Detection and Prevention of Android Malware Attempting to Root the Device

Every year, malefactors continue to target the Android operating system. Malware which root the device pose the greatest threat to users. The attacker could steal stored passwords and contact lists or gain remote control of the phone. Android users require a system to detect the operation of malware trying to root the phone. This research aims to detect the Exploid, RageAgainstTheCage, and Gingerbreak exploits on Android operating systems. Reverse-engineering 21 malware samples lead to the discovery of two critical paths in the Android Linux kernel, wherein attackers can use malware to root the system. By placing sensors inside the critical paths, the research detected all 379 malware samples trying the root the system. Moreover, the experiment tested 16,577 benign applications from the Official Android Market and third party Chinese markets which triggered zero false positive results. Unlike static signature detection at the application level, this research provides dynamic detection at the kernel level. The sensors reside in-line with the kernel\u27s source code, monitoring network sockets and process creation. Additionally, the research demonstrates the steps required to reverse engineer Android malware in order to discover future critical paths. Using the kernel resources, the two sensors demonstrate efficient asymptotic time and space real-world monitoring. Furthermore, the sensors are immune to obfuscation techniques such as repackaging

Trends in Android Malware Detection

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewed extensively and the core features of each technique are highlighted and contrasted with the others. The challenges faced during the development of such techniques are also discussed along with the future prospects for Android malware detection. The findings of the review have been well documented in this paper to aid those making an effort to research in the area of Android malware detection by understanding the current scenario and developments that have happened in the field thus far

An Evaluation Of N-gram System Call Sequence In Mobile Malware Detection

The rapid growth of Android-based mobile devices technology in recent years has increased the proliferation of mobile devices throughout the community at large. The ability of Android mobile devices has become similar to its desktop environment; users can do more than just a phone call and short text messaging. These days, Android mobile devices are used for various applications such as web browsing, ubiquitous services, social networking, MMS and many more. However, the rapid growth of Android mobile devices technology has also triggered the malware author to start exploiting the vulnerabilities of the devices. Based on this reason, this paper explores mobile malware detection through an n-gram system call sequence which uses a sequence of system call invoked by the mobile application as the feature in classifying a benign and malicious mobile application. Several n-gram values are evaluated with Linear-SVM classifier to determine the best n system call sequence that produces the highest detection accuracy and highest True Positive Rate (TPR) with low False Positive Rate (FPR)

ADROIT: Android malware detection using meta-information

Android malware detection represents a current and complex problem, where black hats use different methods to infect users' devices. One of these methods consists in directly upload malicious applications to app stores, whose filters are not always successful at detecting malware, entrusting the final user the decision of whether installing or not an application. Although there exist different solutions for analysing and detecting Android malware, these systems are far from being sufficiently precise, requiring the use of third-party antivirus software which is not always simple to use and practical. In this paper, we propose a novel method called ADROIT for analysing and detecting malicious Android applications by employing meta-information available on the app store website and also in the Android Manifest. Its main objective is to provide a fast but also accurate tool able to assist users to avoid their devices to become infected without even requiring to install the application to perform the analysis. The method is mainly based on a text mining process that is used to extract significant information from meta-data, that later is used to build efficient and highly accurate classifiers. The results delivered by the experiments performed prove the reliability of ADROIT, showing that it is capable of classifying malicious applications with 93.67% accuracy

Vers une détection automatique des applications malveillantes dans les environnements Android

National audienceDans ce papier, nous présentons l'état de l'art sur les attaques et les menaces dans les environnements Android ainsi que les approches de détection associées. La plupart de ces approches utilisent des informations obtenues par instrumentation de la machine virtuelle ou par rétro-ingénierie du bytecode des applications. Nous proposons ainsi une nouvelle méthode moins coûteuse qui repose sur l'analyse des journaux des événements applicatifs et systèmes générés par la plate-forme Android. Cette analyse nous permettra d'établir des signatures des applications Android associant leurs structures et leurs comportements dynamiques

Trends in android malware detection

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewed extensively and the core features of each technique are highlighted and contrasted with the others. The challenges faced during the development of such techniques are also discussed along with the future prospects for Android malware detection. The findings of the review have been well documented in this paper to aid those making an effort to research in the area of Android malware detection by understanding the current scenario and developments that have happened in the field thus far

Three-Phase Detection and Classification for Android Malware Based on Common Behaviors

Android is one of the most popular operating systems used in mobile devices. Its popularity also renders it a common target for attackers. We propose an efficient and accurate three-phase behavior-based approach for detecting and classifying malicious Android applications. In the proposedapproach, the first two phases detect a malicious application and the final phase classifies the detected malware. The first phase quickly filters out benign applications based on requested permissions and the remaining samples are passed to the slower second phase, which detects malicious applications based on system call sequences. The final phase classifies malware into known or unknown types based on behavioral or permission similarities. Our contributions are three-fold: First, we propose a self-contained approach for Android malware identification and classification. Second, we show that permission requests from an Application are beneficial to benign application filtering. Third, we show that system call sequences generated from an application running inside a virtual machine can be used for malware detection. The experiment results indicate that the multi-phase approach is more accurate than the single-phase approach. The proposed approach registered true positive and false positive rates of 97% and 3%, respectively. In addition, more than 98% of the samples were correctly classified into known or unknown types of malware based on permission similarities.We believe that our findings shed some lights on future development of malware detection and classification

Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices

The ever-increasing number of third-party applications developed for Android devices has resulted in a growing interest in the secondary activities that these applications perform and how they affect a user’s privacy. Unfortunately, users continue to install these applications without any concrete knowledge of the breadth of these activities; hence, they have little insight into the sensitive information and resources accessed by these applications. In this paper, we explore users’ perception and reaction when presented with a visual analysis of Android applications activities and their security implications. This study uses interactive visual schemas to communicate the effect of applications activities in order to support users with more understandable information about the risks they face from such applications. Through findings from a user-based experiment, we demonstrate that when visuals diagrams about application activities are presented to users, they became more aware and sensitive to the privacy intrusiveness of certain applications. This awareness and sensitivity stems from the fact that some of these applications were accessing a significant number of resources and sensitive information, and transferring data out of the devices, even when they arguably had little reason to do so