Abstract
In this paper, we propose MinDroid, a user-centric preventive policy enforcement system against SMS malware in Android devices. The design of MinDroid takes into consideration the user’s little understanding of the Android permission system. This can be done by deriving the policy rules from the behavioral model of the malicious SMS applications rather than adopting user-defined rules. MinDroid requires user intervention only during the first T time units from the application installation time. The user during this time period is notified to accept or reject the SMS-sending operations. MinDroid execution is specified as a finite state machine, and its security properties are formally proven using Metric Temporal Logic. We also show that MinDroid is resilient against threats trying to compromise its correct functionality. In addition, an analytical study demonstrates that MinDroid offers good performance in terms of detection time and execution cost in comparison with intrusion detection systems based on static and dynamic analysis. The detection efficiency of MinDroid is also studied in terms of detection rate, false positive rate, and ROC distance. A prototype implementation of MinDroid is tested under Android emulator.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
