Abstract
Malware applications are continuing to grow across all computing and mobile platforms. Since the last decade, every day, half a million malware applications emerge as a real threat and hamper both mobile and computer ecosystems. With the rapid evolution and expansion of the smartphone market, malware detection and prevention for handheld devices need a paramount attention and effective solutions. Enrichment and diversification of smart applications, tools, sensors, and various services with underlying sensitive information always allure malware writers to exploit vulnerabilities. As Android is open-source and the smartphone’s market leader, it is therefore more vulnerable and has contributed to the boom of a variety of android malware applications. Malware is the payload created by an attacker to compromise the system’s integrity, availability, and confidentiality. Mostly, the interest is to steal confidential information, financial data, or crippling critical infrastructure and servers. Malware leads sometimes to severe damages and huge financial losses to businesses, institutions, and individuals. Malware writers keep coining novice methods and sophisticated routes for creating malware for mobile devices, computers, and servers. Therefore, it is very essential to devise a system that can detect and prevent legacy and new malware with as high accuracy as possible under different settings. In this chapter, we will cover the background of malware across different platforms, the existing solutions and techniques for malware analysis, prevention, and detection, as well as the recent advances in malware research domain employing cutting edge technologies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M. (2011). Combining file content and file relations for cloud based malware detection, pp. 222–230. https://doi.org/10.1145/2020408.2020448
Hardy, W., Chen, L., Hou, S., Ye, Y., Li, X.: DL4MD: a deep learning framework for intelligent malware detection. In: Proceedings of the International Conference on Data Mining (DMIN), p. 61. The Steering Committee of the World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2016)
Alam, M.S., Vuong, S.T.: Random forest classification for detecting android malware. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 663–669. IEEE (2013)
Zhu, H.J., Jiang, T.H., Ma, B., You, Z.H., Shi, W.L., Cheng, L.: HEMD: a highly efficient random forest-based malware detection framework for Android. Neural Comput. Appl. 30(11), 3353–3361 (2018)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.E.R.T.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS, vol. 14, pp. 23–26 (2014)
Sung, A., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (SAVE). In: Proceedings—Annual Computer Security Applications Conference, ACSAC, pp. 326–334 (2005). https://doi.org/10.1109/CSAC.2004.37
Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th Conference on USENIX Security Symposium—Volume 12 (SSYM’03). USENIX Association, USA (2003)
Christodorescu, M., Jha, S.: Testing malware detectors. ACM SIGSOFT Softw. Eng. Notes 29, 34–44 (2004). https://doi.org/10.1145/1007512.1007518
Shanmugam, G., Low, R., Stamp, M.: Simple substitution distance and metamorphic detection. J. Comput. Virol. Hacking Tech. 9 (2013). https://doi.org/10.1007/s11416-013-0184-5
Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2, 211–229 (2006). https://doi.org/10.1007/s11416-006-0028-7
Sorokin, I.: Comparing files using structural entropy. J. Comput. Virol. 7, 259–265 (2011). https://doi.org/10.1007/s11416-011-0153-9
Baysa, D., Low, R., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9 (2013). https://doi.org/10.1007/s11416-013-0185-4
Ször, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference (2001)
Runwal, N., Low, R., Stamp, M.: OpCode graph similarity and metamorphic detection. J. Comput. Virol. 8 (2012). https://doi.org/10.1007/s11416-012-0160-5
Stamp, M., Toderici, A.: Chi-squared distance and metamorphic virus detection. J. Comput. Virol. Hacking Tech. 9, 1–14 (2013). https://doi.org/10.1007/s11416-012-0171-2
Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate Android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, 2013, pp. 163–171. https://doi.org/10.1109/TrustCom.2013.25
Gao, T., Peng, W., Sisodia, D., Saha, T.K., Li, F., Al Hasan, M.: Android malware detection via graphlet sampling. IEEE Trans. Mob. Comput. 18(12), 2754–2767 (2019). https://doi.org/10.1109/TMC.2018.2880731
Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, Tokyo, 2012, pp. 62–69. https://doi.org/10.1109/AsiaJCIS.2012.18
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, Herndon, VA, 2013, pp. 300–305. https://doi.org/10.1109/ICTAI.2013.53
Chan, P.P.K., Song, W.-K.: Static detection of Android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics, Lanzhou, 2014, pp. 82–87. https://doi.org/10.1109/ICMLC.2014.7009096
Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, 2014, pp. 2301–2306. https://doi.org/10.1109/ICC.2014.6883666
Wang, Z., Li, K., Hu, Y., Fukuda, A., Kong, W.: Multilevel permission extraction in Android applications for malware detection. In: 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), Beijing, China, 2019, pp. 1–5. https://doi.org/10.1109/CITS.2019.8862060
Kapoor, A., Kushwaha, H., Gandotra, E.: Permission based Android malicious application detection using machine learning. In: 2019 International Conference on Signal Processing and Communication (ICSC), Noida, India, 2019, pp. 103–108. https://doi.org/10.1109/ICSC45622.2019.8938236
Saleem, M.S., Mišić, J., šić, V.B.: Examining permission patterns in Android apps using Kernel density estimation. In: 2020 International Conference on Computing, Networking and Communications (ICNC), Big Island, HI, USA, 2020, pp. 719–724. https://doi.org/10.1109/ICNC47757.2020.9049820
Kolbitsch, C., Comparetti, P., Kruegel, C., Kirda, E., Zhou, X.-y., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, pp. 351–366 (2009)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: SPSM ’11, pp. 15–26 (2011). https://doi.org/10.1145/2046614.2046619
Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. (2015). https://doi.org/10.1016/j.cose.2015.04.001
Nikolopoulos, S., Polenakis, I.: A graph-based model for malware detection and classification using system-call groups. J. Comput. Virol. Hacking Tech. 13 (2016). https://doi.org/10.1007/s11416-016-0267-1
Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based Android malware detection and prevention. IEEE Trans. Depend. Secure Comput. 15(1), 83–97 (2018). https://doi.org/10.1109/TDSC.2016.2536605
Choi, C., Esposito, C., Lee, M., Choi, J.: Metamorphic malicious code behavior detection using probabilistic inference methods. Cognit. Syst. Res. 56, 142–150 (2019)
Song, F., Touili, T.: PoMMaDe: pushdown model-checking for malware detection, pp. 607–610 (2013). https://doi.org/10.1145/2491411.2494599
Chaugule, A., Xu, Z., Zhu, S.: A Specification Based Intrusion Detection Framework for Mobile Phones, pp. 19–37 (2011). https://doi.org/10.1007/978-3-642-21554-4_2
Song, F., Touili, T.: Model-Checking for Android Malware Detection, pp. 216–235 (2014). https://doi.org/10.1007/978-3-319-12736-1_12
Battista, P., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Identification of Android malware families with model checking. https://doi.org/10.5220/0005809205420547
Canfora, G., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: LEILA: formal tool for identifying mobile malicious behaviour. IEEE Trans. Softw. Eng. 45(12), 1230–1252 (2019). https://doi.org/10.1109/TSE.2018.2834344
IDApro: Available at: https://www.hex-rays.com/. Accessed 28 Nov 2020
Debugger, O.: Available at: http://www.ollydbg.de/. Accessed 28 Nov 2020
XXD. Available at: https://linux.die.net/man/1/xxd. Accessed 28 Nov 2020
Miller, P., Hexdump (2000). Available at: https://man7.org/linux/man-pages/man1/hexdump.1.html. Accessed 28 Nov 2020
The first computer virus was designed for an apple computer, by a 15 year old. https://blogs.quickheal.com/the-first-pc-virus-was-designed-for-an-apple-computer-by-a-15-year-old/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Naït-Abdesselam, F., Darwaish, A., Titouna, C. (2022). Malware Forensics: Legacy Solutions, Recent Advances, and Future Challenges. In: Nicopolitidis, P., Misra, S., Yang, L.T., Zeigler, B., Ning, Z. (eds) Advances in Computing, Informatics, Networking and Cybersecurity. Lecture Notes in Networks and Systems, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-030-87049-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-87049-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87048-5
Online ISBN: 978-3-030-87049-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)