scholarly journals Static and Dynamic Analysis for Android Malware Detection

2016 ◽  
Author(s):  
Ankita Kapratwar
Keyword(s):  
Dynamic Analysis ◽  
Malware Detection ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Android Malware Detection

Runtime-Based Behavior Dynamic Analysis System for Android Malware Detection

2013 ◽  
Vol 756-759 ◽  
pp. 2220-2225 ◽  
Author(s):  
Luo Xu Min ◽  
Qing Hua Cao
Keyword(s):  
Dynamic Analysis ◽  
Private Information ◽  
Malware Detection ◽  
Third Party ◽  
Android Malware ◽  
Android Malware Detection ◽  
Malicious Behavior ◽  
Result Show ◽  
Android Market ◽  
Analysis System

The most serious threats for Android users is come from application, However, the market lack a mechanism to validate whether these applications are malware or not. So, malware maybe leak users private information, malicious deductions for send premium SMS, get root privilege of the Android system and so on. In the traditional method of malware detection, signature is the only basis. It is far enough. In this paper, we propose a runtime-based behavior dynamic analysis for Android malware detection. The new scheme can be implemented as a system. We analyze 350 applications come from third-party Android market, the result show that our system can effectively detect unknown malware and the malicious behavior of malware.

scholarly journals Runtime Detection Framework for Android Malware

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
TaeGuen Kim ◽  
BooJoong Kang ◽  
Eul Gyu Im
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Suffix Tree ◽  
Malware Detection ◽  
Application Programming Interface ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Dynamic Features ◽  
Android Malware ◽  
Android Malware Detection

As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework.

scholarly journals On the Feasibility of Adversarial Sample Creation Using the Android System API

Information ◽  
2020 ◽  
Vol 11 (9) ◽  
pp. 433
Author(s):  
Fabrizio Cara ◽  
Michele Scalas ◽  
Giorgio Giacinto ◽  
Davide Maiorca
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Random Noise ◽  
Malware Detection ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Expert Analysis ◽  
The Impact

Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks.

Sign in / Sign up

Export Citation Format

Share Document