Abstract
This article uses a new data structure namely System Flow Graph (SFG) that offers a compact representation of information dissemination induced by an execution of an application to characterize malicious application behavior and lead some experiments on 4 malware families DroidKungFu1, DroidKungFu2, jSMSHider, BadNews. We show how SFG are relevant to exhibit malware behavior.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Enck, W., Gilbert, P., Gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of the USENIX Symposium on Operating Systems Design and Implementation, OSDI (2010)
Vidas, T., Votipka, D., Christin, N.: All your droid are belong to us: a survey of current android attacks. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, p. 10. USENIX Association, Berkeley (2011)
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)
Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (January 2009)
Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: Accessminer: using system-centric models for malware protection. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010. ACM (2010)
Jiang, X.: Security alert: New sophisticated android malware droidkungfu found in alternative Chinese app markets, http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html
Andriatsimandefitra, R., Viet Triem Tong, V., Mé, L.: Diagnosing intrusions in android operating system using system flow graph. In: Workshop Interdisciplinaire sur la Sécurité Globale (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 95–109. IEEE Computer Society, Washington, DC (2012)
Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)
Yan, L.K., Yin, H.: Droidscope: Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Security Symposium (August 2012)
Viet Triem Tong, V., Clark, A., Mé, L.: Specifying and enforcing a fine-grained information flow policy: Model and experiments. Journal of Wireless Mobile Networks, s, Ubiquitous Computing and Dependable Applications (2010)
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security module framework. In: OLS 2002 Proceedings (2002)
Rogers, M.: The bearer of badnews, https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/
Jiang, X.: Security alert: New droidkungfu variants found in alternative Chinese android markets, http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu2/
Strazzere, T.: 2011 security alert: Malware found targeting custom roms, jsmshider (June 15, 2011), https://blog.lookout.com/blog/2011/06/15/security-alert-malware-found-targeting-custom-roms-jsmshider/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Andriatsimandefitra, R., Tong, V.V.T. (2014). Capturing Android Malware Behaviour Using System Flow Graph. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_43
Download citation
DOI: https://doi.org/10.1007/978-3-319-11698-3_43
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11697-6
Online ISBN: 978-3-319-11698-3
eBook Packages: Computer ScienceComputer Science (R0)