Keep Calm and Know Where to Focus: Measuring and Predicting the Impact of Android Malware

Android malware can pose serious security threat to the mobile users. With the rapid growth in malware programs, categorical isolation of malware is no longer satisfactory for security risk management. It is more pragmatic to focus the limited resources on identifying the small fraction of malware programs of high security impact. In this paper, we define a new research issue of measuring and predicting the impact of the detected Android malware. To address this issue, we first propose two metrics to isolate the high impact Android malware programs from the low impact ones. With the proposed metrics, we created a new research dataset including high impact and low impact Android malware samples. The dataset allows us to empirically discover the driving factors for the high malware impact. To characterize the differences between high impact and low impact Android malware, we leverage features from two sources available in every Android application. (1) the readily available AndroidManifest.xml file and (2) the disassembled code from the compiled binary. From these characteristics, we trained a highly accurate classifier to identify high impact Android malware. The experimental results show that our proposed method is feasible and has great potential in predicting the impact of Android malware in general.

[1]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[2]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  Somesh Jha,et al.  Retargeting Android applications to Java bytecode , 2012, SIGSOFT FSE.

[4]  Patrick Traynor,et al.  MAST: triage for market-scale mobile malware analysis , 2013, WiSec '13.

[5]  René Rydhof Hansen,et al.  Formalisation and analysis of Dalvik bytecode , 2014, Sci. Comput. Program..

[6]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[7]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[8]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[9]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[10]  Isil Dillig,et al.  Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability , 2016, NDSS.

[11]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[12]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY '13.

[13]  Yanfang Ye,et al.  HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network , 2017, KDD.

[14]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[15]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[16]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[17]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[18]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[19]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[20]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[21]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[22]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[23]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[24]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[25]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[26]  Marti A. Hearst Trends & Controversies: Support Vector Machines , 1998, IEEE Intell. Syst..

[27]  Zhenkai Liang,et al.  AirBag: Boosting Smartphone Resistance to Malware Infection , 2014, NDSS.