DroidFDR: Automatic Classification of Android Malware Using Model Checking

Yang, Zhi; Chen, Fan; Jin, Shuyuan; Sun, Lei; Du, Xuehui

doi:10.3390/electronics11111798

Cited by 3 publications

(2 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At the start of this investigation, malware samples identified as GamblerSMS [60] and RogueSPPush [61] were discovered in Chinese app marketplaces. Unlike RogueSPPush [61] SMS Trojan, GamblerSMS is spyware. Malware tracks and forwards each received SMS message to predetermined phone numbers.…”

Section: Roguesppush and Gamblersmsmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

Android Smartphone's popularity among users and developers is due to its open architecture and third-party apps. The exponential growth of third-party developer apps needs a robust code audit before upload. The weak program analysis at app stores adversely affects security. Third-party developers can update the app to introduce malicious activities. Sensitive sensor hardware and software resources are exfiltrated for leaking sensitive user data like messages, contacts, audio, and images. Malicious hidden features undermine user permission, including short message service (SMS), audio and video recording, voice calls, and image capturing. This paper treats the covert activities as called malicious features. The paper proposes a robust inter-component communication (ICC) based detection approach to identify such hidden functionality exploited by adversaries. The proposed technique detects sensitive features exploited by persistent malware without user knowledge. Despite the asynchronous characteristics of the ICC Application Programming Interface (API), we develop a precise ICC-based component-interaction graph (CIG) from the app bytecode. Moreover, we enrich the CIG with data flow analysis to identify the component reachability utilizing malicious features from legitimate user interactions. The proposed static app analysis framework identifies the prominent malware which exploits sensitive device resources. We assessed 25K benign and 13.3K malicious apps from 211 malware families with a classification rate of 0.40 % false positive (FP) and 0.37 % false negative (FN), better than existing state-of-the-art. In addition, we detect hidden features in unseen apps that subvert traditional antimalware.

show abstract

Section: Roguesppush and Gamblersmsmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…They addressed five issues, namely (1) the current unfavorable repackaging practices, (2) the way adware is embedded in the code, (3) the types of apps used to repackage, (4) the reasons people download repackaged software, and (5) the way the properties of an app change in the repackaged version. Static Malware detection tools including TinyDroid, DroidFDR [6], DroidEnsemble, and NsDroid were presented in [7], but their shortcoming is that these are not suitable for dynamic analysis. NsDroid is a lightweight and fast Android malware detection tool.…”

Section: Related Workmentioning

confidence: 99%

Malware Analysis in IoT & Android Systems with Defensive Mechanism

Yadav¹,

Singh

Yadav

et al. 2022

Electronics

View full text Add to dashboard Cite

The Internet of Things (IoT) and the Android operating system have made cutting-edge technology accessible to the general public. These are affordable, easy-to-use, and open-source technology. Android devices connect to different IoT devices such as IoT-enabled cameras, Alexa powered by Amazon, and various other sensors. Due to the escalated growth of Android devices, users are facing cybercrime through their Android devices. This article aims to provide a comprehensive study of the IoT and Android systems. This article classifies different attacks on IoT and Android devices and mitigation strategies proposed by different researchers. The article emphasizes the role of the developer in secure application design. This article attempts to provide a relative analysis of several malware detection methods in the different environments of attacks. This study expands the awareness of certain application-hardening strategies applicable to IoT devices and Android applications and devices. This study will help domain experts and researchers to gain knowledge of IoT systems and Android systems from a security point of view and provide insight into how to design more efficient, robust, and comprehensive solutions. This article discusses different attack vectors and mitigation strategies available to both developers and in the open domain. Certain guidelines are also suggested for application and platform developers, as well as application databases (Google play store), to limit the risk of attack, and users can form their own defense with knowledge regarding keeping hardware and software updated and securing their system with a strong password.

show abstract