The advance of computational power and storage device equipped the mobile devices to involve more and more peoples’ daily works, and store voluminous organization’s confidential documents as well as general user’s personal data. The extensibility feature of mobile device has attracted many app developers’ contributions; while it in turns becomes the attacking target of the computer hackers. The F-Secure has reported that the profit-motivated threats on mobile device have been increasing; that is, an infected mobile device might send out personal or organizations’ confidential data or send SMS messages to premium rate numbers without user’s consent. Generally, the Android app developer can publish their apps on either official stores (i.e., Google Play) or third-party stores or both. In the Android market, the accumulated number of applications and games has been over one million. However, due to the lack of checking and validating mechanism, attackers can also distribute their malicious apps via the online store platform quickly and easily. As a result, the needs for real-time malware detection and classification become critical for Android users and official market as the number of Android apps increases sharply. In this study, we proposed the structure similarity-based malicious app detection approach to address the need of malicious Android app detection. On the basis of source code analysis, we intend to identify the sensitive features in malicious apps; that is, the API calls and system commands that related to some malicious behaviors, to build their ClassMethod-API hierarchies. A new-coming app can be detected as malicious or not by assessing the structure similarity between its hierarchy and that of each malicious app. We have collected 1,259 malwares from Android Malware Genome Project and 1,259 benign apps from Google Play market for the evaluation purpose. We intend to implement a k-fold cross-validation and adopt VirusTotal as our performance benchmark. Overall, the proposed approach is expected to effectively and efficiently detect Android malwares and is appropriate for mobile devices because the maintenance and similarity assessment of partial hierarchies cost less space and computation resources.
[1]
Yajin Zhou,et al.
RiskRanker: scalable and accurate zero-day android malware detection
,
2012,
MobiSys '12.
[2]
P. Vinod,et al.
Droid permission miner: Mining prominent permissions for Android malware analysis
,
2014,
The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014).
[3]
Lidong Zhai,et al.
Research of android malware detection based on network traffic monitoring
,
2014,
2014 9th IEEE Conference on Industrial Electronics and Applications.
[4]
Chih-Ping Wei,et al.
Preserving User Preferences in Automated Document-Category Management: An Evolution-Based Approach
,
2009,
J. Manag. Inf. Syst..
[5]
Florian Michahelles,et al.
Detection of Malicious Applications on Android OS
,
2010,
ICWF.
[6]
Albert B. Jeng,et al.
Android Malware Detection via a Latent Network Behavior Analysis
,
2012,
2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.
[7]
Steve Hanna,et al.
Android permissions demystified
,
2011,
CCS '11.
[8]
Axelle Apvrille,et al.
Reducing the window of opportunity for Android malware Gotta catch ’em all
,
2012,
Journal in Computer Virology.
[9]
Lior Rokach,et al.
Detection of Deviations in Mobile Applications Network Behavior
,
2012,
ArXiv.
[10]
Hahn-Ming Lee,et al.
DroidMat: Android Malware Detection through Manifest and API Calls Tracing
,
2012,
2012 Seventh Asia Joint Conference on Information Security.
[11]
Kang G. Shin,et al.
Detecting energy-greedy anomalies and mobile malware variants
,
2008,
MobiSys '08.
[12]
Yiming Yang,et al.
A Comparative Study on Feature Selection in Text Categorization
,
1997,
ICML.