LimonDroid: a system coupling three signature-based schemes for profiling Android malware

Springer Science and Business Media LLC - 2021
Franklin Tchakounté1, Roger Corneille Ndjeumou Ngassi1, Vivient Corneille Kamla2, Kalum Priyanath Udagepola3
1Department of Mathematics and Computer Science, Faculty of Science, University of Ngaoundéré, Ngaoundéré, Cameroon
2Department of Mathematics and Computer Science, National School of Agro-Industrial Science, University of Ngaoundéré, Ngaoundéré, Cameroon
3Department of Information and Computing Sciences, Scientific Research Development Institute of Technology, Loganlea, Australia

Tóm tắt

Từ khóa


Tài liệu tham khảo

AMD: Android malware dataset (2019). http://amd.arguslab.org/. Accessed 15 Apr 2019

AOSP: Security (2019). https://source.android.com/security/

AppBrain: Top manufacturers (2019). https://www.appbrain.com/stats/top-manufacturers

Arshad, S., Ali, M., Khan, A., Ahmed, M.: Android malware detection & protection: a survey. Int. J. Adv. Comput. Sci. Appl. 7(2), 466 (2016). https://doi.org/10.14569/IJACSA.2016.070262

Atzeni, A., Diaz, F., Marcelli, A., Sanchez, A., Squillero, G., Tonda, A.: Countering android malware: a scalable semi-supervised approach for family-signature generation. IEEE Access 6, 59540–59556 (2018). https://doi.org/10.1109/ACCESS.2018.2874502

Bagnall, R.J., French, G.: The Malware Rating System (MRS)$$^{{\rm TM}}$$. In: Proceedings of the 6th International Command and Control Research and Technology Symposium. Annapolis (2001)

Bhat, P., Dutta, K.: A survey on various threats and current state of security in android platform. ACM Comput. Surv. 52(1), 1–35 (2019). https://doi.org/10.1145/3301285

Biondi, F., Dechelle, F., Legay, A.: MASSE: Modular automated syntactic signature extraction. In: Proceedings—2017 IEEE 28th International Symposium on Software Reliability Engineering Workshops, ISSREW 2017, pp. 96–97. IEEE (2017). https://doi.org/10.1109/ISSREW.2017.74

Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’11, p. 15. ACM Press, New York, New York, USA (2011). https://doi.org/10.1145/2046614.2046619

Castillo, C.a.: Android malware past , present , and future (2011). http://www.mcafee.com/us/ resources/white-papers/wp-android-malware-past-present-future.pdf. Accessed 23 Oct 2019

Check point: viking horde: a new type of android malware on google play | check point software blog (2019). https://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/. Accessed 16 Apr 2019

Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017). https://doi.org/10.1007/s11416-015-0261-z

Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Over-the-air cross-platform infection for Breaking mTAN-based online banking authentication (2012)

Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 1–42 (2012)

Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid. ACM Trans. Comput. Syst. 32(2), 1–29 (2014). https://doi.org/10.1145/2619091

Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security—CCS ’09, p. 235. ACM Press, New York, New York, USA (2009). https://doi.org/10.1145/1653662.1653691

Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M., Rajarajan, M.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutorials 17(2), 998–1022 (2015). https://doi.org/10.1109/COMST.2014.2386139

Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M.S., Bharmal, A.: AndroSimilar: robust signature for detecting variants of android malware. In: Proceedings of the 6th International Conference on Security of Information and Networks—SIN ’13, pp. 152–159. ACM Press, New York, New York, USA (2013). https://doi.org/10.1145/2523514.2523539

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12, p. 1. ACM Press, New York, New York, USA (2012). https://doi.org/10.1145/2335356.2335360

GDATA: Some 343 new android malware samples every hour in 2017 (2018). https://www.gdatasoftware.com/blog/2018/02/30491-some-343-new-android-malware-samples-every-hour-in-2017

Google: google find my device (2019). https://www.google.com/android/find?u=0. Accessed 28 July 2019

Google: Google Play Protect: Securing 2 billion users daily (2019). https://www.android.com/play-protect/

Google: google safe browsing (2019). https://safebrowsing.google.com/. Accessed 28 July 2019

Google: SafetyNet attestation API (2019). https://developer.android.com/training/safetynet/attestation. Accessed 28 July 2019

Gopalakrishnan, A., Vineti, E., Mohan, A.K., Sethumadhavan, M.: The art of piecewise hashing: a StepToward better evidence provability. J. Cyber Security Mobility 7(1), 109–130 (2018). https://doi.org/10.13052/jcsm2245-1439.719

HCRL: Andro-Profiler (2019). http://ocslab.hksecurity.net/andro-profiler. Accessed 16 Apr 2019

Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: ScanDal: Static analyzer for detecting privacy leaks in android applications. In: MoST, vol. 12 (2012). https://pdfs.semanticscholar.org/7520/336ec2a08ad4fcbc5073082a8318571d679c.pdf. Accessed 17 Apr 2019

Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digital Investigation 3(SUPPL.), 91–97 (2006). https://doi.org/10.1016/j.diin.2006.06.015

Kornblum, J.: ssdeep—Fuzzy Hashing Program (2018)

Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., Ye, H.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Indu. Inform. 14(7), 3216–3225 (2018). https://doi.org/10.1109/TII.2017.2789219

Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V.V.D., Platzer, C.: ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In: Proceedings—3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014, pp. 3–17. IEEE (2016). https://doi.org/10.1109/BADGERS.2014.7

Monnappa, K.: Limon Sandbox for Analyzing Linux Malwares—Cysinfo (2015). https://cysinfo.com/limon-sandbox-for-analyzing-linux-malwares-2/

Ndjeumou, R.: Roger-NDJEUMOU/LimonDroid (2018). https://github.com/Roger-NDJEUMOU/LimonDroid

Odusami, M., Abayomi-Alli, O., Misra, S., Shobayo, O., Damasevicius, R., Maskeliunas, R.: Android malware detection: a survey. In: Communications in Computer and Information Science, vol. 942, pp. 255–266. IEEE (2018). https://doi.org/10.1007/978-3-030-01535-0_19

Offensive security: metasploit unleashed—free online ethical hacking course (2019). https://www.offensive-security.com/metasploit-unleashed/

Park, J., Chun, H., Jung, S.: API and permission-based classification system for android malware analysis. In: International Conference on Information Networking, vol. 2018-Janua, pp. 930–935. IEEE (2018). https://doi.org/10.1109/ICOIN.2018.8343260

Popper, B.: Google announces over 2 billion monthly active devices on Android (2017). https://www.theverge.com/2017/5/17/15654454/android-reaches-2-billion-monthly-active-users. Accessed 18 July 2019

Rastogi, V., Qu, Z., McClurg, J., Cao, Y., Chen, Y.: Uranine: Real-time privacy leakage monitoring without system modification for android. In: Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 164, pp. 256–276. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28865-9_14

Raveendranath, R., Rajamani, V., Babu, A.J., Datta, S.K.: Android malware attacks and countermeasures: current and future directions. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies, ICCICCT 2014, pp. 137–143. IEEE (2014). https://doi.org/10.1109/ICCICCT.2014.6992944

Roussev, V.: Data fingerprinting with similarity digests. In: IFIP Advances in information and communication technology, vol. 337 AICT, pp. 207–226. Springer, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15

Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission usage to detect malware in android. In: Advances in Intelligent Systems and Computing, vol. 189 AISC, pp. 289–298. Springer, Berlin, Heidelberg (2013). https://doi.org/10.1007/978-3-642-33018-6_30

Sarantinos, N., Benzaïd, C., Arabiat, O., Al-Nemrat, A.: Forensic malware analysis: The value of fuzzy hashing algorithms in identifying similarities. In: Proceedings—15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Proce, pp. 1782–1787. IEEE (2016). https://doi.org/10.1109/TrustCom.2016.0274

Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inform. Syst. 38(1), 161–190 (2012). https://doi.org/10.1007/s10844-010-0148-x

Smith, C.: Most advanced Android malware threat yet: Backdoor.AndroidOS.Obad.a (2013). https://www.androidauthority.com/advanced-android-malware-threat-backdoor-androidos-obad-a-223800/. Accessed 17 Apr 2019

Sponchioni, R.: Android.Fakedefender.B | Symantec (2013). https://www.symantec.com/security-center/writeup/2013-091013-3953-99. Accessed 15 Apr 2019

Statista: most popular global mobile messenger apps as of december 2014, based on number of monthly active users (2015). http://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/. Accessed 16 Apr 2019

Struse, E., Seifert, J., Üllenbeck, S., Rukzio, E., Wolf, C.: PermissionWatcher: creating user awareness of application permissions in mobile systems. In: International Joint Conference on Ambient Intelligence, pp. 65–80. Springer, Berlin, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34898-3_5

Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from android devices. Digital Investigation 8(3–4), 175–184 (2012). https://doi.org/10.1016/j.diin.2011.10.003

Talha, K.A., Alper, D.I., Aydin, C.: APK auditor: permission-based android malware detection system. Digital Investigation 13, 1–14 (2015). https://doi.org/10.1016/j.diin.2015.01.001

Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM symposium on Information, computer and communications security—ASIA CCS ’14, pp. 447–458. ACM Press, New York, New York, USA (2014). https://doi.org/10.1145/2590296.2590325

VirusTotal: VirusTotal (2019). https://www.virustotal.com/gui/home/upload. Accessed 16 Apr 2019

Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inform. Forensics Security 9(11), 1869–1882 (2014). https://doi.org/10.1109/TIFS.2014.2353996

Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: Proceedings of the 21st USENIX conference on Security symposium, pp. 1–16. USENIX Association Berkeley, CA, USA, Bellevue, WA (2012)

YaraProject: YaraRules Project (2019). https://yararules.com/. Accessed 28 July 2019

YaraRules: yara-rules/rules (2019). https://github.com/Yara-Rules/rules

Zhang, F., Leach, K., Stavrou, A., Wang, H., Sun, K.: Using hardware features for increased debugging transparency. In: Proceedings—IEEE Symposium on Security and Privacy, vol. 2015-July, pp. 55–69 (2015). https://doi.org/10.1109/SP.2015.11

Zheng, C., Xiao, C., Xu, Z.: New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom (2016). https://unit42.paloaltonetworks.com/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/

Zheng, M., Sun, M., Lui, J.C.: Droid analytics: A signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013, pp. 163–171. IEEE (2013). https://doi.org/10.1109/TrustCom.2013.25

Zhou, W., Hu, D., Su, J., Kang, Y.: RuMMS: the latest family of android malware attacking users in Russia via SMS phishing RuMMS: The Latest Family of Android Malware Attacking Users in Russia Via SMS Phishing | FireEye Inc (2016)

Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY ’12, p. 317. ACM Press, New York, New York, USA (2012). https://doi.org/10.1145/2133601.2133640

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 95–109. IEEE (2012). https://doi.org/10.1109/SP.2012.16

Thông tin
Thông tin xuất bản

Springer Science and Business Media LLC

Thông tin tác giả