Abstract
Mass-market mobile security threats have increased recently due to the growth of mobile technologies and the popularity of mobile devices. Accordingly, techniques have been introduced for identifying, classifying, and defending against mobile threats utilizing static, dynamic, on-device, and off-device techniques. Static techniques are easy to evade, while dynamic techniques are expensive. On-device techniques are evasion, while off-device techniques need being always online. To address some of those shortcomings, we introduce Andro-profiler, a hybrid behavior based analysis and classification system for mobile malware. Andro-profiler main goals are efficiency, scalability, and accuracy. For that, Andro-profiler classifies malware by exploiting the behavior profiling extracted from the integrated system logs including system calls. Andro-profiler executes a malicious application on an emulator in order to generate the integrated system logs, and creates human-readable behavior profiles by analyzing the integrated system logs. By comparing the behavior profile of malicious application with representative behavior profile for each malware family using a weighted similarity matching technique, Andro-profiler detects and classifies it into malware families. The experiment results demonstrate that Andro-profiler is scalable, performs well in detecting and classifying malware with accuracy greater than 98 %, outperforms the existing state-of-the-art work, and is capable of identifying 0-day mobile malware samples.
Highlights
The explosive growth in the number of mobile devices running the Android platform has attracted the attention of hackers for the wealth of sensitive information that are usually stored on mobile devices, including phone numbers, short messages, confidential emails and correspondences, and banking information and credentials
The client monitored the behavior of the malicious application at the installation time, ran analysis based on the similarity of the function call set used, exchanged the result of analysis with neighboring devices, and performed collaborative malware detection
Jang et al (2015) proposed a feature-rich anti-malware system based on based on similarity matching of malwarecentric and malware creator-centric information. Their system classified malware samples into similar subgroups by exploiting the profiles extracted from integrated footprints, which are implicitly equivalent to distinct behavior characteristics
Summary
The explosive growth in the number of mobile devices running the Android platform has attracted the attention of hackers for the wealth of sensitive information that are usually stored on mobile devices, including phone numbers, short messages, confidential emails and correspondences, and banking information and credentials. Unique behavior patterns can be represented by various symbols (e.g., permission set, API call, and system call) and used to identify malware families To this end, researchers previously proposed various detection and classification methods for malware analysis based on their behavior, including permission-based, API call-based and system call-based methods. The detection methods on mobile device scan malicious behavior patterns on the mobile device and return the analysis results to the user Those approaches do not consider the resource constraints on the mobile device: low computing power and limited battery life, affect their usability and user experience. The detection methods outside mobile device execute detection algorithms on an emulator or a real device running the targeted applications, and conduct static or dynamic analysis for determining the nature of those applications Those approaches do not need to consider resource constraints, but cannot respond to new malware families quickly. Pearce et al (2012) introduced AdDroid, in which they separated advertising
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
