Preventive Policy Enforcement with Minimum User Intervention Against SMS Malware in Android Devices

In this paper, we propose MinDroid, a user-centric preventive policy enforcement system against SMS malware in Android devices. The design of MinDroid takes into consideration the user’s little understanding of the Android permission system. This can be done by deriving the policy rules from the behavioral model of the malicious SMS applications rather than adopting user-defined rules. MinDroid requires user intervention only during the first T time units from the application installation time. The user during this time period is notified to accept or reject the SMS-sending operations. MinDroid execution is specified as a finite state machine, and its security properties are formally proven using Metric Temporal Logic. We also show that MinDroid is resilient against threats trying to compromise its correct functionality. In addition, an analytical study demonstrates that MinDroid offers good performance in terms of detection time and execution cost in comparison with intrusion detection systems based on static and dynamic analysis. The detection efficiency of MinDroid is also studied in terms of detection rate, false positive rate, and ROC distance. A prototype implementation of MinDroid is tested under Android emulator.

[1]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[2]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[3]  Kashif Saleem,et al.  Third line of defense strategy to fight against SMS-based malware in android smartphones , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[4]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[5]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[6]  Dennis G. Kafura,et al.  DroidBarrier: know what is executing on your android , 2014, CODASPY '14.

[7]  Martin Kenney,et al.  Structuring the Smartphone Industry: Is the Mobile Internet OS Platform the Key? , 2011 .

[8]  Rich Ling,et al.  The Social Psychology of Mobile Communication , 2015 .

[9]  Xuxian Jiang,et al.  Design and implementation of an Android host-based intrusion prevention system , 2014, ACSAC.

[10]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[11]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[12]  Juan E. Tapiador,et al.  Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families , 2014, Expert Syst. Appl..

[13]  Elisa Bertino,et al.  Detecting mobile malware threats to homeland security through static analysis , 2014, J. Netw. Comput. Appl..

[14]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[15]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[16]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[17]  Ayman I. Kayssi,et al.  DAIDS: An Architecture for Modular Mobile IDS , 2014, 2014 28th International Conference on Advanced Information Networking and Applications Workshops.

[18]  Myung-Sup Kim,et al.  Linear SVM-Based Android Malware Detection , 2014, FCC.

[19]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[20]  Jianhua Chen,et al.  An Id-Based Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography for Mobile-Commerce Environments , 2011, IACR Cryptol. ePrint Arch..

[21]  Eric Bodden,et al.  DroidForce: Enforcing Complex, Data-centric, System-wide Policies in Android , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[22]  Pierfrancesco Bellini,et al.  Temporal logics for real-time system specification , 2000, CSUR.

[23]  Noureddine Zahid,et al.  A New Handover Authentication Method for WiMAX Architecture , 2014, Arabian Journal for Science and Engineering.

[24]  Seong-je Cho,et al.  Protecting data on android platform against privilege escalation attack , 2016, Int. J. Comput. Math..

[25]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[26]  S. Rajaram,et al.  Performance Analysis of Proposed Cost Reduction Mechanisms for Authentication in Mobile WiMAX Network Entry Process , 2014 .

[27]  M. Sandhya,et al.  Zero Knowledge and Hash-Based Secure Access Control Scheme for Mobile RFID Systems , 2014 .

[28]  Toshihiro Yamauchi,et al.  DroidTrack: Tracking and Visualizing Information Diffusion for Preventing Information Leakage on Android , 2014, J. Internet Serv. Inf. Secur..

[29]  Yung Ryn Choe,et al.  Andlantis: Large-scale Android Dynamic Analysis , 2014, ArXiv.

[30]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[31]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[32]  Miriam Allalouf,et al.  StoreDroid: Sensor-based data protection framework for Android , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[33]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[34]  Mahdi Taheri,et al.  High Secure Routing Protocol with Authentication and Confidentiality Increased in Wireless Ad Hoc Networks , 2014 .

[35]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[36]  S. Mo Jang,et al.  Understanding privacy knowledge and skill in mobile communication , 2014, Comput. Hum. Behav..

[37]  Jan van Lunteren,et al.  High-Performance Pattern-Matching for Intrusion Detection , 2006, INFOCOM.

[38]  Tim Jones The emerging role of mobile: a look to 2020 , 2014, Elektrotech. Informationstechnik.

[39]  Shouhuai Xu,et al.  Real-time detection and prevention of android SMS permission abuses , 2013, SESP '13.

[40]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[41]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.