Detection and Visualization of Android Malware Behavior

Malware analysts still need to manually inspect malware samples that are considered suspicious by heuristic rules. They dissect software pieces and look for malware evidence in the code. The increasing number of malicious applications targeting Android devices raises the demand for analyzing them to find where the malcode is triggered when user interacts with them. In this paper a framework to monitor and visualize Android applications’ anomalous function calls is described. Our approach includes platform-independent application instrumentation, introducing hooks in order to trace restricted API functions used at runtime of the application. These function calls are collected at a central server where the application behavior filtering and a visualization take place. This can help Android malware analysts in visually inspecting what the application under study does, easily identifying such malicious functions.

[1]  Vrizlynn L. L. Thing,et al.  Securing Android , 2015, ACM Comput. Surv..

[2]  Kanubhai K. Patel,et al.  Predictive Rule Discovery for Network Intrusion Detection , 2014, ISI.

[3]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[4]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[5]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[6]  Frank Leymann,et al.  Web Services , 2004, Informatik-Spektrum.

[7]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[8]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[9]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[10]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[11]  Angelos Stavrou,et al.  Behavioral Analysis of Android Applications Using Automated Instrumentation , 2013, 2013 IEEE Seventh International Conference on Software Security and Reliability Companion.

[12]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[13]  Eric Bodden,et al.  Instrumenting Android and Java Applications as Easy as abc , 2013, RV.

[14]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[15]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[16]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[17]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[18]  Juan E. Tapiador,et al.  Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families , 2014, Expert Syst. Appl..

[19]  Elisa Bertino,et al.  Detecting mobile malware threats to homeland security through static analysis , 2014, J. Netw. Comput. Appl..

[20]  Yajin Zhou,et al.  Android Malware , 2013, SpringerBriefs in Computer Science.

[21]  Kanubhai K. Patel,et al.  Detection and Mitigation of Android Malware Through Hybrid Approach , 2015, SSCC.