AndroTaint: An efficient android malware detection framework using dynamic taint analysis

Android operating system is widespread in today's smart-phone market due to its open source model, its easy functionality and huge number of Apps and App-Stores (the official and others). The coverage of some 90% of the market, it is also the place-holder for user's personal as well as sensitive information (IMEI, IMSI, etc.). There is a tendency of Apps user to trust on Android OS for securing his/her data but it has been proved that Android OS is more vulnerable to exploitation either for fun or for monetary purpose. Malware detection for Android OS has become an upcoming research problem of interest. Dynamic Taint Analysis is an efficient analysis in existing Android malware detection analysis. The aim of this paper is to work towards Dynamic Taint Analysis of Android malware using automatic tagging and with out modification in Android platform. In order to do this, this paper surveys exhaustively the available literature and works related to dynamic taint analysis. This paper proposes some novel ideas to improve the existing solution with more accuracy. There are two phases of our novel algorithm, the first phase is training phase for feature extraction and the second phase is the analysis phase for automatic tagging and tainting. We have developed a framework named AndroTaint, which is working on Dynamic Taint Analysis. AndroTaint follows a novel supervised and unsupervised Anomaly Detection technique with high precision, recall and harmonic mean. Our Dynamic Taint Analysis algorithm categorizes the App is risky, benign, malicious or aggressive as per their feature and behaviour. We have measured AndroTaint effectiveness on the basis of timeline for building dataset and 10-fold cross validation. AndroTaint covers 90% of malware and benign in analysis phase with less false positive and false negative.

[1]  Sandro Etalle,et al.  Hybrid Static-Runtime Information Flow and Declassification Enforcement , 2013, IEEE Transactions on Information Forensics and Security.

[2]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[3]  Xuejiao Liu,et al.  Identifying Android malware with system call co‐occurrence matrices , 2016, Trans. Emerg. Telecommun. Technol..

[4]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[5]  Shanqing Guo,et al.  PaddyFrog: systematically detecting confused deputy vulnerability in Android applications , 2015, Secur. Commun. Networks.

[6]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[7]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[8]  Jacques Klein,et al.  Are Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection , 2015, ESSoS.

[9]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[10]  Jacques Klein,et al.  Empirical assessment of machine learning-based malware detectors for Android , 2014, Empirical Software Engineering.

[11]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[12]  Yanick Fratantonio,et al.  ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors , 2014, 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[13]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[14]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[15]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[16]  Jacques Klein,et al.  Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis , 2013, USENIX Security Symposium.

[17]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[18]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[19]  Gaurav Somani,et al.  Anti-Hijack , 2016 .

[20]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[21]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[22]  Jacques Klein,et al.  I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis , 2014, ArXiv.

[23]  Albert B. Jeng,et al.  Android Malware Detection via a Latent Network Behavior Analysis , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[24]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[25]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[26]  Geoffrey J. McLachlan,et al.  Analyzing Microarray Gene Expression Data , 2004 .

[27]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[28]  Roksana Boreli,et al.  On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[29]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.