DETECTION OF HIDDEN FUNCTIONALITIES OF SMART PHONE MALWARE APP USING PATTERN-MATCHING TECHNIQUES
Keywords:Malware, Computer Security, Mobile Computing
Malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook. In this paper, we describe a dynamic analysis approach for detecting such hidden or obfuscated malware components distributed as parts of an app package. The key idea is behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected. The differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature. A thorough justification and a description of the proposed model are provided.
Arp.D, Spreitzenbarth.M, Ubner.M.H, Gascon.H, and Rieck.K, “Drebin: Effective and explainable detection of android malware in your pocket,” in Proc. NDSS, February 2014. DOI: https://doi.org/10.14722/ndss.2014.23247
Egele.M, Scholte.T, Kirda.E, and Kruegel.C, “A survey on automated dynamic malware-analysis techniques and tools,” ACM Comput. Surv., vol. 44, no. 2, pp. 6:1–6:42, Mar. 2012. DOI: https://doi.org/10.1145/2089125.2089126
Cai.L and Chen.H, “Touchlogger: inferring keystrokes on touch screen from smartphone motion,” in Proc. USENIX, ser. HotSec’11, Berkeley, CA, USA, 2011, pp. 9–9.
Christodorescu.M, Jha.S, Seshia.S, Song.D, and Bryant.R, “Semantics-aware malware detection,” in Security and Privacy, 2005 IEEE Symposium on, May 2005, pp. 32–46. DOI: https://doi.org/10.1109/SP.2005.20
D. Perez and J. Pico, “A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications,” Black Hat DC, 2011.
G. Suarez-Tangil, J. E. Tapiador, P. Peris, and A. Ribagorda, ―Evolution, detection and analysis of malware for smart devices‖, IEEE Comms. Surveys & Tut., vol. 16, no. 2, pp. 961–987, May 2014. DOI: https://doi.org/10.1109/SURV.2013.101613.00077
L. K. Yan and H. Yin, ―Droidscope: seamlessly reconstructing the os and Dalvik semantic views for dynamic Android malware analysis, ‖ in Proc. USENIX, ser. Security ‘12. Berkeley, CA, USA:USENIX Association, 2012, pp. 29–29.
Shabtai, L.Tenenboim-Chekina, D.Mimran, L.Rokach, B.Shapira, Y.Elovici. Mobile malware detection through analysis of deviations in application network behavior‖., Department of Information Systems Engineering,2014. DOI: https://doi.org/10.1016/j.cose.2014.02.009
Suarez-Tangil.G, Conti.M, Tapiador.J.E and PerisLopez.P, “Detecting targeted smartphone malware with behavior-triggering stochastic models,” in ESORICS 2014, ser. LNCS, vol. 8712. Springer International Publishing, 2014, pp. 183–201.
Y. Wang, K. Streff, and S. Raman, “Smartphone Security Challenges,” Computer (Long. Beach. Calif)., vol. 45, no. 12, pp. 52–58, Dec. 2012. DOI: https://doi.org/10.1109/MC.2012.288
Z. Lackey and L. Miras, “Attacking SMS,” BlackHat 2009, 2009.
How to Cite
License and Copyright Agreement
In submitting the manuscript to the journal, the authors certify that:
- They are authorized by their co-authors to enter into these arrangements.
- The work described has not been formally published before, except in the form of an abstract or as part of a published lecture, review, thesis, or overlay journal.
- That it is not under consideration for publication elsewhere.
- That its release has been approved by all the author(s) and by the responsible authorities – tacitly or explicitly – of the institutes where the work has been carried out.
- They secure the right to reproduce any material that has already been published or copyrighted elsewhere.
- They agree to the following license and copyright agreement.
Authors who publish with International Journal of Engineering Technologies and Management Research agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors can enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or edit it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) before and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
For More info, please visit CopyRight Section