MalDetec: A Non-root Approach for Dynamic Malware Detection in Android

Trivedi, Nachiket; Das, Manik Lal

doi:10.1007/978-3-319-72598-7_14

Nachiket Trivedi¹⁶ &
Manik Lal Das¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10717))

Included in the following conference series:

International Conference on Information Systems Security

1005 Accesses
4 Citations

Abstract

We present a malware detection technique for android using network traffic analysis. The proposed malware detection tool, termed as MalDetec, uses a non-root approach to notify the user in real-time about any malicious URL (Uniform Resource Locator) requests by any malware. MalDetec parses the packet dump file and merges it with the output of our network traffic analysis to generate App-URL pairing in real-time. This is later scanned by Virustotal databases and the user gets notified of suspicious URL requests. In addition, MalDetec maintains a local database containing results of previous scans for quick look-up during future scans. The experimental results show that MalDetec successfully detects the applications accessing malicious URLs, in real-time without having root privileges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Gartner report 2017. http://www.gartner.com/newsroom/id/3609817
Nokia Threat Intelligence Report. Mobile infection rates rose steadily in 2016
Google Scholar
Honig, A., Sikorski, M.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)
Google Scholar
Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in Android based mobile devices. In: Proceedings of International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 66–71( 2014)
Google Scholar
Qian, Q., Cai, J., Xie, M., Zhang, R.: Malicious behavior analysis for Android applications. Int. J. Netw Secur. 18(1), 182–192 (2016)
Google Scholar
Distler, D.: Malware Analysis: An introduction. SANS Institute InfoSec, Reading (2007)
Google Scholar
CWSandbox Automates Malware Analysis. http://www.securitypronews.com/cwsandbox-automates-malware-analysis-2006-10. Accessed July 2016
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334 (2013)
Google Scholar
Song, Y., Hengartner, U.: PrivacyGuard: a VPN-based platform to detect information leakage on Android devices. In: Proceedings of ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2015)
Google Scholar
Chandramohan, M., Tan, H.: Detection of mobile malware in the wild. IEEE J. Comput. 45(9), 65–71 (2012)
Article Google Scholar
Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for Android malware detection. In: Proceedings of International Conference on Computational Intelligence and Security, pp. 1011–1015 (2011)
Google Scholar
tPacketCapture. http://www.taosoftware.co.jp/en/android/packetcapture/
Zaman, M., Siddiqui, T., Amin, M.R., Hossain, S.M.: Malware detection in Android by network traffic analysis. In: Proceedings of International Conference on Networking Systems and Security (2015)
Google Scholar
VpnService. https://developer.android.com/reference/android/net/VpnService.html
J Oberheide. Parsing a PCAP file. https://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/. Accessed Jan 2017
Kivy - Open source Python library. https://kivy.org/. Accessed Jan 2017
/proc/net/tcp documentation. https://goo.gl/2TVZNp. Accessed Jan 2017
DUMPSYS: Tool to get system services details by ADB. https://developer.android.com/studio/command-line/dumpsys.html
VirusTotal. https://www.virustotal.com

Download references

Author information

Authors and Affiliations

DA-IICT, Gandhinagar, India
Nachiket Trivedi & Manik Lal Das

Authors

Nachiket Trivedi
View author publications
You can also search for this author in PubMed Google Scholar
Manik Lal Das
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manik Lal Das .

Editor information

Editors and Affiliations

Indian Institute of Technology Bombay, Mumbai, India
Rudrapatna K. Shyamasundar
Indian Institute of Technology Bombay, Mumbai, India
Virendra Singh
Rutgers University, Newark, New Jersey, USA
Jaideep Vaidya

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Trivedi, N., Das, M.L. (2017). MalDetec: A Non-root Approach for Dynamic Malware Detection in Android. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_14

Download citation

DOI: https://doi.org/10.1007/978-3-319-72598-7_14
Published: 02 December 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72597-0
Online ISBN: 978-3-319-72598-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics