Mobile Malware Detection Based on Energy Fingerprints - A Dead End?

With the ever rising amount and quality of malicious software for mobile phones, multiple ways to detect such threats are desirable. Next to classical approaches such as dynamic and static analysis, the idea of detecting malicious activities based on the energy consumption introduced by them was recently proposed by several researchers. The key idea behind this kind of detection is the fact that each activity performed on a battery powered device drains a certain amount of energy from it. This implies that measuring the energy consumption may reveal unwanted and possibly malicious software running next to genuine applications on such a device: if the normal energy consumption is known for a device, additional used up energy should be detectable. In this paper, we evaluate whether such an approach is indeed feasible for modern smartphones and argue that results presented in prior work are not applicable to such devices. By studying the typical energy consumption of different aspects of common Android phones, we show that it varies quite a lot in practice. Furthermore, empirical tests with both artificial and real-world malware indicate that the additional power consumed by such apps is too small to be detectable with the mean error rates of state-of-the art measurement tools.

[1]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[2]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[3]  Sarma B. K. Vrudhula,et al.  Battery Modeling for Energy-Aware System Design , 2003, Computer.

[4]  Гарнаева Мария Александровна,et al.  Kaspersky security Bulletin 2013 , 2014 .

[5]  Samuel P. Midkiff,et al.  Hypnos: understanding and treating sleep conflicts in smartphones , 2013, EuroSys '13.

[6]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[7]  Shivakant Mishra,et al.  Location based power analysis to detect malicious code in smartphones , 2011, SPSM '11.

[8]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[10]  Paramvir Bahl,et al.  Fine-grained power modeling for smartphones using system call tracing , 2011, EuroSys '11.

[11]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[12]  Lin Zhong,et al.  Self-constructive high-rate system energy modeling for battery-powered mobile systems , 2011, MobiSys '11.

[13]  Ming Zhang,et al.  Where is the energy spent inside my app?: fine grained energy accounting on smartphones with Eprof , 2012, EuroSys '12.

[14]  Mani B. Srivastava,et al.  Battery capacity measurement and analysis using lithium coin cell battery , 2001, ISLPED '01.

[15]  Arun Venkataramani,et al.  Energy consumption in mobile phones: a measurement study and implications for network applications , 2009, IMC '09.

[16]  Hojung Cha,et al.  AppScope: Application Energy Metering Framework for Android Smartphone Using Kernel Activity Monitoring , 2012, USENIX Annual Technical Conference.

[17]  Deborah Estrin,et al.  Diversity in smartphone usage , 2010, MobiSys '10.

[18]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[19]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.