SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform

SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.

[1]  Dong Hoon Lee,et al.  A study on static analysis model of mobile application for privacy protection , 2012, CSA 2012.

[2]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[3]  Patrick P. K. Chan,et al.  Static detection of Android malware by using permissions and API calls , 2014, 2014 International Conference on Machine Learning and Cybernetics.

[4]  Tao Zhang,et al.  AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android , 2011, ICICA.

[5]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[6]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[7]  Huy Kang Kim,et al.  Andro-profiler: anti-malware system based on behavior profiling of mobile malware , 2014, WWW.

[8]  Xiaojiang Du,et al.  Security threats to mobile multimedia applications: Camera-based attacks on mobile phones , 2014, IEEE Communications Magazine.

[9]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[10]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[11]  Florian Michahelles,et al.  Detection of Malicious Applications on Android OS , 2010, ICWF.

[12]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[13]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[14]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[15]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .