NeSeDroid—Android Malware Detection Based on Network Traffic and Sensitive Resource Accessing

The Android operating system has a large market share. The number of new malware on Android is increasing much recently. Android malware analysis includes static analysis and dynamic analysis. Limitations of static analysis are the difficulty in analyzing the malware using encryption techniques, to confuse the source, and to change behavior itself. In this paper, we proposed a hybrid analysis method, named NeSeDroid. This method used static analysis to detect the sensitive resource accessing. It also used dynamic analysis to detect sensitive resource leakage, through Internet connection. The method is tested on the list of applications which are downloaded from Android Apps Market, Genome Malware Project dataset and our additional samples in DroidBench dataset. The evaluation results show that the NeSeDroid has the high accuracy and it reduces the rate of fail positive detection.

[1]  Peter Molnar How to make Ubuntu 12.04 LTS (Precise Pangolin) usable , 2012 .

[2]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[3]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[4]  Md. Shohrab Hossain,et al.  Malware detection in Android by network traffic analysis , 2015, 2015 International Conference on Networking Systems and Security (NSysS).

[5]  Gang Li,et al.  Contrasting Permission Patterns between Clean and Malicious Android Applications , 2013, SecureComm.

[6]  Ali Feizollah,et al.  Comparative study of k-means and mini batch k-means clustering algorithms in android malware detection using network traffic analysis , 2014, 2014 International Symposium on Biometrics and Security Technologies (ISBAST).

[7]  Dafang Zhang,et al.  Detect repackaged Android application based on HTTP traffic similarity , 2015, Secur. Commun. Networks.

[8]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[9]  Jacques Klein,et al.  Automatically Exploiting Potential Component Leaks in Android Applications , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[11]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[12]  Lidong Zhai,et al.  Research of android malware detection based on network traffic monitoring , 2014, 2014 9th IEEE Conference on Industrial Electronics and Applications.

[13]  John C. S. Lui,et al.  DroidRay: a security evaluation system for customized android firmwares , 2014, AsiaCCS.

[14]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[15]  Alireza Sadeghi,et al.  COVERT: Compositional Analysis of Android Inter-App Permission Leakage , 2015, IEEE Transactions on Software Engineering.

[16]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[17]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[18]  Bing Wang,et al.  Manilyzer: Automated Android Malware Detection through Manifest Analysis , 2014, 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems.

[19]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[20]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[21]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.