Mobile malware attacks: Review, taxonomy & future directions

Abstract A pervasive increase in the adoption rate of smartphones with Android OS is noted in recent years. Android’s popular and attractive environment not only captured the attention of users but also increased security concerns. As a result, Android malware detection is one of the sizzling topics in the mobile security domain. This paper provides a comprehensive review of state-of-the-art mobile malware attacks, vulnerabilities, detection techniques and security solutions over the period of 2013–2019 that majorly targeted Android platform. We have presented various well-organized and in-depth taxonomies that uncover mobile malware detection approaches based on their analysis techniques, working platform, data acquisition, operational impact, obtained results and artificial intelligence component involved. Another taxonomy comprises of mobile malware attack vector is presented to look threat clusters and loopholes to locate their malicious widespread impact on communities. Furthermore, we have discussed and classified forensic analysis efforts in mobile malware detection perspective. From the intruder point of view, we have compared various evasion techniques that are used prominently by the malware authors to hinder detection efforts. Finally, future work directions are presented as guidelines for academia and industry alike to help them reduce or even avoid the harmful impact of these annoying efforts.

[1]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[2]  Igor Bilogrevic,et al.  Side-Channel Inference Attacks on Mobile Keypads Using Smartwatches , 2017, IEEE Transactions on Mobile Computing.

[3]  Haoyu Wang,et al.  LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[4]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[5]  Mohd Faizal Abdollah,et al.  Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection , 2014, 2014 International Conference on Information Science & Applications (ICISA).

[6]  Vrizlynn L. L. Thing,et al.  Securing Android , 2015, ACM Comput. Surv..

[7]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[8]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[9]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[10]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Hongyi Chen,et al.  Automatic privacy leakage detection for massive android apps via a novel hybrid approach , 2017, 2017 IEEE International Conference on Communications (ICC).

[12]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[13]  Mark Ryan,et al.  DECIM: Detecting Endpoint Compromise In Messaging , 2018, IEEE Transactions on Information Forensics and Security.

[14]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[15]  Ninghui Li,et al.  Influence of privacy priming and security framing on mobile app selection , 2018, Comput. Secur..

[16]  游棋鈺,et al.  A Light-weight Method to Send and Receive SMS messages in an Emulator , 2016 .

[17]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[18]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[19]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[20]  Xu Chen,et al.  A hybrid malware detecting scheme for mobile Android applications , 2016, 2016 IEEE International Conference on Consumer Electronics (ICCE).

[21]  Shengzhi Zhang,et al.  Comprehensive Analysis of the Android Google Play's Auto-update Policy , 2015, ISPEC.

[22]  Ping Yan,et al.  A survey on dynamic mobile malware detection , 2017, Software Quality Journal.

[23]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[24]  B. B. Zaidan,et al.  Conceptual framework for the security of mobile health applications on Android platform , 2018, Telematics Informatics.

[25]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[26]  Ken Dunham Mobile Malware Attacks and Defense , 2008 .

[27]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[28]  Ali Feizollah,et al.  Evaluation of machine learning classifiers for mobile malware detection , 2014, Soft Computing.

[29]  Sakir Sezer,et al.  Android Malware Detection Using Parallel Machine Learning Classifiers , 2014, 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies.

[30]  Sylvio Barbon Junior,et al.  Detecting mobile botnets through machine learning and system calls analysis , 2017, 2017 IEEE International Conference on Communications (ICC).

[31]  Patrick Traynor,et al.  MAST: triage for market-scale mobile malware analysis , 2013, WiSec '13.

[32]  Xiaojiang Du,et al.  Analyzing Android Application in Real-Time at Kernel Level , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[33]  Ming-Yang Su,et al.  Detection of android malware by static analysis on permissions and sensitive functions , 2016, 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN).

[34]  Xiaodong Lin,et al.  Automated forensic analysis of mobile applications on Android devices , 2018, Digit. Investig..

[35]  Sherali Zeadally,et al.  Mobile Forensics: Advances, Challenges, and Research Opportunities , 2017, IEEE Security & Privacy.

[36]  Juanru Li,et al.  Android Malware Forensics: Reconstruction of Malicious Events , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[37]  Heejo Lee,et al.  DroidGraph: discovering Android malware by analyzing semantic behavior , 2014, 2014 IEEE Conference on Communications and Network Security.

[38]  Christoforos Ntantogian,et al.  Evaluation of Cryptography Usage in Android Applications , 2015, EAI Endorsed Trans. Security Safety.

[39]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[40]  Chia-Mu Yu,et al.  R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections , 2017, 2018 IEEE International Conference on Big Data (Big Data).

[41]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[42]  P. Vinod,et al.  Droid permission miner: Mining prominent permissions for Android malware analysis , 2014, The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014).

[43]  Julian Schütte,et al.  Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[44]  Anindya Iqbal,et al.  Vulnerability detection in recent Android apps: An empirical study , 2017, 2017 International Conference on Networking, Systems and Security (NSysS).

[45]  Yongzheng Zhang,et al.  Detecting Information Theft Based on Mobile Network Flows for Android Users , 2017, 2017 International Conference on Networking, Architecture, and Storage (NAS).

[46]  Yanick Fratantonio,et al.  ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors , 2014, 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[47]  Haipeng Cai,et al.  DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling , 2019, IEEE Transactions on Information Forensics and Security.

[48]  Hitoshi Iyatomi,et al.  One-dimensional convolutional neural networks for Android malware detection , 2018, 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA).

[49]  Md. Shohrab Hossain,et al.  Malware detection in Android by network traffic analysis , 2015, 2015 International Conference on Networking Systems and Security (NSysS).

[50]  Rytis Maskeliūnas,et al.  Comparative Evaluation of Mobile Forensic Tools , 2018, ICITS.

[51]  Hojung Cha,et al.  DevScope: a nonintrusive and online power analysis tool for smartphone hardware components , 2012, CODES+ISSS.

[52]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[53]  Jonathon T. Giffin,et al.  Automated remote repair for mobile malware , 2011, ACSAC '11.

[54]  Kim-Kwang Raymond Choo,et al.  DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware , 2016, PloS one.

[55]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[56]  Hyung-Woo Lee,et al.  Dynamic Analysis System for Detecting Remote Server-Side Polymorphic Malicious Mobile Apps on Android based Smartphone , 2015 .

[57]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[58]  Jian Zhang,et al.  Classification of Android apps and malware using deep neural networks , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[59]  Altyeb Altaher,et al.  Intelligent Hybrid Approach for Android Malware Detection based on Permissions and API Calls , 2017 .

[60]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[61]  Hongnian Yu,et al.  SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System , 2018, IEEE Access.

[62]  Thomas Schreck,et al.  Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques , 2015, International Journal of Information Security.

[63]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[64]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[65]  Erol Gelenbe,et al.  Mobile Network Anomaly Detection and Mitigation: The NEMESYS Approach , 2013, ISCIS.

[66]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[67]  Abdelwahab Hamou-Lhadj,et al.  HyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[68]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[69]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[70]  Paul Sant,et al.  Optimised Malware Detection in Digital Forensics , 2014 .

[71]  Hein S. Venter,et al.  Mobile Botnet Detection Using Network Forensics , 2010, FIS.

[72]  Murtaza Ahmed,et al.  A Review of Forensic Analysis Techniques for Android Phones , 2017 .

[73]  Aiman Abu Samra,et al.  Analysis of Clustering Technique in Android Malware Detection , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[74]  Ali Feizollah,et al.  A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection , 2013 .

[75]  Yung Ryn Choe,et al.  Andlantis: Large-scale Android Dynamic Analysis , 2014, ArXiv.

[76]  Gianluca Dini,et al.  Risk analysis of Android applications: A user-centric solution , 2018, Future Gener. Comput. Syst..

[77]  Albert B. Jeng,et al.  DroidExec: Root exploit malware recognition against wide variability via folding redundant function-relation graph , 2015, 2015 17th International Conference on Advanced Communication Technology (ICACT).

[78]  V. N. Sastry,et al.  VAPTAi: A Threat Model for Vulnerability Assessment and Penetration Testing of Android and iOS Mobile Banking Apps , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).

[79]  Cangzhou Yuan,et al.  Scalable and Obfuscation-Resilient Android App Repackaging Detection Based on Behavior Birthmark , 2017, 2017 24th Asia-Pacific Software Engineering Conference (APSEC).

[80]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[81]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[82]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[83]  Rosli Salleh,et al.  SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications , 2016, PloS one.

[84]  Kim-Kwang Raymond Choo,et al.  On the Analysis and Detection of Mobile Botnet Applications , 2016, J. Univers. Comput. Sci..

[85]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[86]  Tao Wei,et al.  DroidLogger: Reveal suspicious behavior of Android applications via instrumentation , 2012, 2012 7th International Conference on Computing and Convergence Technology (ICCCT).

[87]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[88]  Sijing Zhang,et al.  A Survey on Security for Smartphone Device , 2016 .

[89]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[90]  Shih-Hao Hung,et al.  PasDroid: Real-Time Security Enhancement for Android , 2014, 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[91]  P. Vinod,et al.  X-ANOVA ranked features for Android malware analysis , 2014, 2014 Annual IEEE India Conference (INDICON).

[92]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[93]  Xiao Cheng,et al.  Fortifying Botnet Classification based on Venn-abers Prediction , 2017 .

[94]  R. M. Sharma,et al.  Android malicious application detection using permission vector and network traffic analysis , 2017, 2017 2nd International Conference for Convergence in Technology (I2CT).

[95]  Joshua Abah,et al.  A machine learning approach to anomaly-based detection on Android platforms , 2015, ArXiv.

[96]  Choon Lin Tan,et al.  A survey of phishing attacks: Their types, vectors and technical approaches , 2018, Expert Syst. Appl..

[97]  Xiaojiang Du,et al.  Permission-combination-based scheme for Android mobile malware detection , 2014, 2014 IEEE International Conference on Communications (ICC).

[98]  Jacques Klein,et al.  DroidRA: taming reflection to support whole-program analysis of Android apps , 2016, ISSTA.

[99]  G. Aghila,et al.  FAMOUS: Forensic Analysis of MObile devices Using Scoring of application permissions , 2018, Future Gener. Comput. Syst..

[100]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..