A detection method and system implementation for Android malware

被引：2

作者：

Hu, Wenjun ^{[1
]}

Zhao, Shuang ^{[2
]}

Tao, Jing ^{[1
]}

Ma, Xiaobo ^{[1
]}

Chen, Liang ^{[3
,4
]}

机构：

[1] MOE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University

[2] Institute of Information Engineering, CAS

[3] Associated Lab. of Cyber Space Great Wall and China Information Technol. Security Evaluation Center

[4] OWASP Beijing Area

来源：

Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University | 2013年 / 47卷 / 10期

关键词：

Android; Dynamic analysis; Malware detection; Static analysis;

D O I：

10.7652/xjtuxb201310007

中图分类号：

学科分类号：

摘要：

An Android malware detection system is designed and implemented to focus on the problem that malware on Android becomes widespread. The system combines static and dynamic analysis technologies. The APK features such as permission, API call sequences, component, resource and structure are extracted to form a feature vector in static analysis, and a similarity-based method is proposed to detect known malware samples using these features. Android source code is then updated to generate new kernel images in dynamic analysis. The new kernel images can monitor the Android program's behaviors such as file reading and writing, network connection, SMS sending and telephone calling, etc. Thus, unknown malware samples can be successfully identified through analyzing these behaviors. Experimental results show that the proposed system is efficient and performs well on detecting Android malware. The proposed system has been released online and free use of the system is available on the Internet.

引用

页码：37 / 43

页数：6

共 8 条

[1] Zhou W., Zhou Y., Jiang X., Et al., Detecting repackaged smartphone applications in third-party Android marketplaces, Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 317-326, (2012)
[2] Borja S., Igor S., Carlos L., Et al., PUMA: Permission usage to detect malware in Android, International Joint Conference CISIS' 12-ICEUTE' 12-SOCO'12 Special Sessions, pp. 289-298, (2012)
[3] Burguera I., Zurutuza U., Nadjm-Tehrani S., Crowdroid: Behavior-based malware detection system for Android, Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15-26, (2011)
[4] Enck W., Gilbert P., Chun B.G., Et al., TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones, Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1-6, (2010)
[5] Enck W., Ongtang M., Mcdaniel P., Understanding Android security, IEEE Security & Privacy, 7, 1, pp. 50-57, (2009)
[6] Pocatilu P., Android applications security, Informatica Economic, 15, 3, pp. 163-171, (2011)
[7] Jiang X., Security alert: New Android malware-HippoSMS-found in alternative Androidmarkets
[8] Cilibrasi R., Vitanyi P.M.B., Clustering by compression, IEEE Transactions on Information Theory, 51, 4, pp. 1523-1545, (2005)

← 1 →