ScanMe mobile: a cloud-based Android malware analysis service

As mobile malware have increased in number and sophistication, it has become pertinent for users to have tools that can inform them of potentially malicious applications. To fulfill this need, we develop a cloud-based malware analysis service called ScanMe Mobile, for the Android platform. The objective of this service is to provide users with detailed information about Android Application Package (APK) files before installing them on their devices. With ScanMe Mobile, users are able to upload APK files from their device SD card, scan the APK in the malware detection system that could be deployed in the cloud, compile a comprehensive report, and store or share the report by publishing it to the website. ScanMe Mobile works by running the APK in a virtual sandbox to generate permission data, and analyzes the result in the machine learning detection system. Through our experimental results, we demonstrate that the proposed system can effectively detect malware on the Android platform.

[1]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.

[2]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[3]  N. Tian,et al.  Conditional Stochastic Decompositions in the M/M/c Queue with Server Vacations , 1999 .

[4]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[5]  Sergios Theodoridis,et al.  Pattern Recognition, Fourth Edition , 2008 .

[6]  Geoffrey M. Voelker,et al.  Defending Mobile Phones from Proximity Malware , 2009, IEEE INFOCOM 2009.

[7]  M. Bahrololum,et al.  Machine Learning Techniques for Feature Reduction in Intrusion Detection Systems: A Comparison , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[8]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[9]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[10]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[11]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[12]  Paul Pocatilu Android Applications Security , 2011 .

[13]  Nathaniel Husted,et al.  Smartphone security limitations: conflicting traditions , 2011, GTIP '11.

[14]  Felix C. Freiling,et al.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices , 2011, 2011 IEEE Symposium on Security and Privacy.

[15]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[16]  Jean-Pierre Seifert,et al.  SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale , 2011, USENIX Security Symposium.

[17]  Xiang-Yang Li,et al.  Complexity of Data Collection, Aggregation, and Selection for Wireless Sensor Networks , 2011, IEEE Transactions on Computers.

[18]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[19]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[20]  Wei Yu,et al.  On effective data aggregation techniques in Host-based Intrusion Detection in MANET , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[21]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[22]  Wei Yu,et al.  On behavior-based detection of malware on Android platform , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[23]  Nicolas Christin,et al.  Sweetening android lemon markets: measuring and combating malware in application marketplaces , 2013, CODASPY '13.

[24]  Wei Yu,et al.  A threat monitoring system for smart mobiles in enterprise networks , 2013, RACS.

[25]  Yongqiang Lyu,et al.  Droid-Sec , 2014, SIGCOMM.

[26]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[27]  Zane Markel,et al.  Building a machine learning classifier for malware detection , 2014, 2014 Second Workshop on Anti-malware Testing Research (WATeR).

[28]  Arun Lakhotia,et al.  DroidLegacy: Automated Familial Classification of Android Malware , 2014, PPREW'14.

[29]  Yufei Yuan,et al.  Understanding user behaviour in coping with security threats of mobile device loss and theft , 2014, Int. J. Mob. Commun..

[30]  Maria Zhdanova,et al.  Monitoring Security Compliance of Critical Processes , 2014, 2014 22nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[31]  Xinwen Fu,et al.  On simulation studies of cyber attacks against LTE networks , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[32]  Qiguang Miao,et al.  Malware detection using bilayer behavior abstraction and improved one-class support vector machines , 2015, International Journal of Information Security.

[33]  Anitha Ramalingam,et al.  Malware Detection in Android files based on Multiple levels of Learning and Diverse Data Sources , 2015, WCI '15.

[34]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.