Exposing mobile malware from the inside (or what is your mobile app really doing?)

It is without a doubt that malware especially designed for modern mobile platforms is rapidly becoming a serious threat. The problem is further multiplexed by the growing convergence of wired, wireless and cellular networks, since virus writers can now develop sophisticated malicious software that is able to migrate across network domains. This is done in an effort to exploit vulnerabilities and services specific to each network. So far, research in dealing with this risk has concentrated on the Android platform and mainly considered static solutions rather than dynamic ones. Compelled by this fact, in this paper, we contribute a fully-fledged tool able to dynamically analyze any iOS software in terms of method invocation (i.e., which API methods the application invokes and under what order), and produce exploitable results that can be used to manually or automatically trace software’s behavior to decide if it contains malicious code or not. By employing real life malware we assessed our tool both manually, as well as, via heuristic techniques and the results we obtained seem highly accurate in detecting malicious code.

[1]  Liviu Iftode,et al.  Security versus energy tradeoffs in host-based mobile malware detection , 2011, MobiSys '11.

[2]  Mei-Ling Shyu,et al.  Quality of service provision in mobile multimedia - a survey , 2011, Human-centric Computing and Information Sciences.

[3]  Xuxian Jiang,et al.  Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices , 2011, CCS 2011.

[4]  Mohamed Dafir Ech-Cherif El Kettani,et al.  Towards an Open Framework for Mobile Digital Identity Management through Strong Authentication Methods , 2011 .

[5]  Tong Yang,et al.  Trusted Computing Dynamic Attestation by Using Static Analysis Based Behavior Model , 2011, 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications Workshops.

[6]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[7]  Georgios Kambourakis,et al.  iSAM: An iPhone Stealth Airborne Malware , 2011, SEC.

[8]  Christopher Krügel,et al.  Challenges for Dynamic Analysis of iOS Applications , 2011, iNetSeC.

[9]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[10]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[11]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[12]  Michalis Faloutsos,et al.  iDispatcher: A unified platform for secure planet-scale information dissemination , 2013, Peer Peer Netw. Appl..

[13]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[14]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[15]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.

[16]  Teruhiko Teraoka,et al.  Organization and exploration of heterogeneous personal data collected in daily life , 2012, Human-centric Computing and Information Sciences.

[17]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[18]  Kang G. Shin,et al.  MODELZ: Monitoring, Detection, and Analysis of Energy-Greedy Anomalies in Mobile Handsets , 2011, IEEE Transactions on Mobile Computing.

[19]  Vinod Yegneswaran,et al.  An Analysis of the iKee.B iPhone Botnet , 2010, MobiSec.

[20]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[21]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.