Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Analysis of Bayesian classification-based approaches for Android malware detection

© The Institution of Engineering and Technology
Received 04/03/2013, Accepted 10/07/2013, Revised 02/07/2013, Published

Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.

Inspec keywords: invasive software; pattern classification; smart phones; learning (artificial intelligence); operating system kernels

Other keywords: static analysis; machine learning; signature based scanning; static analytic Bayesian classification; Android malware detection; smartphones; mobile malware

Subjects: Mobile, ubiquitous and pervasive computing; Operating systems; Mobile radio systems; Knowledge engineering techniques; Data security

References

    1. 1)
      • 25. Baksmali: http://code.google.com/p/smali, Accessed June 2013.
    2. 2)
      • 6. Bose, A., Hu, X., Shin, K.G., Park, T.: ‘Behavioral detection of malware on mobile handsets’. Proc. Sixth Int. Conf. Mobile Systems, Applications and Services (MobiSys ’08) ACM, Breckenridge, CO, USA, June 2008, pp. 225238.
    3. 3)
      • 3. Zhou, Y., Jiang, X.: ‘Dissecting android malware: characterization and evolution’. Proc. IEEE Symp. Security and Privacy (SP), San Francisco, CA, USA, May 2012, pp. 95109.
    4. 4)
      • 15. Gibler, C., Crussell, J., Erickson, J., Chen, H.: ‘AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale’. Proc. Fifth Int. Conf. Trust and Trustworthy Computing (TRUST 2012), Vienna, Austria, June 2012, pp. 291307.
    5. 5)
      • 4. Oberheide, J., Miller, C.: ‘Dissecting the android bouncer’. SummerCon 2012, Brooklyn, NY, USA, June 2012.
    6. 6)
      • 12. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: ‘RiskRanker: scalable and accurate zero-day android malware detection’. Proc. Tenth Int. Conf. Mobile Systems, Applications, and Services (MobiSys ’12) ACM, Low Wood Bay, Lake District, UK, June 2012, pp. 281294.
    7. 7)
      • 5. Oberheide, J., Cooke, E., Jahanian, F.: ‘Cloudav: N-version antivirus in the network cloud’. Proc. 17th USENIX Security Symposium (Security ’08), July 2008, pp. 91106.
    8. 8)
      • 18. Schmidt, A.-D., Bye, R., Schmidt, H.-G., et al: ‘Static analysis of executables for collaborative malware detection on android’. IEEE Int. Conf. Communications (ICC '09), Dresden, Germany, June 2009, pp. 15.
    9. 9)
      • 10. Chan, P.P.F., Hui, L.C.K., Yiu, S.M.: ‘DroidChecker: analyzing android applications for capability leak’. Proc. Fifth ACM Conf. Security and Privacy in Wireless and Mobile Networks (WISEC ’12), Tucson, AZ, USA, April 2012, pp. 125136.
    10. 10)
      • 30. Strazzere, T.: ‘LeNa technical tear down’. Accessed June 2013, https://blog.lookout.com/wp-content/uploads/2011/10/LeNa-Legacy-Native-Teardown_Lookout-Mobile-Security1.pdf.
    11. 11)
      • 34. Peng, H., Gates, C., Sarma, B., et al: ‘Using probabilistic generative models for ranking risks of android apps’. Proc. 19th ACM Conf. Computer and Communications Security (CCS 2012), Raleigh, NC, USA, October 2012, pp. 241252.
    12. 12)
      • 13. Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A., Albayrak, S.: ‘Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications’. Sixth Int. Conf. Malicious and Unwanted Software (MALWARE 2011), Fajardo, PR, USA, October 2011, pp. 6672.
    13. 13)
      • 11. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: ‘ProfileDroid: multi-layer profiling of android applications’. Proc. 18th Int. Conf. Mobile Computing and Networking (Mobicom ’12). ACM, Istanbul, Turkey, August 2012, pp. 137148.
    14. 14)
      • 17. Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: ‘An Android application sandbox system for suspicious software detection’. Fifth Int. Conf. Malicious and Unwanted Software (MALWARE 2010), Nancy, France, October 2010, pp. 5562.
    15. 15)
      • 2. Apvrille, A., Strazzere, T.: ‘Reducing the window of opportunity for Android malware Gotta catch'em all’, J. Comput. Virol., 2012, 8, (1–2), pp. 6171 (doi: 10.1007/s11416-012-0162-3).
    16. 16)
      • 35. Sarma, B., Gates, C., Li, N., Potharaju, R., Nita-Rotaru, C., Molloy, I.: ‘Android permissions: a perspective combining risks and benefits’. Proc. 17th ACM Symp. Access Control Models and Technologies (SACMAT ’12), June 2012, pp. 1322.
    17. 17)
      • 26. Muttik, I.: ‘Malware mining’. Proc. 21st Virus Bulletin Int. Conf., VB2011, Barcelona, Spain, 57October 2011.
    18. 18)
      • 31. Contagio mobile. http://contagiominidump.blogspot.com/, Accessed June 2013.
    19. 19)
      • 33. Dong-Jie, W., Ching-Hao, M., Te-En, W., Hahn-Ming, L., Kuo-Ping, W.: ‘DroidMat: Android malware detection through manifest and API calls tracing’. Proc. Seventh Asia Joint Conf.Information Security (Asia JCIS), 2012, pp. 6269.
    20. 20)
      • 23. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedro, X., Bringas, P.G., Alvarez, G.: ‘PUMA: permission usage to detect malware in Android’. Int. Joint Conf. CISIS'12-ICEUTÉ12-SOCÓ12 Special Sessions, in Advances in Intelligent Systems and Computing, Vol. 189, pp. 289298.
    21. 21)
      • 22. Sahs, J., Khan, L.: ‘A machine learning approach to Android malware detection’. Proc. European Intelligence and Security Informatics Conf., Odense, Denmark, August 2012, pp. 141147.
    22. 22)
      • 1. http://www.theregister.co.uk/2012/09/26/google_play_25bn_downloads/, Accessed June 2013.
    23. 23)
      • 19. Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: ‘Data mining methods for detection of new malicious executables’. Proc. 2001 IEEE Symposium on Security and Privacy (SP ’01), Oakland, CA, USA, May 2001, pp. 3849.
    24. 24)
      • 16. Mann, C., Starostin, A.: ‘A framework for static detection of privacy leaks in android applications’. Proc. 27th Annual ACM Symp. Applied Computing (SAC’12), Trento, Italy, March 2012, pp. 14571462.
    25. 25)
      • 24. Android Application Fundamentals: http://developer.android.com/guide/components/fundamentals.html, Accessed June 2013.
    26. 26)
      • 32. Andoid Malware Genome Project: http://www.malgenomeproject.org/, Accessed June 2013.
    27. 27)
      • 20. Wang, T.-Y., Wu, C.-H., Hsieh, C.-C.: ‘A virus prevention model based on static analysis and data mining methods’. Proc. IEEE Eighth Int. Conf. Computer and Information Technology Workshops, Sydney, July 2008, pp. 288293.
    28. 28)
      • 9. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: ‘Analyzing inter-application communication in Android’. Proc. Ninth Int. Conf. Mobile Systems, Applications, and Services (MobiSys ’11). ACM, Washington, DC, USA, June 2011, pp. 239252.
    29. 29)
      • 27. Cover, T.M., Thomas, J.A.: ‘Elements of information theory’ (Wiley, 1991).
    30. 30)
      • 7. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: ‘Crowdroid: behavior-based malware detection system for Android’. Proc. First ACM Workshop on Security and Privacy in Smartphones and Mobile devices (SPSM ’11), New York, NY, USA, 2011, pp. 1526.
    31. 31)
      • 21. Santos, I., Brezo, F., Sanz, B., Laorden, C., Bringas, P.G.: ‘Using opcode sequences in single-class learning to detect unknown malware’, IET Inf. Secur., 2011, 5, (4), pp. 220227 (doi: 10.1049/iet-ifs.2010.0180).
    32. 32)
      • 14. Kim, J., Yoon, Y., Yi, K., Shin, J.: ‘SCANDAL: Static analyzer for detecting privacy leaks in Android applications’. Mobile Security Technologies, MoST 2012, San Francisco, May 2012.
    33. 33)
      • 28. Enck, W., Ongtang, M., McDaniel, P.: ‘On lightweight mobile phone application certification’. Proc. 16th ACM Conf. Computer and Communications Security (CCS ’09), Chicago, IL, USA, November 2009, pp. 235245.
    34. 34)
      • 29. Castillo, C.A.: ‘Android malware past, present, and future’. McAfee White Paper, 2011, Accessed June 2013http://www.mcafee.com/us/resources/white-papers/wp-android-malware-past-present-future.pdf.
    35. 35)
      • 8. Schmidt, A.-D., Peters, F., Lamour, F., Albayrak, S.: ‘Monitoring smartphones for anomaly detection’. Proc. Int. Conf. Mobile Wireless Middleware, Operating Systems, and Applications (MOBILWARE 2008), Innsbruck, Austria, February 2008.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2013.0095
Loading

Related content

content/journals/10.1049/iet-ifs.2013.0095
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address