Proceedings Article10.1109/CIS.2011.226
Kernel-based Behavior Analysis for Android Malware Detection
Takamasa Isohara,Keisuke Takemori,Ayumu Kubota +2 more
- 03 Dec 2011
- pp 1011-1015
361
TL;DR: The result shows that the proposed kernel-base behavior analysis for android malware inspection can effectively detect malicious behaviors of the unknown applications.
read more
Abstract: The most major threat of Android users is malware infection via Android application markets. In case of the Android Market, as security inspections are not applied for many users have uploaded applications. Therefore, malwares, e.g., Geimini and Droid Dream will attempt to leak personal information, getting root privilege, and abuse functions of the smart phone. An audit framework called log cat is implemented on the Dalvik virtual machine to monitor the application behavior. However, only the limited events are dumped, because an application developers use the log cat for debugging. The behavior monitoring framework that can audit all activities of applications is important for security inspections on the market places. In this paper, we propose a kernel-base behavior analysis for android malware inspection. The system consists of a log collector in the Linux layer and a log analysis application. The log collector records all system calls and filters events with the target application. The log analyzer matches activities with signatures described by regular expressions to detect a malicious activity. Here, signatures of information leakage are automatically generated using the smart phone IDs, e.g., phone number, SIM serial number, and Gmail accounts. We implement a prototype system and evaluate 230 applications in total. The result shows that our system can effectively detect malicious behaviors of the unknown applications.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Detection of Malicious Code Variants Based on Deep Learning
TL;DR: A novel method that used deep learning to improve the detection of malware variants using a convolutional neural network that could extract the features of the malware images automatically was proposed.
601
A Comprehensive Review on Malware Detection Approaches
Omer Aslan,Refik Samet +1 more
TL;DR: This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches, and the pros and cons of each detection approach, and methods that are used in these approaches.
A Survey on Machine Learning Techniques for Cyber Security in the Last Decade
TL;DR: This paper aims to provide a comprehensive overview of the challenges that ML techniques face in protecting cyberspace against attacks, by presenting a literature on ML techniques for cyber security including intrusion detection, spam detection, and malware detection on computer networks and mobile networks in the last decade.
Machine learning aided Android malware classification
TL;DR: This paper presents two machine learning aided approaches for static analysis of Android malware based on permissions and the other is based on source code analysis utilizing a bag-of-words representation model.
358
Patent
Electronic message analysis for malware detection
Ashar Aziz,Henry Uyeno,Jay Manni,Amin Sukhera,Stuart Staniford +4 more
- 23 Feb 2012
TL;DR: In this paper, an electronic message is analyzed for malware contained in the message and the analysis may include replaying the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message, if the replayed URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
262
References
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
- 04 Oct 2010
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
On lightweight mobile phone application certification
William Enck,Machigar Ongtang,Patrick McDaniel +2 more
- 09 Nov 2009
TL;DR: The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
Semantically rich application-centric security in Android
TL;DR: This paper considers the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them, and presents Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy.
Semantically Rich Application-Centric Security in Android
Machigar Ongtang,Stephen McLaughlin,William Enck,Patrick McDaniel +3 more
- 07 Dec 2009
TL;DR: This paper considers the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them, and presents Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy.