Capturing Android Malware Behaviour Using System Flow Graph

Andriatsimandefitra, Radoniaina; Tong, Valérie Viet Triem

doi:10.1007/978-3-319-11698-3_43

Capturing Android Malware Behaviour Using System Flow Graph

Radoniaina Andriatsimandefitra¹⁸ &
Valérie Viet Triem Tong¹⁸

Conference paper

2188 Accesses
6 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8792))

Abstract

This article uses a new data structure namely System Flow Graph (SFG) that offers a compact representation of information dissemination induced by an execution of an application to characterize malicious application behavior and lead some experiments on 4 malware families DroidKungFu1, DroidKungFu2, jSMSHider, BadNews. We show how SFG are relevant to exhibit malware behavior.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Enck, W., Gilbert, P., Gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of the USENIX Symposium on Operating Systems Design and Implementation, OSDI (2010)
Google Scholar
Vidas, T., Votipka, D., Christin, N.: All your droid are belong to us: a survey of current android attacks. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, p. 10. USENIX Association, Berkeley (2011)
Google Scholar
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Google Scholar
Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)
Chapter Google Scholar
Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (January 2009)
Google Scholar
Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: Accessminer: using system-centric models for malware protection. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010. ACM (2010)
Google Scholar
Jiang, X.: Security alert: New sophisticated android malware droidkungfu found in alternative Chinese app markets, http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html
Andriatsimandefitra, R., Viet Triem Tong, V., Mé, L.: Diagnosing intrusions in android operating system using system flow graph. In: Workshop Interdisciplinaire sur la Sécurité Globale (2013)
Google Scholar
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 95–109. IEEE Computer Society, Washington, DC (2012)
Chapter Google Scholar
Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)
Google Scholar
Yan, L.K., Yin, H.: Droidscope: Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Security Symposium (August 2012)
Google Scholar
Viet Triem Tong, V., Clark, A., Mé, L.: Specifying and enforcing a fine-grained information flow policy: Model and experiments. Journal of Wireless Mobile Networks, s, Ubiquitous Computing and Dependable Applications (2010)
Google Scholar
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security module framework. In: OLS 2002 Proceedings (2002)
Google Scholar
Rogers, M.: The bearer of badnews, https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/
Jiang, X.: Security alert: New droidkungfu variants found in alternative Chinese android markets, http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu2/
Strazzere, T.: 2011 security alert: Malware found targeting custom roms, jsmshider (June 15, 2011), https://blog.lookout.com/blog/2011/06/15/security-alert-malware-found-targeting-custom-roms-jsmshider/

Download references

Author information

Authors and Affiliations

CIDRE Research Group, SUPELEC, Avenue de la Boulaie, 35510, Cesson-Sévigné, France
Radoniaina Andriatsimandefitra & Valérie Viet Triem Tong

Authors

Radoniaina Andriatsimandefitra
View author publications
You can also search for this author in PubMed Google Scholar
Valérie Viet Triem Tong
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong
Man Ho Au
Department of Computer Science and Communication, University of Insubria, Via Mazzini, 5, 21100, Varese, Italy
Barbara Carminati
Ming Hsieh Department of Electrical Engineering, University of Southern California, 3740 McClintock Avenue, EEB 100, 90089-2560, Los Angeles, CA, USA
C.-C. Jay Kuo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Andriatsimandefitra, R., Tong, V.V.T. (2014). Capturing Android Malware Behaviour Using System Flow Graph. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_43

Download citation

DOI: https://doi.org/10.1007/978-3-319-11698-3_43
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11697-6
Online ISBN: 978-3-319-11698-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics