Capturing Android Malware Behaviour Using System Flow Graph

This article uses a new data structure namely System Flow Graph (SFG) that offers a compact representation of information dissemination induced by an execution of an application to characterize malicious application behavior and lead some experiments on 4 malware families DroidKungFu1, DroidKungFu2, jSMSHider, BadNews. We show how SFG are relevant to exhibit malware behavior.

[1]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[2]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[3]  Crispin Cowan,et al.  Linux Security Module Framework , 2002 .

[4]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[5]  Valérie Viet Triem Tong,et al.  Specifying and Enforcing a Fine-Grained Information Flow Policy: Model and Experiments , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[6]  Nicolas Christin,et al.  All Your Droid Are Belong to Us: A Survey of Current Android Attacks , 2011, WOOT.

[7]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[8]  David Brumley,et al.  Proceedings of the 5th USENIX conference on Offensive technologies , 2011 .

[9]  Pavel Laskov,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment: 19th International Conference, DIMVA 2022, Cagliari, Italy, June 29 –July 1, 2022, Proceedings , 2022, International Conference on Detection of intrusions and malware, and vulnerability assessment.

[10]  Christopher Krügel,et al.  AccessMiner: using system-centric models for malware protection , 2010, CCS '10.

[11]  Valérie Viet Triem Tong,et al.  Diagnosing intrusions in Android operating system using system flow graph , 2013 .

[12]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[13]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[15]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.