"Andromaly": A behavioral malware detection framework for android devices

Journal of Intelligent Information Systems

Volumn 38, Issue 1, 2012, Pages 161-190

  Shabtai, Asaf ^a   Kanonov, Uri ^a   Elovici, Yuval ^a   Glezer, Chanan ^a   Weiss, Yael ^a  

^a BEN GURION UNIVERSITY OF THE NEGEV   (Israel)

Author keywords

Android; Machine learning; Malware; Mobile devices; Security

Indexed keywords

ANDROID; ANOMALY DETECTOR; ANOMALY-DETECTION ALGORITHMS; EMPIRICAL RESULTS; FEATURE SELECTION METHODS; HOST-BASED; MACHINE-LEARNING; MALWARE DETECTION; MALWARES; SECURITY;

DETECTORS; FEATURE EXTRACTION; LEARNING SYSTEMS; MOBILE DEVICES; ROBOTS;

COMPUTER CRIME;

EID: 84856225193     PISSN: 09259902     EISSN: 15737675     Source Type: Journal    
DOI: 10.1007/s10844-010-0148-x     Document Type: Article

References (59)

1. Adam, P. F.; Chaudhuri, A.; & Foster, J. S. (2009). SCanDroid: Automated security certification of android applications. In IEEE symposium of security and privacy.
2. Bose, A.; Hu, X.; Shin, K. G.; & Park, T. (2008). Behavioral detection of malware on mobile handsets. In Proc. of the 6th international conference on mobile systems, applications, and services.
3. RA Botha SM Furnell NL Clarke 2009 From desktop to mobile: Examining the security experience Computer & Security 28 130 137 10.1016/j.cose.2008.11. 001
4. Buennemeyer, T. K.; et al. (2008). Mobile device profiling and intrusion detection using smart batteries. In International conference on system sciences (pp. 296-296).
5. V Chandola A Banerjee V Kumar 2009 Anomaly detection: A survey ACM Computing Surveys 41 3 1 58 10.1145/1541880.1541882
6. Chaudhuri, A. (2009). Language-based security on android. In ACM workshop on programming languages and analysis for security (PLAS) (pp. 1-7).
7. Cheng, J.; Wong, S. H.; Yang, H.; & Lu, S. (2007). SmartSiren: Virus detection and alert for smartphones. In Proceedings of the 5th international conference on mobile systems, applications and services.
8. C Dagon T Martin T Starner 2004 Mobile phones as computing devices the viruses are coming Pervasive Computing 3 11 15 10.1109/MPRV.2004.21 (Pubitemid 40010893)
9. P Domingos M Pazzani 1997 On the optimality of simple Bayesian classifier under zero-one loss Machine Learning 29 103 130 10.1023/A:1007413511361 0892.68076 (Pubitemid 127510035)
10. Egele, M.; Krugel, C.; Kirda, E.; Yin, H.; & Song, D. (2007). Dynamic spyware analysis. In USENIX annual technical conference (pp. 233-246).
11. D Emm 2006 Mobile malware - new avenues Network Security 2006 11 4 6 10.1016/S1353-4858(06)70450-0 (Pubitemid 44739351)
12. Enck, W.; Ongtang, M.; & McDaniel, P. (2008). Mitigating android software misuse before it happens. Tech. report NAS-TR-0094-2008, Network and Security Research Ctr.; Dept. Computer Science and Eng.; Pennsylvania State Univ.
13. W Enck M Ongtang P McDaniel 2009 Understanding android security IEEE Security & Privacy Magazine 7 1 50 57 10.1109/MSP.2009.26
14. Endler, D. (1998). Intrusion detection: Applying machine learning to solaris audit data. In Proceedings of the 14th annual computer security applications conference.
15. P Garcia-Teodoro J Diaz-Verdejo G Macia-Fernandez E Vazquez 2009 Anomaly-based network intrusion detection: Techniques, systems and challenges Computers & Security 28 1-2 18 28 10.1016/j.cose.2008.08.003
16. T Golub, et al. 1999 Molecular classification of cancer: Class discovery and class prediction by gene expression monitoring Science 286 531 537 10.1126/science.286.5439.531
17. Griffin, K.; Schneider, S.; Hu, X.; & Chiueh, T. (2009). Automatic generation of string signatures for malware detection. In Proc. of the 12th international symposium on recent advances in intrusion detection.
18. Gryaznov, D. (1999). Scanners of the year 2000: Heuritics. The 5th international virus bulletin.
19. Guo, C.; Wang, H. J.; & Zhu, W. (2004). Smart-phone attacks and defenses. In HotNets III.
20. SS Hwang S Cho S Park 2009 Keystroke dynamics-based authentication for mobile devices Computer & Security 28 85 93 10.1016/j.cose.2008.10.002
21. Imam, I. F.; Michalski, R. S.; & Kerschberg, L. (1993). Discovering attribute dependence in databases by integrating symbolic learning and statistical analysis techniques. In Proceeding of the AAAI-93 workshop on knowledge discovery in databases.
22. G Jacob H Debar E Filiol 2008 Behavioral detection of malware: From a survey towards an established taxonomy Journal in Computer Virology 4 251 266 10.1007/s11416-008-0086-0
23. Jacoby, G. A.; & Davis, N. J. (2004). Battery-based intrusion detection. In Global telecommunications conference (GLOBECOM'04).
24. AK Jain MN Murty PJ Flynn 1999 Data clustering ACM Computing Surveys 31 3 264 296 10.1145/331499.331504
25. John, G. H.; & Langley, P. (1995). Estimating continuous distributions in bayesian classifiers. In Proc. of the conference on uncertainty in artificial intelligence (pp. 338-345).
26. Kim, H.; Smith, J.; & Shin, K. G. (2008). Detecting energy-greedy anomalies and mobile malware variants. In Proceeding of the 6th international conference on mobile systems, applications, and services.
27. KS Koong LC Liu S Bai B Lin 2008 Identity theft in the USA: Evidence from 2002 to 2006 International Journal of Mobile Communications 6 2 199 216 10.1504/IJMC.2008.016577
28. N Leavitt 2005 Mobile phones: The next frontier for hackers? Computer 38 4 20 23 10.1109/MC.2005.134 (Pubitemid 40608419)
29. Lee, W.; & Xiang, D. (2001). Information-theoretic measures for anomaly detection. In Proc. of the IEEE symposium on security and privacy (pp. 130-143). (Pubitemid 32882632)
30. Lee, W.; Stolfo, S.; & Mok, K. (1999). A data mining framework for building intrusion detection models. In Proc. of the 1999 IEEE symposium on security and privacy. Oakland.
31. W Lee W Fan M Miller S Stolfo E Zadok 2002 Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security 10 1-2 5 22 (Pubitemid 34531411)
32. E Menahem A Shabtai L Rokach Y Elovici 2008 Improving malware detection by applying multi-inducer ensemble Computational Statistics and Data Analysis 53 4 1483 1494 10.1016/j.csda.2008.10.015 2657107
33. Miettinen, M.; Halonen, P.; & Hätönen, K. (2006). Host-based intrusion detection for advanced mobile devices. In Proc. of the 20th international conference on advanced information networking and applications.
34. Mitchell, T. (1997). Machine learning. New York: McGraw-Hill.
35. Moreau, Y.; Preneel, B.; Burge, P.; Shawe-Taylor, J.; Stoermann, C.; & Cooke, C. (1997). Novel techniques for fraud detection in mobile telecommunication networks. In ACTS mobile summit.
36. Moser, A.; Kruegel, C.; & Kirda, E. (2007). Limits of static analysis for malware detection. In Annual computer security applications conference (pp. 421-430).
37. R Moskovitch Y Elovici L Rokach 2008 Detection of unknown computer worms based on behavioral classification of the host Computational Statistics and Data Analysis 52 9 4544 4566 10.1016/j.csda.2008.01.028 05565036 2432480
38. Muthukumaran, D.; et al. (2008). Measuring integrity on mobile phone systems. In Proceedings of the 13th ACM symposium on access control models and technologies.
39. Nash, D. C.; et al. (2005). Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices. In Pervasive computing and communications workshops.
40. Neter, J.; Kutner, M. H.; Nachtsheim, C. J.; & Wasserman, W. (1996). Applied linear statistical models. McGraw-Hill.
41. Ongtang, M.; McLaughlin, S.; Enck, W.; & McDaniel, P. (2009). Semantically rich application-centric security in android. In Proceedings of the 25th annual computer security applications conference (ACSAC). Honolulu.
42. Pearl, J. (1988). Probabilistic reasoning in intelligent systems: Networks of plausible inference. Massachusetts: Morgan Kaufmann.
43. M Piercy 2004 Embedded devices next on the virus target list IEEE Electronics Systems and Software 2 42 43 10.1049/ess:20040612
44. Quinlan, J. R. (1993). C4.5: Programs for machine learning. San Francisco: Morgan Kaufmann.
45. Rieck, K.; Holz, T.; Willems, C.; Düssel, P.; & Laskov, P. (2008). Learning and classification of malware behavior. In Proc. of the conference on detection of intrusions and malware & vulnerability assessment (pp. 108-125).
46. Russel, S.; & Norvig, P. (2002). Artificial intelligence: A modern approach. Prentice Hall.
47. D Samfat R Molva 1997 IDAMN: An intrusion detection architecture for mobile networks IEEE Journal on Selected Areas in Communications 15 7 1373 1380 10.1109/49.622919 (Pubitemid 127566448)
48. Schmidt, A. D.; Schmidt, H. G.; Yüksel, K. A.; Kiraz, O.; Camptepe, S. A.; & Albayrak, S. (2008). Enhancing security of linux-based android devices. In Proc. of the 15th international linux system technology conference.
49. AD Schmidt F Peters F Lamour C Scheel SA Camtepe S Albayrak 2009 Monitoring smartphones for anomaly detection Mobile Networks and Applications (MONET) 14 1 92 106 10.1007/s11036-008-0113-x
50. Shabtai, A.; Fledel, Y.; & Elovici, Y. (2009a). Detecting malicious applications on android by applying machine learning classifiers to static features (Poster). Presented in the 25th annual computer security applications conference (ACSAC). Honolulu, Hawaii.
51. A Shabtai Y Fledel Y Elovici Y Shahar 2009 Knowledge-based temporal abstraction in clinical domains Journal in Computer Virology 8 3 267 298
52. A Shabtai R Moskovitch Y Elovici C Glezer 2009 Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey Information Security Technical Report 14 1 1 34 10.1016/j.istr.2009.03.003
53. Shabtai, A.; Fledel, Y.; Kanonov, U.; Elovici, Y.; & Dolev, S. (2009d). Google android: A state-of-the-art review of security mechanisms. CoRR abs/0912.5101.
54. A Shabtai U Kanonov Y Elovici 2010 Intrusion detection on mobile devices using the knowledge based temporal-abstraction method Journal of Systems and Software 83 8 1524 1537 10.1016/j.jss.2010.03.046
55. Shabtai, A.; Fledel, Y.; Kanonov, U.; Elovici, Y.; Dolev, S.; & Glezer, C. (2010b) Google android: A comprehensive security assessment. IEEE Security and Privacy Magazine. doi: 10.1109/MSP.2010.2.
56. CE Shannon 1948 The mathematical theory of communication The Bell system Technical Journal 27 3 379 423 1154.94303 26286
57. DH Shih B Lin HS Chiang MH Shih 2008 Security aspects of mobile phone virus: A critical survey Industrial Management & Data Systems 108 4 478 494 10.1108/02635570810868344 (Pubitemid 351590943)
58. TS Yap HT Ewe 2005 A mobile phone malicious software detection model with behavior checker Lecture Notes in Computer Science 3597 57 65 10.1007/115277257 (Pubitemid 41435937)
59. Yin, H.; Song, D.; Egele, M.; Krugel, C.; & Kirda, E. (2007). Panorama: Capturing system-wide information flow for malware detection and analysis. In ACM conference on computer and communications security.