Abstract
With the tremendous increase of Android malware, we need an automatic way of collecting Android applications and identifying the malware before they get installed on the end-user devices. In this paper, we propose a honeyclient for Android applications that will collect and classify Android applications. We first present an overview of the honeyclient. Then, we survey the different ways of infecting Android mobile devices which will shed the light on the honeyclient’s design. Finally, we describe every component of the honeyclient, namely a crawler to build a list of suspicious URLs, a client to visit the suspicious URLs, extract Android applications and analyze them, and a malware detector to classify the collected Android applications. We use a light version of the Android browser to visit the suspicious URLs enabling us to scale the visits up and an Android emulator to analyze the Android applications. As for the malware detector, we use a combination of misuse and anomaly detector allowing us to detect already known malware and new variants.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Android under siege: Popularity comes at a price (2012). Available: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-3q-2012-security-roundup-android-under-siege-popularity-comes-at-a-price.pdf
H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck, Structural detection of android malware using embedded call graphs, in Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, ser. AISec ’13. New York, NY, USA: ACM, 2013, pp. 45–54. Available: http://doi.acm.org/10.1145/2517312.2517315
M. H. Daniel Arp, Michael Spreitzenbarth, K. R. Hugo Gascon, Drebin: Efficient and explainable detection of android malware in your pocket, in Proceedings of 17th Network and Distributed System Security Symposium (NDSS), 2014
V. B. de Oliveira, Honeypotlabsac: Um framework de honeypot virtual para o android, Master’s thesis, PPGEE/UFMA, June 2012
T. J. O’Connor, B. Sangster, honeym: A framework for implementing virtual honeyclients for mobile devices, in Proceedings of the Third ACM Conference on Wireless Network Security, ser. WiSec ’10. New York, NY, USA: ACM, 2010, pp. 129–138. Available: http://doi.acm.org/10.1145/1741866.1741888
Google play, 2013. Available: https://play.google.com/store
Amazon appstore for android, 2013. Available: http://www.amazon.com/mobile-apps/b?ie=UTF8&node=2350149011
Getjar, 2013. Available: http://www.getjar.com/
The webkit open source project, 2014. Available: http://www.webkit.org/
Cve details, 2013. Available: http://www.cvedetails.com/product/19997/Google-Android.html
Obad.a trojan now being distributed via mobile botnets, 2013. Available: http://www.securelist.com/en/blog/8131/Obad_a_Trojan_now_being_distributed_via_mobile_botnets
Symantec internet security threat report—2011, 2011. Available: http://www.symantec.com/threatreport/topic.jsp?id=threatreport&aid=malicious_code_trends_report
The platform millions of websites are buitl on, 2013. Available: http://www.joomla.org/
Wordpress.org, 2013. Available: http://wordpress.org/
L. Delosières, D. García, Infrastructure for detecting android malware, in Information Sciences and Systems 2013, ser. Lecture Notes in Electrical Engineering, E. Gelenbe, R. Lent, (eds.) Springer International Publishing, 2013, vol. 264, pp. 389–398. Available: http://dx.doi.org/10.1007/978-3-319-01604-7_38
Y.-W. Chen, C.-J. Lin, Combining SVMS with Various Feature Selection Strategies, in Feature Extraction, Foundations and Applications (Springer, Berlin, 2006), pp. 315–324
C. Cortes, V. Vapnik, Support-vector networks, Machine Learning, 20(3), pp. 273–297, 1995. Available: http://dx.doi.org/10.1007/BF00994018
nprotect, 2014. Available: http://nos.nprotect.com/
Bytehero, 2014. Available: www.bytehero.com/pages/english.html
Malwarebytes, 2014. Available: https://www.malwarebytes.org/
Hacksoft, 2014. Available: http://www.hacksoft.com.pe/
“Superantispyware”, 2014. [Online]. Available: http://www.superantispyware.com/
Acknowledgments
The work presented in this paper is funded by the European Commission FP7 collaborative research project NEMESYS (Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem), no. 317888 within the Trustworthy ICT domain.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Delosières, L., Sánchez, A. (2014). DroidCollector: A Honeyclient for Collecting and Classifying Android Applications. In: Czachórski, T., Gelenbe, E., Lent, R. (eds) Information Sciences and Systems 2014. Springer, Cham. https://doi.org/10.1007/978-3-319-09465-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-09465-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09464-9
Online ISBN: 978-3-319-09465-6
eBook Packages: Computer ScienceComputer Science (R0)