Abstract
The increasing diffusion of mobile devices, widely used for critical tasks such as the transmission of sensitive and private information, corresponds to an increasing need for methods to detect malicious actions that can undermine our data. As demonstrated in the literature, the signature-based approach provided by antimalware is not able to defend users from new threats. In this paper, we propose an approach based on the adoption of model checking to detect malicious families in the Android environment. We consider two different automata representing Android applications, based respectively on Control Flow Graphs and Call Graphs. The adopted graph data structure allows to detect potentially malicious behaviour and also localize the code where the malicious action happens. We experiment the effectiveness of the proposed method evaluating more than 3000 real-world Android samples (with 2552 malware belonging to 21 malicious family), by reaching an accuracy ranging from 0.97 to 1 in malicious family detection.
Highlights
Mobile devices, such as smartphones and smart TVs, wearables and voice assistants, play a fundamental role in our increasingly connected world
We demonstrate the effectiveness of the proposed model checking approach in the experimental analysis, obtaining an accuracy ranging from 0.97 to 1 in the evaluation of 2552 malware samples belonging to 21 different Android malware families and 500 more samples of legitimate applications
In order to resort to model checking, there is the need of a Formal Model, a Temporal Logic and a Formal Verification Environment
Summary
Mobile devices, such as smartphones and smart TVs, wearables and voice assistants, play a fundamental role in our increasingly connected world. Background information focused on the model checking largely apply by the proposed approach are provided. In order to resort to model checking, there is the need of a Formal Model (used to abstract the Android application under analysis), a Temporal Logic (aimed to represent a malicious behaviour in mobile environment) and a Formal Verification Environment (aimed to verify whether the behaviour is implemented in the Formal Model representing the Android application under analysis). In order to obtain a Formal Model, i.e., a formal description of the application under analysis, specification is exploited. The application behaviour is represented as a Labelled Transition System (LTS) formed by nodes and labelled edges aimed to connect the nodes. The Android application state is shown as a node, differently the transition of the application from a specific state to the consecutive one is shown as a labelled edge
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
