Demadroid: Object Reference Graph-Based Malware Detection in Android

Smartphone usage has been continuously increasing in recent years. In addition, Android devices are widely used in our daily life, becoming the most attractive target for hackers. Therefore, malware analysis of Android platform is in urgent demand. Static analysis and dynamic analysis methods are two classical approaches. However, they also have some drawbacks. Motivated by this, we present Demadroid, a framework to implement the detection of Android malware. We obtain the dynamic information to build Object Reference Graph and propose -VF2 algorithm for graph matching. Extensive experiments show that Demadroid can efficiently identify the malicious features of malware. Furthermore, the system can effectively resist obfuscated attacks and the variants of known malware to meet the demand for actual use.

[1]  Saba Arshad,et al.  Android Malware Detection & Protection: A Survey , 2016 .

[2]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[3]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[4]  Juha Karhunen,et al.  A pragmatic android malware detection procedure , 2017, Comput. Secur..

[5]  Hui He,et al.  PhoneProtector: Protecting User Privacy on the Android-Based Mobile Platform , 2014, Int. J. Distributed Sens. Networks.

[6]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[7]  Brendan D. McKay,et al.  Practical graph isomorphism, II , 2013, J. Symb. Comput..

[8]  Étienne Payet,et al.  Static analysis of Android programs , 2012, Inf. Softw. Technol..

[9]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[10]  Thorsten Berger,et al.  Static Analysis of App Dependencies in Android Bytecode-Technical , 2015 .

[11]  Kim-Kwang Raymond Choo,et al.  Android mobile VoIP apps: a survey and examination of their security and privacy , 2016, Electron. Commer. Res..

[12]  Jeong-Hoon Lee,et al.  Turboiso: towards ultrafast and robust subgraph isomorphism search in large graph databases , 2013, SIGMOD '13.

[13]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[14]  Andrew K. C. Wong,et al.  Graph Optimal Monomorphism Algorithms , 1980, IEEE Transactions on Systems, Man, and Cybernetics.

[15]  Naixue Xiong,et al.  Android platform-based individual privacy information protection system , 2016, Personal and Ubiquitous Computing.

[16]  Julian R. Ullmann,et al.  An Algorithm for Subgraph Isomorphism , 1976, J. ACM.

[17]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[18]  Sahin Albayrak,et al.  Monitoring Android for Collaborative Anomaly Detection: A First Architectural Draft , 2008 .

[19]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[20]  Mario Vento,et al.  An Improved Algorithm for Matching Large Graphs , 2001 .

[21]  Florian Michahelles,et al.  Detection of Malicious Applications on Android OS , 2010, ICWF.

[22]  Scott Fortin The Graph Isomorphism Problem , 1996 .

[23]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[24]  P. Foggia,et al.  Fast graph matching for detecting CAD image components , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[25]  Sencun Zhu,et al.  Behavior based software theft detection , 2009, CCS.