Mobile malware detection through analysis of deviations in application network behavior

Shabtai, Asaf; Tenenboim-Chekina, Lena; Mimran, Dudu; Rokach, Lior; Shapira, Bracha; Elovici, Yuval

doi:10.1016/j.cose.2014.02.009

Cited by 154 publications

(100 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The final decision is passed to the user interface module, which prepares appropriate message for the user and presents it through the graphical user interface, as shown in Figure 5. Such design of the decision maker sub-module ensures faster detection and higher performance, as it was adopted by Shabtai et al [37]. …”

Section: Decision Makermentioning

confidence: 99%

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

211

View full text Add to dashboard Cite

The wide popularity of Android systems has been accompanied by increase in the number of malware targeting these systems. This is largely due to the open nature of the Android framework that facilitates the incorporation of third-party applications running on top of any Android device. Inter-process communication is one of the most notable features of the Android framework as it allows the reuse of components across process boundaries. This mechanism is used as gateway to access different sensitive services in the Android framework. In the Android platform, this communication system is usually driven by a late runtime binding messaging object known as Intent. In this paper, we evaluate the effectiveness of Android Intents (explicit and implicit) as a distinguishing feature for identifying malicious applications. We show that Intents are semantically rich features that are able to encode the intentions of malware when compared to other well-studied features such as permissions. We also argue that this type of feature is not the ultimate solution. It should be used in conjunction with other known features. We conducted experiments using a dataset containing 7,406 applications that comprise of 1,846 clean and 5,560 infected applications. The results show detection rate of 91% using Android Intent against 83% using Android permission. Additionally, experiment on combination of both features results in detection rate of 95.5%.

show abstract

Section: Decision Makermentioning

confidence: 99%

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

211

View full text Add to dashboard Cite

show abstract

“…However, current static techniques fail to identify malicious components when they are obfuscated or embedded separately from the code (e.g., hidden into an image) [22,12]. Approaches based on dynamic code analysis [11] are promising, but current works [6,21,23] only provide an holistic understanding of the behavior of an app. This feature challenges the identification of malware using steganography.…”

Section: Thwarting Malware In Smartphonesmentioning

confidence: 99%

Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps

Suárez-Tangil

Tapiador

Peris-López

2015

Information Security and Cryptology

View full text Add to dashboard Cite

Abstract. We discuss a class of smartphone malware that uses steganographic techniques to hide malicious executable components within their assets, such as documents, databases, or multimedia files. In contrast with existing obfuscation techniques, many existing information hiding algorithms are demonstrably secure, which would make such stegomalware virtually undetectable by static analysis techniques. We introduce various types of stegomalware attending to the location of the hidden payload and the components required to extract it. We demonstrate its feasibility with a prototype implementation of a stegomalware app that has remained undetected in Google Play so far. We also address the question of whether steganographic capabilities are already being used for malicious purposes. To do this, we introduce a detection system for stegomalware and use it to analyze around 55K apps retrieved from both malware sources and alternative app markets. Our preliminary results are not conclusive, but reveal that many apps do incorporate steganographic code and that there is a substantial amount of hidden content embedded in app assets.

show abstract

“…By carrying out network packet analysis on the suspicious mobile apps [17], it was possible to obtain the external transaction of SSP malware. Based on it, we can perfectly proof the external activity of hidden evasive server-side polymorphic mobile malware more in detail after capturing packet as follow Figure 6.…”

Section: Evidence Aggregation On Dynamic Ssp Malware With Simulated Cmentioning

confidence: 99%

“…Furthermore, they are devised to perform different types of execution processes every time by applying an advanced mechanism, such as changing the execution sequence for internal codes of the mobile app through the use of random numbers selected arbitrarily. Therefore, when this function is applied, they show a characteristic of detecting avoidance through mobile anti-virus vaccines [10,11,16,17]. …”

Section: Detailed Mechanism Of Server-side Polymorphic Mobile Malwarementioning

confidence: 99%

Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android

Lee¹,

Lee²

2017

International journal of advanced smart convergence

View full text Add to dashboard Cite

show abstract

Mobile malware detection through analysis of deviations in application network behavior

Cited by 154 publications

References 11 publications

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps

Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android

Contact Info

Product

Resources

About