Malicious Behavior Analysis for Android Applications

Android, as a modern popular open source mobile platform, makes its security issues more prominent, especially in user privacy leakage. In this paper, we proposed a twostep model which combines static and dynamic analysis approaches. During the static analysis, permission combination matrix is used to determine whether an application has potential risks. For those suspicious applications, based on the reverse engineering, embed monitoring Smali code for those sensitive APIs such as sending SMS, accessing user location, device ID, phone number, etc. From experiments, it shows that almost 26% applications in Android market have privacy leakage risks. And our proposed method is feasible and eective for monitoring these kind of malicious behavior.

[1]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[2]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[3]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[4]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[5]  Jing Cai,et al.  Android Malicious Behavior Detection Based on Sensitive API Monitoring , 2013 .

[6]  Yuval Elovici,et al.  Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[7]  Dawn Xiaodong Song,et al.  FreeMarket: Shopping for free in Android applications , 2012, NDSS.

[8]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[9]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[10]  Huanguo Zhang,et al.  Research on android malware detection and interception based on behavior monitoring , 2012, Wuhan University Journal of Natural Sciences.

[11]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[12]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[13]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.