MAST: Triage for market-scale mobile malware analysis

WiSec 2013 - Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Volumn , Issue , 2013, Pages 13-24

  Chakradeo, Saurabh ^a   Reaves, Bradley ^a   Traynor, Patrick ^a   Enck, William ^b  

^a Georgia Institute of Technology   (United States)

^b North Carolina State University   (United States)

Author keywords

Mobile application security; Multiple correspondence analysis; Triage

Indexed keywords

APPLICATION DEVELOPMENT; AUTOMATED ANALYSIS; MITIGATION TECHNIQUES; MOBILE APPLICATION SECURITIES; MOBILE APPLICATIONS; MULTIPLE CORRESPONDENCE ANALYSIS; SIGNATURE DETECTION; TRIAGE;

COMMERCE; COMPUTER CRIME; MOBILE COMPUTING; TOOLS;

COST BENEFIT ANALYSIS;

EID: 84879543890     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2462096.2462100     Document Type: Conference Paper

References (55)

1. H. Abdi and D. Valentin. Multiple correspondence analysis. In Encyclopedia of Measurement and Statistics, page 13. Sage, California, 2007.
2. Android market API. http://code.google.com/p/android-market-api/.
3. Anzhi Market. http://www.anzhi.com.
4. Apple app store, 2012. http://www.apple.com/iphone/from-the-app-store/.
5. Baksmali, 2012. http://code.google.com/p/smali/.
6. D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, page 73. ACM Press, 2010.
7. C. Beaumont. Apple iPhone 'kill switch' discovered, August 2008. http://www.telegraph.co.uk/technology/3358115/Apple-iPhone-kill-switch- discovered.html.
8. Blackberry app world, 2012. http://appworld.blackberry.com/webstore/.
9. A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral detection of malware on mobile handsets. In Proceeding of the 6th international conference on Mobile systems, applications, and services, page 225. ACM Press, 2008.
10. T. Bray. Exercising Our Remote Application Removal Feature, June 2010. http://android-developers.blogspot.com/2010/06/exercising-our-remote- application.html.
11. J. Burns. Developing Secure Mobile Applications for Android. iSEC Partners, Oct. 2008. http://www.isecpartners.com/files/iSEC-Securing-Android- Apps.pdf.
12. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys '11, pages 239h-252, New York, NY, USA, 2011. ACM.
13. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the ISOC Network & Distributed System Security Symposium (NDSS), 2011.
14. W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, pages 393-407, 2010.
15. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, USA, 2011.
16. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, page 235. ACM Press, 2009.
17. W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):50-57, January/February 2009.
18. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, Chicago, Illinois, USA, Oct. 2011.
19. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In ACM Workshop on Security and Privacy in Mobile Devices, Chicago, Illinois, USA, Oct. 2011.
20. GFan Market. http://www.gfan.com/.
21. Google play, 2012. https://play.google.com/store/apps.
22. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2012.
23. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2011.
24. J. Jang, D. Brumley, and S. Venkataraman. Bitshred: feature hashing malware for scalable triage and semantic analysis. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 309-320, New York, NY, USA, 2011. ACM.
25. X. Jiang. Questionable Android Apps - SndApps - Found and Removed from Official Android Market, July 2011. http://www.csc.ncsu.edu/faculty/jiang/ SndApps/.
26. X. Jiang. Security Alert: New Android SMS Trojan - YZHCSMS - Found in Official Android Market and Alternative Markets, June 2011. http://www.csc.ncsu. edu/faculty/jiang/YZHCSMS/.
27. X. Jiang. Security Alert: New Stealthy Android Spyware - Plankton - Found in Official Android Market, June 2011. http://www.csc.ncsu.edu/faculty/jiang/ Plankton/.
28. H. Kim, J. Smith, and K. G. Shin. Detecting energy-greedy anomalies and mobile malware variants. In Proceeding of the 6th international conference on Mobile systems, applications, and services, page 239. ACM Press, 2008.
29. A. Kingsley-Hughes. So that's what happens when you highlight an iOS security hole, November 2011. http://www.zdnet.com/blog/hardware/so-thats-what- happens-when-you-highlightan-ios-security-hole/16078.
30. L. Liu, G. Yan, X. Zhang, and S. Chen. VirusMeter: preventing your cellphone from spies. In Recent Advances in Intrusion Detection, volume 5758, pages 244-264, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.
31. H. Lockheimer. Android and Security. Google Mobile Blog, Feb. 2012. http://googlemobile.blogspot.com/2012/02/android-and-security.html.
32. Lookout Mobile Security. Mobile threat report. Technical report, Lookout Mobile Security, Aug. 2011.
33. Lookout mobile security, 2012. https://www.mylookout.com/.
34. J. Lowensohn. iPhone lock-screen password app pulled, June 2011. http://news.cnet.com/8301-27076-3-20071405-248/iphone-lock-screen-password-app- pulled/.
35. K. Mahaffey. Security Alert: DroidDream Malware Found in Official Android Market, March 2011. http://blog.mylookout.com/2011/03/security-alert-malware- found-in-official-android-market-droiddream/.
36. P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2011.
37. P. McDaniel and W. Enck. Not so great expectations: Why application markets haven't failed security. IEEE Security & Privacy, 8(5):76-78, Oct. 2010.
38. Min Zheng, Patrick P.C. Lee, and John C.S. Lui. ADAM: an automatic and extensible platform to stress test android anti-virus systems. In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'12), Heraklion, Crete, Greece, July 2012.
39. Ndoo market. http://www.nduoa.com/.
40. NetQin Mobile Security, 2012. http://www.netqin.com/en/.
41. M. Neugschwandtner, P. M. Comparetti, G. Jacob, and C. Kruegel. Forecast: skimming off the malware cream. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 11-20, New York, NY, USA, 2011. ACM.
42. Nicholas J. Percoco and Sean Schulte. Adventures in BouncerLand. In Blackhat USA, Las Vegas, NV, 2012.
43. M. Parkour. Contagio mobile malware MiniDump. http://contagiominidump. blogspot.com/.
44. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, page 241-252, New York, NY, USA, 2012. ACM.
45. R. Perdisci, A. Lanzi, and W. Lee. Mcboost: Boosting scalability in malware collection and analysis using statistical classification of executables. In Proceedings of the 2008 Annual Computer Security Applications Conference, ACSAC '08, pages 301-310, Washington, DC, USA, 2008. IEEE Computer Society.
46. B. L. Roux and H. Rouanet. Multiple Correspondence Analysis. Number 163 in Quantitative Applications in the Social Sciences. SAGE Publications, Los Angeles, California, USA, 2010.
47. B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Android permissions: a perspective combining risks and benefits. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, SACMAT '12, page 13-22, New York, NY, USA, 2012. ACM.
48. R. E. Schapire. The Boosting Approach to Machine Learning: An Overview. In Nonlinear Estimation and Classification. Springer, 2003.
49. SoftAndroid Market. http://softandroid.ru.
50. Trend Micro Command Line Antivirus Scanner, 2012. http://esupport. trendmicro.com/solution/en-us/0117058.aspx.
51. Windows Phone: Marketplace, 2011. http://www.windowsphone.com/en-US/ marketplace.
52. B. Womack. Google says 700,000 applications available for android, Oct. 2012.
53. Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the IEEE Symposium on Security and Privacy (OAKLAND), 2012.
54. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the Network and Distributed System Security Symposium, Feb. 2012.
55. Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In TRUST, pages 93-107, 2011.