VisualDroid: automatic triage and detection of Android repackaged applications

Considering the pervasiveness of mobile devices, malicious writers are constantly focusing their attention in developing malicious payload aimed to gather sensible information from mobile devices without user content. As a matter of fact, it is really easy for malware writers to embed malicious payloads into legitimate applications, by applying the so-called repackaging paradigm, to generate a sample with a signature unknown to anti-malware software. In this paper we propose a twofold approach for the triage and the detection of repackaged Android applications. We propose a visualization schema to assist the malware analyst in the triage of unseen applications and a set of metrics for the automatic detection of repackaged applications. Experimental results show the effectiveness of the proposed approach.

[1]  Antonella Santone,et al.  An ensemble learning approach for brain cancer detection exploiting radiomic features , 2020, Comput. Methods Programs Biomed..

[2]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[3]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[4]  Antonella Santone,et al.  A Model Checking based Proposal for Mobile Colluding Attack Detection , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[5]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[6]  Gerardo Canfora,et al.  How I Met Your Mother? - An Empirical Study about Android Malware Phylogenesis , 2016, SECRYPT.

[7]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[8]  Tom M. Mitchell,et al.  Machine Learning and Data Mining , 2012 .

[9]  Rui Xu,et al.  Survey of clustering algorithms , 2005, IEEE Transactions on Neural Networks.

[10]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[11]  Maria Luisa Villani,et al.  Using heuristic search for finding deadlocks in concurrent systems , 2005, Inf. Comput..

[12]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[13]  Gerald Tesauro,et al.  Neural networks for computer virus recognition , 1996 .

[14]  Alfredo Cuzzocrea,et al.  Tor traffic analysis and detection via machine learning techniques , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[15]  Ali A. Ghorbani,et al.  Understanding Android Financial MalwareAttacks: Taxonomy, Characterization, and Challenges , 2018, J. Cyber Secur. Mobil..

[16]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[17]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[18]  Antonella Santone,et al.  Cluster Analysis for Driver Aggressiveness Identification , 2018, ICISSP.

[19]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[20]  Antonella Santone,et al.  Incremental construction of systems: An efficient characterization of the lacking sub-system , 2013, Sci. Comput. Program..

[21]  Antonella Santone,et al.  Neural Networks for Lung Cancer Detection through Radiomic Features , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[22]  Antonella Santone,et al.  Colluding Android Apps Detection via Model Checking , 2020, AINA Workshops.

[23]  Antonella Santone,et al.  A “pay-how-you-drive” car insurance approach through cluster analysis , 2018, Soft Computing.

[24]  Eric Medvet,et al.  Spotting the Malicious Moment: Characterizing Malware Behavior Using Dynamic Features , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[25]  Pavel Berkhin,et al.  A Survey of Clustering Data Mining Techniques , 2006, Grouping Multidimensional Data.

[26]  M Sarhadi,et al.  Cluster based nonlinear principle component analysis , 1997 .

[27]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.