MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis

Proceedings - International Computer Software and Applications Conference

Volumn 2, Issue , 2015, Pages 422-433

  Lindorfer, Martina ^a,c   Neugschwandtner, Matthias ^b,c   Platzer, Christian ^c  

^a SBA RESEARCH   (Austria)

^b IBM RESEARCH ZURICH   (Switzerland)

^c VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Classification; Malware analysis; Mobile security

Indexed keywords

APPLICATION PROGRAMS; ARTIFICIAL INTELLIGENCE; CLASSIFICATION (OF INFORMATION); COMPUTER CRIME; COMPUTER SOFTWARE; LEARNING SYSTEMS; MALWARE; MOBILE SECURITY; RISK ASSESSMENT; STATIC ANALYSIS;

ANDROID APPS; ANDROID MALWARE; CODE-LOADING; DETECTION PERFORMANCE; FALSE POSITIVE; MACHINE LEARNING TECHNIQUES; MALWARE ANALYSIS; STATIC AND DYNAMIC ANALYSIS;

ANDROID (OPERATING SYSTEM);

EID: 84962138802     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2015.103     Document Type: Conference Paper

References (63)

1. IDC, "Worldwide Smartphone Shipments Edge Past 300 Million Units in the Second Quarter; Android and iOS Devices Account for 96% of the Global Market, According to IDC ," http://www.idc.com/getdoc.jsp? containerId=prUS25037214, 2014
2. E. Protalinski, "A first: Hacked sites with android drive-by download malware," http://www.zdnet.com/blog/security/a-first-hacked-sites-withandroid-drive-by-download-malware/11810, 2012
3. F-Secure, "Threat Report H2 2013," http://www.f-secure.com/static/doc/ labs global/Research/Threat Report H2 2013.pdf, 2014
4. M. Lindorfer, S. Volanis, A. Sisto, M. Neugschwandtner, E. Athanasopoulos, F. Maggi, C. Platzer, S. Zanero, and S. Ioannidis, "AndRadar: fast discovery of android applications in alternative markets," in Conference on Detection of Intrusions and Malware &Vulnerability Assessment (DIMVA), 2014
5. I. Asrar, "Android.Dropdialer Identified on Google Play," http://www.symantec.com/connect/blogs/androiddropdialer-identifiedgoogle-play, 2012
6. F. Chytry, "Google Play: Whats the newest threat on the official Android market?" http://blog.avast.com/2014/03/07/google-play-whatsthe-newest-threat-on-The-official-android-market, March 2014
7. S. Hirst, "Lookout Discovers SocialPath Malware in Google Play Store," https://vpncreative.net/2015/01/10/lookout-socialpath-malwaregoogle-play, 2015
8. H. Lockheimer, "Android and Security," http://googlemobile.blogspot. com/2012/02/android-and-security.html, 2012
9. J. Oberheide and C. Miller, "Dissecting the Android Bouncer," in SummerCon, 2012
10. N. J. Percoco and S. Schulte, "Adventures in Bouncerland," in Black Hat USA, 2012
11. X. Jiang, "An Evaluation of the Application ("App") Verification Service in Android 4.2," http://www.cs.ncsu.edu/faculty/jiang/appverify, 2012
12. P. H. Chia, Y. Yamamoto, and N. Asokan, "Is This App Safe? A Large Scale Study on Application Permissions and Risk Signals," in International Conference on World Wide Web (WWW), 2012
13. T. Micro, "The Mobile Cybercriminal Underground Market in China," http://www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/ white-papers/wp-The-mobile-cybercriminal-undergroundmarket-in-china.pdf, 2014
14. A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, "Android permissions: User attention, comprehension, and behavior," in Symposium on Usable Privacy and Security (SOUPS), 2012
15. J. Cheng, S. H. Wong, H. Yang, and S. Lu, "SmartSiren: Virus Detection and Alert for Smartphones," in International Conference on Mobile Systems, Applications, and Services (MobiSys), 2007
16. J. Oberheide, K. Veeraraghavan, E. Cooke, J. Flinn, and F. Jahanian, "Virtualized In-cloud Security Services for Mobile Devices," in Workshop on Virtualization in Mobile Computing (MobiVirt), 2008
17. M. Endler, "Does Mobile Antivirus Software Really Protect Smartphones?" http://www.informationweek.com/security/antivirus/ does-mobile-antivirus-software-really-pr/240008673, 2012
18. M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. van der Veen, and C. Platzer, "Andrubis-1,000,000 Apps Later: A View on Current Android Malware Behaviors," in International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014
19. M. Bailey, J. Oberheide, J. Andersen, Z. Mao, F. Jahanian, and J. Nazario, "Automated Classification and Analysis of Internet Malware," in International Symposium on Recent Advances in Intrusion Detection (RAID), 2007
20. U. Bayer, P. Milani Comparetti, C. Hlauscheck, C. Kruegel, and E. Kirda, "Scalable, Behavior-Based Malware Clustering," in Annual Network &Distributed System Security Symposium (NDSS), 2009
21. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, "Learning and Classification of Malware Behavior," in Conference on Detection of Intrusions and Malware &Vulnerability Assessment (DIMVA), 2008
22. M. Neugschwandtner, P. Milani Comparetti, G. Jacob, and C. Kruegel, "ForeCast: Skimming off the Malware Cream," in Annual Computer Security Applications Conference (ACSAC), 2011
23. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid Android: Versatile Protection for Smartphones," in Annual Computer Security Applications Conference (ACSAC), 2010
24. C. Jarabek, D. Barrera, and J. Aycock, "ThinAV: Truly Lightweight Mobile Cloud-based Anti-malware," in Annual Computer Security Applications Conference (ACSAC), 2012
25. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Using Probabilistic Generative Models For Ranking Risks of Android Apps," in ACM Conference on Computer and Communications Security (CCS), 2012
26. W. Enck, M. Ongtang, and P. McDaniel, "On Lightweight Mobile Phone Application Certification," in ACM Conference on Computer and Communications Security (CCS), 2009
27. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A Survey of Mobile Malware in the Wild," in ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011
28. S. Rosen, Z. Qian, and Z. M. Mao, "AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users," in ACM Conference on Data and Application Security and Privacy (CODASPY), 2013
29. D. Barrera, J. Clark, D. McCarney, and P. C. van Oorschot, "Understanding and Improving App Installation Security Mechanisms Through Empirical Analysis of Android," in ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2012
30. A. Apvrille and T. Strazzere, "Reducing the Window of Opportunity for Android Malware: Gotta catch 'em all," Journal in Computer Virology, vol. 8, no. 1-2, pp. 61-71, 2012
31. S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, "MAST: Triage for Market-scale Mobile Malware Analysis," in ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013
32. H. Zhu, H. Xiong, Y. Ge, and E. Chen, "Mobile App Recommendations with Security and Privacy Awareness," in ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), 2014
33. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "RiskRanker: Scalable and Accurate Zero-day Android Malware Detection," in International Conference on Mobile Systems, Applications, and Services (MobiSys), 2012
34. Y. Aafer, W. Du, and H. Yin, "DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android," in International Conference on Security and Privacy in Communication Networks (SecureComm), 2013
35. D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck, "Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket," in Annual Network &Distributed System Security Symposium (NDSS), 2014
36. Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, and F. Massacci, "StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications," in ACM Conference on Data and Application Security and Privacy (CODASPY), 2015
37. D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu, "DroidMat: Android Malware Detection Through Manifest and API Calls Tracing," in Asia Joint Conference on Information Security, 2012
38. B. Sanz, I. Santos, C. Laorden, X. U.-P. P. Bringas, and G. Alvarez, "PUMA: Permission Usage to detect Malware in Android," in Advances in Intelligent Systems and Computing (AISC), 2012
39. J. Sahs and L. Khan, "A Machine Learning Approach to Android Malware Detection," in European Intelligence and Security Informatics Conference (EISIC), 2012
40. A. Shabtai, U. Kananov, Y. Elovici, C. Glezer, and Y. Weiss, ""Andromaly": a behavioral malware detection framework for android devices," Journal of Intelligent Information Systems, vol. 38, pp. 161-190, 1 2012
41. B. Amos, H. A. Turner, and J. White, "Applying Machine Learning Classifiers to Dynamic Android Malware Detection at Scale," in International Conference on Wireless Communications and Mobile Computing (IWCMC), 2013
42. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavior-Based Malware Detection System for Android," in ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011
43. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," in Annual Network &Distributed System Security Symposium (NDSS), 2012
44. V. M. Afonso, M. F. de Amorim, A. R. A. Gŕegio, G. B. Junquera, and P. L. de Geus, "Identifying Android malware using dynamically obtained features," Journal of Computer Virology and Hacking Techniques, 2014
45. W.-C. Wu and S.-H. Hung, "DroidDolphin: A Dynamic Android Malware Detection Framework Using Big Data and Machine Learning," in Conference on Research in Adaptive and Convergent Systems (RACS), 2014
46. A. Moser, C. Kruegel, and E. Kirda, "Limits of Static Analysis for Malware Detection," in Annual Computer Security Applications Conference (ACSAC), 2007
47. A. Aprville and A. Albertini, "Hide Android Applications in Images," Black Hat Europe, 2014
48. T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis, "Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware," in European Workshop on System Security (EuroSec), 2014
49. T. Vidas and N. Christin, "Evading Android Runtime Analysis via Sandbox Detection," in ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014
50. Google, "Android Developers: Signing Your Applications," http:// developer.android.com/tools/publishing/app-signing.html
51. N. Srndíc and P. Laskov, "Practical Evasion of a Learning-Based Classifier: A Case Study," in IEEE Symposium on Security and Privacy (S and P), 2014
52. M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee, and D. Dagon, "From Throw-away Traffic to Bots: Detecting the Rise of DGA-based Malware," in USENIX Security Symposium, 2012
53. A. Y. Ng, "Feature selection, L1 vs. L2 regularization, and rotational invariance," in International Conference on Machine Learning (ICML), 2004
54. Y. W. Chen and C. J. Lin, "Combining SVMs with Various Feature Selection Strategies," in Feature Extraction, Foundations and Applications. Springer, 2006
55. "VirusTotal," http://www.virustotal.com
56. F-Secure, "Mobile Threat Report Q2 2012," http://www.f-secure.com/ weblog/archives/MobileThreatReport Q2 2012.pdf, 2012
57. Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution," in IEEE Symposium on Security and Privacy (S and P), 2012
58. "Contagio," http://contagiominidump.blogspot.com
59. H. T. T. Truong, E. Lagerspetz, P. Nurmi, A. J. Oliner, S. Tarkoma, N. Asokan, and S. Bhattacharya, "The Company You Keep: Mobile Malware Infection Rates and Inexpensive Risk Indicators," in International Conference on World Wide Web (WWW), 2014
60. "AppBrain Stats," http://www.appbrain.com/stats/number-of-androidapps, (Retrieved: April 27, 2015)
61. L. Spradlin, "Google Updates Play Store Developer Policy, Puts The Smack Down On Intrusive Advertising," http://www.androidpolice.com/2012/07/31/google-updates-play-storedeveloper-policy-puts-The-smack-down-on-intrusive-advertising-saygoodbye-to-airpush-and-its-cohorts/, 2012
62. T. Strazzere, "Downloading market applications without the vending app," http://www.strazzere.com/blog/2009/09/downloading-marketapplications-without-The-vending-app, 2009
63. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, "Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware," in IEEE International Conference on Dependable Systems and Networks (DSN), 2008