Understanding the Root of Attack in Android Malware

With the rapid technology of mobile device and fast development of Android versions, Android malware has emerged and become a focus in current research. Security and privacy became the main issues in android malware. Therefore, it is essential to understand the behavior of Android malware in order to conceive an effective technique in malware detection and analysis. This article presents a comprehensive study regarding Android platform, its feature in android malware code and also discusses the result from previous study in order to support forward-looking in Android study

Investigating Goldream Behaviour Through Dynamic Analysis

Smartphones have become more popular today and along with it Android Operating system also increasing rapidly. The Android OS is very popular because of their design where it is an open source design. So, it attracts people to use it because it is more convenient and easy. However, the openness of Android design also become it flaw because it not only attract Android user but also attacker for Android platform. Their openness design and it is easy to get their application have give advantages to attacker repackaged Android application and can upload the repackage application easily on Android market or any third party market. This brings to the increasing of android malware in the market. So, because of that reason it leads to the execution of this project where this project helps to understand how is the malware behavior and how its work especially about GoldDream malware. The method used to identify the malware behavior is by conducting a dynamic analysis technique. The behavior is being extract from the network traffic log and based on system call function. As conclusion, the behavior of GoldDream that can be identify from this research are the malware will create a database in user device which this database will log all the incoming and outgoing phone call plus with spying the incoming sms. Another behavior is it will upload the victim SIM, IMEI and IMSI information to their C&C server by embedded the information in HTTP URL

Resilient and Scalable Android Malware Fingerprinting and Detection

Malicious software (Malware) proliferation reaches hundreds of thousands daily. The manual analysis of such a large volume of malware is daunting and time-consuming. The diversity of targeted systems in terms of architecture and platforms compounds the challenges of Android malware detection and malware in general. This highlights the need to design and implement new scalable and robust methods, techniques, and tools to detect Android malware. In this thesis, we develop a malware fingerprinting framework to cover accurate Android malware detection and family attribution. In this context, we emphasize the following: (i) the scalability over a large malware corpus; (ii) the resiliency to common obfuscation techniques; (iii) the portability over different platforms and architectures. In the context of bulk and offline detection on the laboratory/vendor level: First, we propose an approximate fingerprinting technique for Android packaging that captures the underlying static structure of the Android apps. We also propose a malware clustering framework on top of this fingerprinting technique to perform unsupervised malware detection and grouping by building and partitioning a similarity network of malicious apps. Second, we propose an approximate fingerprinting technique for Android malware's behavior reports generated using dynamic analyses leveraging natural language processing techniques. Based on this fingerprinting technique, we propose a portable malware detection and family threat attribution framework employing supervised machine learning techniques. Third, we design an automatic framework to produce intelligence about the underlying malicious cyber-infrastructures of Android malware. We leverage graph analysis techniques to generate relevant, actionable, and granular intelligence that can be used to identify the threat effects induced by malicious Internet activity associated to Android malicious apps. In the context of the single app and online detection on the mobile device level, we further propose the following: Fourth, we design a portable and effective Android malware detection system that is suitable for deployment on mobile and resource constrained devices, using machine learning classification on raw method call sequences. Fifth, we elaborate a framework for Android malware detection that is resilient to common code obfuscation techniques and adaptive to operating systems and malware change overtime, using natural language processing and deep learning techniques. We also evaluate the portability of the proposed techniques and methods beyond Android platform malware, as follows: Sixth, we leverage the previously elaborated techniques to build a framework for cross-platform ransomware fingerprinting relying on raw hybrid features in conjunction with advanced deep learning techniques

Android Malware Analysis Using Application Permissions

Smartphones are the most useful devices nowadays because they offer a lot of useful services besides the aspect of mobility that benefit the user even more. In addition, the most popular platform is Android, because it offers verity of thousands free applications and also because the platform is open source. In this case anybody can develop an application and then publishing it on the store. In this research, we are aiming to analyze 400 Android application samples taken from Google’s play store, in order to determine the percentage of having the malware behavior within the collected samples. A confirmed malware dataset will be collected as well and the analysis will be done in order to derive malware patterns (permissions) and then comparing the 400 application samples with the malware derived malware patterns based upon the permissions requested. However, a certain combination of some Android user permissions could create a malware behavior such as the ability to read user contacts and the permission of using the web browser. At this point we can determine that this application has a malware behavior, which can send the user contacts to a third-party server without the knowledge of the user, but this is needed to be confirmed by analyzing the application’s source code. After doing the analysis, we will be able to propose a framework to protect the user private data that will benefit the users and the application developers to avoid designing an application that request such dangerous permissions combination if possible