Identifying android malicious repackaged applications by thread-grained system call sequences

Computers and Security

Volumn 39, Issue PART B, 2013, Pages 340-350

  Lin, Ying Dar ^a   Lai, Yuan Cheng ^b   Chen, Chien Hung ^a   Tsai, Hao Chuan ^a  

^a NATIONAL CHIAO TUNG UNIVERSITY   (Taiwan)

^b NATIONAL TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Taiwan)

Author keywords

Android; Dynamic analysis; Longest common substring; Malicious repackaged applications; System call

Indexed keywords

ANDROID; ANDROID SECURITIES; COMMON SUBSEQUENCE; DETECTION MECHANISM; LONGEST COMMON SUBSTRING; MALICIOUS BEHAVIOR; SYSTEM CALLS; SYSTEM-CALL SEQUENCE;

COMPUTER SCIENCE; DYNAMIC ANALYSIS; SECURITY OF DATA;

ROBOTS;

EID: 84888862842     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2013.08.010     Document Type: Article

References (27)

1. Android.Adrd|symantec. Available at: http://www.symantec.com/security- response/writeup.jsp?docid=2011-021514-4954-99.
2. Android.Basebridge. Available at: http://www.symantec.com/security- response/writeup.jsp?docid=2011-060915-4938-99.
3. T. Blasing, L. Batyuk, A.-D. Schmidt, S.A. Camtepe, and S. Albayrak An android application sandbox system for suspicious software detection Proceedings of the 5th international conference on malicious and unwanted software (Malware 2010), Nancy, France 2010 55 62
4. I. Burguera, U. Zurutuza, and N.T. Simin Crowdroid: behavior-based malware detection system for Android Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, Chicago, IL, USA October 2011 15 25
5. D. Ehringer The Dalvik virtual machine architecture March 2010 Available at avidehringer.com/software/android/The-Dalvik-Virtual-Machine.pdf
6. W. Enck, M. Ongtang, and P. McDaniel Understanding Android security IEEE Security & Privacy Magazine 7 1 2009 10 17
7. W. Enck, M. Ongtang, and P. McDaniel On lightweight mobile phone application certification Proceedings of the 16th ACM conference on computer and communications security, Chicago, IL, USA November 2009 235 245
8. W. Enck, P. Gilbert, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones Proceedings of the 9th USENIX conference on operating systems design and implementation, Vancouver, BC, Canada October 2010 393 407
9. Encyclopedia entry: Trojan:AndroidOS/Kmin.A. Available at: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name= Trojan%3AAndroidOS%2FKmin.A.
10. A.P. Fuchs, A. Chaudhuri, and J.S. Foster SCanDroid: automated security certification of Android applications Technical report 2009 University of Maryland
11. T. Isohara, K. Takemori, and A. Kubota Kernel-based behavior analysis for Android malware detection Proceedings of the 7th international conference on computational intelligence and security, Sanya, Hainan, China December 2011 1011 1015
12. Lookout mobile security technical tear down. Lookout Mobile Security.
13. A. Moser, C. Kruegel, and E. Kirda Limits of static analysis for malware detection Proceeding of annual computer security applications conference, Miami December 2007 421 430
14. B. Rozenberg, E. Gudes, Y. Elovici, and Y. Fledel A method for detecting unknown malicious executables Proceedings of the 2011 IEEE 10th international conference on trust, security and privacy in computing and communications, Changsha, China November 2011 190 196
15. Security alert: new DroidDream Light variant published to Android market. Available at: http://blog.mylookout.com/blog/2011/07/08/security-alert-new- droiddream-light-variant-published-to-android-market/.
16. Security alert: Zsone Trojan found in Android market. Available at: https://blog.lookout.com/blog/2011/05/11/security-alert-zsone-trojan-found-in- android-market/.
17. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss 'Andromaly': a behavioral malware detection framework for Android devices Journal of Intelligent Information Systems 38 1 January 2011 161 190
18. Strace. Available at: http://sourceforge.net/projects/strace/.
19. T. Strazzere, and T. Wyatt Geinimi trojan technical teardown 2011 Lookout Mobile Security
20. T. Vidas, D. Votipka, and N. Christin All your droid are belong to us: a survey of current Android attacks Proceedings of the 5th USENIX conference on offensive technologies, San Francisco, CA, USA August 2011
21. VirusTotal - free online virus, malware and URL scanner. Available at: https://www.virustotal.com/.
22. M. Zheng, P.P.C. Lee, and J.C.S. Lui ADAM: an automatic and extensible platform to stress test Android anti-virus systems Proceedings of the 9th conference on detection of intrusions and malware & vulnerability assessment (DIMVA'12), Heraklion, Crete, Greece July 2012
23. Zheng M, Sun M, Lui JCS. DroidAnalytics: a signature based analytic system to collect, extract, analyze and associate Android malware. Available at: http://arxiv.org/abs/1302.7212.
24. Y. Zhou, and X. Jiang Dissecting Android malware: characterization and evolution Proceedings of the 33rd IEEE symposium on security and privacy, San Francisco, CA, USA May 2012 95 109
25. Y. Zhou, and X. Jiang An analysis of the AnserverBot Trojan Technical report September 2011
26. W. Zhou, Y. Zhou, X. Jiang, and P. Ning Detecting repackaged smartphone applications in third-party Android marketplaces Proceedings of the 2nd ACM conference on data and application security and privacy, San Antonio, TX, USA February 2012 317 326
27. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets Proceedings of the 19th network and distributed system security symposium, San Diego, CA, USA February 2012