An Automatic Approach of Building Threat Patterns in Android

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 733)

Abstract

Nowadays, handheld devices have become popular but volume of malwares on mobile platform has also grown rapidly. To detect mobile malware, static approaches and dynamic approaches are two common ways used to analyze suspicious applications. Dynamic approaches detect malware base on the actual behaviors of applications, but how to trigger malicious behavior and the efficient of dynamic approaches are the difficulties of this kind of approaches. Due to the limited resource of mobile devices, static analysis approach is the practicable way to detect malwares on mobile device. Anti-virus software is the typical paradigm of static analysis approach. However, the effectiveness of Anti-virus software rely on its signatures. How to find an efficient and automatic way to build thread pattern of mobile malware is a critical issue to detect new or zero-day malware.

In this paper, a detect mechanism based on data flow is proposed. The proposed system analyzes the function calls and the data flow to identify malicious behaviors in Android mobile devices. Machine learning approach is used to build threat patterns automatically within a great volume of applications. The experimental result shows that the proposed system could detect malware with high accuracy and low false positive rate.

Keywords

Android malware Data flow Machine learning 

References

  1. 1.
    Aafer, A., Wenliang, D., Heng, Y.: DroidAPIMiner: Mining API-level features for robust malware detection in android. In: International Conference on Security and Privacy in Communication Systems, pp. 86–103 (2013)Google Scholar
  2. 2.
    Android Malware Genome Project. http://www.malgenomeproject.org/. Accessed 21 Oct 2017
  3. 3.
    Cerbo, F.D., Girardello, A., Michahelles, F., Voronkova, S.: Detection of malicious applications on android OS. In: International Workshop on Computational Forensics, pp. 138–149 (2011)Google Scholar
  4. 4.
    Chen, C.M., Lai, G.H., Lin, J.M.: Identifying threat patterns of android applications. In: 12th Asia Joint Conference on Information Security, pp. 69–74 (2017)Google Scholar
  5. 5.
    Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the 19th Network and Distributed System Security Symposium (2012)Google Scholar
  6. 6.
    IDC: IDC Quarterly Mobile Phone Tracker. https://www.idc.com/promo/smartphone-market-share/os. Accessed 21 Oct 2017
  7. 7.
    McAfee Lab: FakeInstaller’ leads the attack on android phones (2012). https://blogs.mcafee.com/mcafee-labs/fakeinstaller-leads-the-attack-on-android-phones
  8. 8.
    Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (2012)Google Scholar
  9. 9.
    Shabtai, A., Kanonov, U., Elovici, Y.: Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J. Syst. Softw. 83(8), 1524–1537 (2010)CrossRefGoogle Scholar
  10. 10.
    TechRepublic, new faketoken android malware records calls, intercepts texts, and steals credit card info. https://www.techrepublic.com/article/new-faketoken-android-malware-records-calls-intercepts-texts-and-steals-credit-card-info/. Accessed 21 Oct 2017
  11. 11.
    TrendMicro: “Android Malware: How Worried Should You Be?”Google Scholar
  12. 12.
  13. 13.
    William, E., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245 (2009)Google Scholar
  14. 14.
    Wu, D.J., Mao, C.H., Wei, T.E, Lee, H.M., Wu, K.P.: DroidMat: android malware detection through manifest and api calls tracing. In: Proceedings of 7th Asia Joint Conference on Information Security (2012)Google Scholar
  15. 15.
    Yerima, S.Y., Sezer, S., lliams, G., Muttik, I.: A new android malware detection approach using Bayesian classification. In: The 27th IEEE International Conference on Advanced Information Networking and Applications (2013)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.National Sun Yat-Sen UniversityKaohsiungTaiwan
  2. 2.Taiwan Police CollegeTaipeiTaiwan

Personalised recommendations