Randomizing Smartphone Malware Profiles against Statistical Mining Techniques

  • Abhijith Shastry
  • Murat Kantarcioglu
  • Yan Zhou
  • Bhavani Thuraisingham
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7371)


The growing use of smartphones opens up new opportunities for malware activities such as eavesdropping on phone calls, reading e-mail and call-logs, and tracking callers’ locations. Statistical data mining techniques have been shown to be applicable to detect smartphone malware. In this paper, we demonstrate that statistical mining techniques are prone to attacks that lead to random smartphone malware behavior. We show that with randomized profiles, statistical mining techniques can be easily foiled. Six in-house proof-of-concept malware programs are developed on the Android platform for this study. The malware programs are designed to perform privacy intrusion, information theft, and denial of service attacks. By simulating and tuning the frequency and interval of attacks, we aim to answer the following questions: 1) Can statistical mining algorithms detect smartphone malware by monitoring the statistics of smartphone usage? 2) Are data mining algorithms robust against malware with random profiles? 3) Can simple consolidation of random profiles over a fixed time frame prepare a higher quality data source for existing algorithms?


Support Vector Machine Mobile Phone Intrusion Detection Data Mining Algorithm Malicious Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys 2008, pp. 225–238. ACM, New York (2008)Google Scholar
  2. 2.
    Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: Proceedings of the 5th Annual ACM Workshop on Computational Learning Theory, pp. 144–152. ACM Press (1992)Google Scholar
  3. 3.
    Cheng, J., Wong, S.H., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: Proceedings of the 5th International Conference on Mobile Systems, Applications and Services, MobiSys 2007, pp. 258–271. ACM, New York (2007)Google Scholar
  4. 4.
    Christodorescu, M., Jhacomputer, S.: Testing malware detectors. In: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004, pp. 34–44. ACM Press (2004)Google Scholar
  5. 5.
    Dixon, B., Mishra, S.: On rootkit and malware detection in smartphones. In: 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W), June 28-July 1, pp. 162–163 (2010)Google Scholar
  6. 6.
    Gary McGraw, G.M.: Attacking malicious code: a report to the infosec research council. IEEE Software, 33–41 (2000), magazine articleGoogle Scholar
  7. 7.
    Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11, 10–18 (2009)CrossRefGoogle Scholar
  8. 8.
    Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)CrossRefGoogle Scholar
  9. 9.
    Kantarcioglu, M., Xi, B., Clifton, C.: Classifier evaluation and attribute selection against active adversaries. Data Min. Knowl. Discov. 22, 291–335 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Kim, H., Smith, J., Shin, K.G.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys 2008, pp. 239–252. ACM, New York (2008)Google Scholar
  11. 11.
    Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the 7th Conference on USENIX Security Symposium, vol. 7, p. 6. USENIX Association, Berkeley (1998)Google Scholar
  12. 12.
    Mitchell, T.M.: Machine Learning. McGraw-Hill, New York (1997)zbMATHGoogle Scholar
  13. 13.
    Moreau, Y., Shawe-taylor, P.B.J., Stoermann, C., Ag, S., Vodafone, C.C.: Novel techniques for fraud detection in mobile telecommunication networks. In: ACTS Mobile Summit (1997)Google Scholar
  14. 14.
    Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 421–430 (2007)Google Scholar
  15. 15.
    Okazaki, Y., Sato, I., Goto, S.: A new intrusion detection method based on process profiling. In: Proceedings of the 2002 Symposium on Applications and the Internet, SAINT 2002, pp. 82–90 (2002)Google Scholar
  16. 16.
    Quinlan, J.R.: C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)Google Scholar
  17. 17.
    Rabek, J.C., Khazan, R.I., Lewandowski, S.M., Cunningham, R.K.: Detection of injected, dynamically generated, and obfuscated malicious code. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, WORM 2003, pp. 76–82. ACM, New York (2003)CrossRefGoogle Scholar
  18. 18.
    Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and Classification of Malware Behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Schmidt, A., Schmidt, H., Clausen, J., Camtepe, A., Albayrak, S.: Enhancing security of linux-based android devices. Image Rochester NY (2008)Google Scholar
  20. 20.
    Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: ”Andromaly”: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 1–30 (2011)Google Scholar
  21. 21.
    Stolfo, S.J., Wang, K., Li, W.-J.: Worms 2005 columbia ids lab fileprint analysis for malware detection 1. In: 6th IEEE Information Assurance Workshop (2005)Google Scholar
  22. 22.
    Yap, T.S., Ewe, H.T.: A Mobile Phone Malicious Software Detection Model with Behavior Checker. In: Shimojo, S., Ichii, S., Ling, T.-W., Song, K.-H. (eds.) HSI 2005. LNCS, vol. 3597, pp. 57–65. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS 2012 (2012)Google Scholar
  24. 24.
    Zolkipli, M.F., Jantan, A.: Malware behavior analysis: Learning and understanding current malware threats. In: International Conference on Network Applications, Protocols and Services, pp. 218–221 (2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Abhijith Shastry
    • 1
  • Murat Kantarcioglu
    • 1
  • Yan Zhou
    • 1
  • Bhavani Thuraisingham
    • 1
  1. 1.Computer Science DepartmentUniversity of Texas at DallasRichardsonUSA

Personalised recommendations