. 2628–2639 (2004)Google Scholar
  47. 47.
    Van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceedings of 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)Google Scholar
  48. 48.
  49. 49.
    The Android Open Source Project. http://androidxref.com

Copyright information

© King Fahd University of Petroleum & Minerals 2015

Authors and Affiliations

  • Abdelouahid Derhab
    • 1
  • Kashif Saleem
    • 1
  • Ahmed Youssef
    • 2
  • Mohamed Guerroumi
    • 3
  1. 1.Center of Excellence in Information Assurance (COEIA)King Saud UniversityRiyadhKingdom of Saudi Arabia
  2. 2.College of Computer and Information Sciences (CCIS)King Saud UniversityRiyadhKingdom of Saudi Arabia
  3. 3.Faculty of Electronic and Computer ScienceUSTHB UniversityAlgiersAlgeria

Personalised recommendations