Skip to main content
SpringerLink
Log in

DroidCollector: A Honeyclient for Collecting and Classifying Android Applications

  • Conference paper
  • First Online:
Information Sciences and Systems 2014

Abstract

With the tremendous increase of Android malware, we need an automatic way of collecting Android applications and identifying the malware before they get installed on the end-user devices. In this paper, we propose a honeyclient for Android applications that will collect and classify Android applications. We first present an overview of the honeyclient. Then, we survey the different ways of infecting Android mobile devices which will shed the light on the honeyclient’s design. Finally, we describe every component of the honeyclient, namely a crawler to build a list of suspicious URLs, a client to visit the suspicious URLs, extract Android applications and analyze them, and a malware detector to classify the collected Android applications. We use a light version of the Android browser to visit the suspicious URLs enabling us to scale the visits up and an Android emulator to analyze the Android applications. As for the malware detector, we use a combination of misuse and anomaly detector allowing us to detect already known malware and new variants.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Android under siege: Popularity comes at a price (2012). Available: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-3q-2012-security-roundup-android-under-siege-popularity-comes-at-a-price.pdf

  2. H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck, Structural detection of android malware using embedded call graphs, in Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, ser. AISec ’13. New York, NY, USA: ACM, 2013, pp. 45–54. Available: http://doi.acm.org/10.1145/2517312.2517315

  3. M. H. Daniel Arp, Michael Spreitzenbarth, K. R. Hugo Gascon, Drebin: Efficient and explainable detection of android malware in your pocket, in Proceedings of 17th Network and Distributed System Security Symposium (NDSS), 2014

    Google Scholar 

  4. V. B. de Oliveira, Honeypotlabsac: Um framework de honeypot virtual para o android, Master’s thesis, PPGEE/UFMA, June 2012

    Google Scholar 

  5. T. J. O’Connor, B. Sangster, honeym: A framework for implementing virtual honeyclients for mobile devices, in Proceedings of the Third ACM Conference on Wireless Network Security, ser. WiSec ’10. New York, NY, USA: ACM, 2010, pp. 129–138. Available: http://doi.acm.org/10.1145/1741866.1741888

  6. Google play, 2013. Available: https://play.google.com/store

  7. Amazon appstore for android, 2013. Available: http://www.amazon.com/mobile-apps/b?ie=UTF8&node=2350149011

  8. Getjar, 2013. Available: http://www.getjar.com/

  9. The webkit open source project, 2014. Available: http://www.webkit.org/

  10. Cve details, 2013. Available: http://www.cvedetails.com/product/19997/Google-Android.html

  11. Obad.a trojan now being distributed via mobile botnets, 2013. Available: http://www.securelist.com/en/blog/8131/Obad_a_Trojan_now_being_distributed_via_mobile_botnets

  12. Symantec internet security threat report—2011, 2011. Available: http://www.symantec.com/threatreport/topic.jsp?id=threatreport&aid=malicious_code_trends_report

  13. The platform millions of websites are buitl on, 2013. Available: http://www.joomla.org/

  14. Wordpress.org, 2013. Available: http://wordpress.org/

  15. L. Delosières, D. García, Infrastructure for detecting android malware, in Information Sciences and Systems 2013, ser. Lecture Notes in Electrical Engineering, E. Gelenbe, R. Lent, (eds.) Springer International Publishing, 2013, vol. 264, pp. 389–398. Available: http://dx.doi.org/10.1007/978-3-319-01604-7_38

  16. Y.-W. Chen, C.-J. Lin, Combining SVMS with Various Feature Selection Strategies, in Feature Extraction, Foundations and Applications (Springer, Berlin, 2006), pp. 315–324

    Google Scholar 

  17. C. Cortes, V. Vapnik, Support-vector networks, Machine Learning, 20(3), pp. 273–297, 1995. Available: http://dx.doi.org/10.1007/BF00994018

  18. nprotect, 2014. Available: http://nos.nprotect.com/

  19. Bytehero, 2014. Available: www.bytehero.com/pages/english.html

  20. Malwarebytes, 2014. Available: https://www.malwarebytes.org/

  21. Hacksoft, 2014. Available: http://www.hacksoft.com.pe/

  22. “Superantispyware”, 2014. [Online]. Available: http://www.superantispyware.com/

Download references

Acknowledgments

The work presented in this paper is funded by the European Commission FP7 collaborative research project NEMESYS (Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem), no. 317888 within the Trustworthy ICT domain.

Author information

Authors and Affiliations

  1. Hispasec Sistemas S.L., Málaga, Spain

    Laurent Delosières & Antonio Sánchez

Authors
  1. Laurent Delosières
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laurent Delosières .

Editor information

Editors and Affiliations

  1. Polish Academy of Sciences, Gliwice, Poland

    Tadeusz Czachórski

  2. Imperial College London, London, United Kingdom

    Erol Gelenbe

  3. Imperial College London, London, United Kingdom

    Ricardo Lent

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Delosières, L., Sánchez, A. (2014). DroidCollector: A Honeyclient for Collecting and Classifying Android Applications. In: Czachórski, T., Gelenbe, E., Lent, R. (eds) Information Sciences and Systems 2014. Springer, Cham. https://doi.org/10.1007/978-3-319-09465-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09465-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09464-9

  • Online ISBN: 978-3-319-09465-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation