Enhanced Multilevel Anomaly Detection for Android Malware
Citation
Dr. Santhi Baskaran, G.Maheshwari, J. Pearly percy, P.Priyadharshini "Enhanced Multilevel Anomaly Detection for Android Malware", International Journal of Engineering Trends and Technology (IJETT), V58(3),150-157 April 2018. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group
Abstract
Android device users are frequently threatened by an increasing number of malicious applications, generally called malware. Malware constitutes a serious threat to user privacy, money, devices and file integrity. We can classify malware into small number of behaviours and classes, each of which performs a limited set of misbehavior that characterize them. This misbehavior can be defined by monitoring features belonging different android levels. In this project, we present Enhanced Multilevel Anomaly Detection for Android Malware (EMADAM), a novel host based malware detection system for android devices which simultaneously analyses and correlates features at four levels: kernel, application, user and package, detect and stop malicious behaviors.
Reference
[1] “Global mobile statistics 2014 part a: Mobile subscribers; handset market share; mobile operators,” http://mobiforge.com/ research-analysis/global-mobile-statistics-2014-part-a-mobilesubscribers-handset-market-share-mobile-operators, 2014.
[2] “Sophos mobile security threat reports,” 2014, last Accessed: 20 November 2014. [Online].Available: http://www.sophos.com/ en-us/threat-center/mobile-security-threat-report.aspx
[3] M. G. Christian Funk, “Kaspersky security bullettin 2013,” December 2013. [Online]. Available: http://media.kaspersky. com/pdf/KSB 2013 EN.pdf
[4] A. Reina, A. Fattori, and L. Cavallaro, “A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors,” EuroSec, April, 2013.
[5] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on android,” in 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5-8, 2012, 2012.
[6] M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von StypRekowsky, “Appguard fine-grained policy enforcement for untrusted android applications,” in Data Privacy Management and Autonomous Spontaneous Security, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014, pp. 213–231.
[7] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, “Taming information-stealing smartphone applications (on android),” in Proceedings of the 4th International Conference on Trust and Trustworthy Computing, ser. TRUST’11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 93–107. [Online]. Available: http: //dl.acm.org/citation.cfm?id=2022245.2022255
[8] [8] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971
[9] [9] S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry, “Practical and lightweight domain isolation on android,” in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, ser. SPSM ’11. New York, NY, USA: ACM, 2011, pp. 51–62. [Online]. Available: http://doi.acm.org/10.1145/2046614.2046624
[10] [10] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, “Android permissions: user attention, comprehension, and behavior,” in Symposium On Usable Privacy and Security, SOUPS ’12, Washington, DC, USA - July 11 - 13, 2012, 2012, p. 3.
[11] [11] Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution,” in Proceedings of the 2012 IEEE Symposium on Security and Privacy, ser. SP ’12. Washington, DC, USA: IEEE Computer Society, 2012, pp. 95–109. [Online]. Available: http://dx.doi.org/10.1109/SP.2012.16
[12] [12] Schlegel, R. et al., 2011. Soundcomber: A stealthy and context-aware sound trojan for smartphones. Proceedings of the. Available at: http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Sou ndcomber+:+A+Stealthy+and +ContextAware+Sound+Trojan+for+Smartphones#0.
[13] [13] David, F. & Chan, E., 2008.Cloaker: Hardware supported rootkit concealment.Security and Privacy. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4531160 [Accessed February 2, 2014].
[14] F. Del Bene, G. Dini, F. Martinelli, I. Matteucci, M. Petrocchi, A. Saracino, and S. D., “Risk analysis of android applications: A multi-criteria and usable approach,” Consiglio Nazionale delle Ricerca - Istituto di Informatica e Telematica, Tech. Rep. TR-04- 2015, 2015. [Online]. Available: http://www.iit.cnr.it/node/32795
[15] C. Gates, J. Chen, N. Li, and R. Proctor, “Effective risk communication for android apps,” Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 3, pp. 252–265, May 2014.
[16] G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, “Madam: A multi-level anomaly detector for android malware,” in Computer Network Security, ser. Lecture Notes in Computer Science, I. Kotenko and V. Skormin, Eds. Springer Berlin Heidelberg, 2012, vol. 7531, pp. 240–253.
[17] T. C., “Say goodbye to custom stock roms and hello to xposed framework,” May 2013. [Online]. Available: http://www.xda-developers.com/android/say-goodbyeto-custom-stock-roms-and-hello-to-xposed-framework/
[18] D.-K. Kang, D. Fuller, and V. Honavar, “Learning classifiers for misuse and anomaly detection using a bag of system calls representation,” in Information Assurance Workshop, 2005. IAW ’05. Proceedings from the Sixth Annual IEEE SMC, June 2005, pp. 118– 125.
[19] D. Mutz, F. Valeur, G. Vigna, “Anomalous System Call Detection,” ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 61–93, February 2006.
[20] G. Vigna, W. Robertson, and D. Balzarotti, “Testing networkbased intrusion detection signatures using mutant exploits,” in Proceedings of the 11th ACM International Journal of Engineering Trends and Technology (IJETT) – Volume 58 Issue 3- April 2018 ISSN: 2231-5381 http://www.ijettjournal.org Page 157 Conference on Computer and Communications Security, ser. CCS ’04. New York, NY, USA: ACM, 2004, pp. 21–30. [Online]. Available: http://doi.acm.org/10.1145/1030083.1030088
[21] T. M. Cover, P.E. Hart, “Nearest Neighbor Pattern Classification,” IEEE Transactions on Information Theory, vol. IT-13, no. 1, pp. 21–27, January 1967.
[22] O. Kramer, “Dimensionality reduction by unsupervised k-nearest neighbor regression,” in Machine Learning and Applications and Workshops (ICMLA), 2011 10th International Conference on, vol. 1, Dec 2011, pp. 275–278.
23] A. Developer, “Android smsmanager api reference page,” 2015. [Online]. Available: http://developer.android.com/reference/ android/telephony/SmsManager.html
[24] V. Misra, “What are the exact mechanisms/flaws exploited by the ”rage against the cage” and ”z4root” android exploits?”[Online].Available:http://www.quora.com/What-are-the-exactmechanisms-flaws-exploited-by-the-rage-against-the-cage-andz4root-Android-exploits
[25] B. Wolfe, K. Elish, and D. Yao, “Comprehensive behavior profiling for proactive android malware detection,” in Information Security, ser. Lecture Notes in Computer Science, S. Chow, J. Camenisch, L. Hui, and S. Yiu, Eds. Springer International Publishing, 2014, vol. 8783, pp. 328–344. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-13257-0 19
[26] H. Kayacik and A. Zincir-Heywood, “Mimicry attacks demystified: What can attackers do to evade detection?” in Privacy, Security and Trust, 2008. PST ’08. Sixth Annual Conference on, Oct 2008, pp. 213–223.
[27] M. J. Darnell, “Acceptable system response times for tv and dvr,” in Proceedings of the 5th European Conference on Interactive TV: A Shared Experience, ser. EuroITV’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 47–56. [Online]. Available: http://dl.acm.org/citation.cfm?id=1763017.1763025
[28] “How antivirus affect battery life,” https://www.luculentsystems. com/techblog/minimize-battery-drain-by-antivirus-software/, last accessed on 23/02/2015.
[29] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taintdroid: An information flow tracking system for real-time privacy monitoring on smartphones,” Commun. ACM, vol. 57, no. 3, pp. 99–106, Mar. 2014. [Online]. Available: http://doi.acm.org/10.1145/2494522
[30] M. Sun, M. Zheng, J. C. S. Lui, and X. Jiang, “Design and implementation of an android host-based intrusion prevention system,” in Proceedings of the 30th Annual Computer Security Applications Conference, ser. ACSAC ’14. New York, NY, USA: ACM, 2014, pp. 226–235. [Online].Available:http://doi.acm.org/10.1145/2664243.2664245
[31] S.-H. Seo, A. Gupta, A. M. Sallam, E. Bertino, and K. Yim, “Detecting mobile malware threats to homeland security through static analysis,” Journal of Network and Computer Applications, vol. 38, no. 0, pp. 43 – 53, 2014.
[32] M. Zhang, Y. Duan, H. Yin, and Z. Zhao, “Semantics-aware android malware classification using weighted contextual api dependency graphs,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’14. New York, NY, USA: ACM, 2014, pp. 1105–1116. [Online]. Available:http://doi.acm.org/10.1145/2660267.2660359
[33] G. Suarez-Tangil, J. Tapiador, F. Lombardi, and R. Di Pietro, “Thwarting obfuscated malware via differential fault analysis,” Computer, vol. 47, no. 6, pp. 24–31, June 2014.
[34] M. Backes, S. Bugiel, S. Gerling, and P. von Styp-Rekowsky, “Android security framework: Extensible multi-layered access control on android,” in Proceedings of the 30th Annual Computer Security Applications Conference, ser. ACSAC ’14. New York, NY, USA: ACM, 2014, pp. 46–55.[Online].Available:http://doi.acm.org/10.1145/2664243.2664265
[35] A. Reina, A. Fattori, and L. Cavallaro, “A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors,” in Proceedings of the 6th European Workshop on System Security (EUROSEC), Prague, Czech Republic, April 2013.
[36] Y. Zhauniarovich, G. Russello, M. Conti, B. Crispo, and E. Fernandes, “Moses: Supporting and enforcing security profiles on smartphones,” Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 3, pp. 211–223, May 2014.
[37] H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck, “Structural detection of android malware using embedded call graphs,” in Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, ser. AISec ’13. New York, NY, USA: ACM, 2013, pp. 45–54. [Online]. Available: http://doi.acm.org/10.1145/2517312. 2517315
[38] Y. Aafer, W. Du, and H. Yin, “Droidapiminer: Mining apilevel features for robust malware detection in android,” in Security and Privacy in Communication Networks, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, T. Zia, A. Zomaya, V. Varadharajan, and M. Mao, Eds. Springer International Publishing, 2013, vol. 127, pp. 86–103. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-04283-1 6
[39] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, ¨ and C. Siemens, “Drebin: Effective and explainable detection of android malware in your pocket,” in Proc. of NDSS, 2014.
Keywords
Thermal design ,temperature, humidity conduction ,convection , radiation