Abstract
Malware for smartphones have sky-rocketed these last years, particularly for Android platforms. To tackle this threat, services such as Google Bouncer have intended to counter-attack. However, it has been of short duration since the malware have circumvented the service by changing their behaviors. Therefore, we propose a malware taxonomy, a survey of attack vectors to better understand the Android malware, a survey of the modus-operandi of attackers for infecting the smartphones, and the design of components that are responsible for analyzing and detecting Android malware of the NEMESYS infrastructure. This infrastructure aims at understanding and detecting attacks both at the network and smartphone level.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Universal Serial Bus
- 2.
Short Message Service
References
Global smartphone installed base forecast by operating system for 88 countries: 2007 to 2017 (2012). https://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=7834
Android under siege: Popularity comes at a price (2012). http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-3q-2012-security-roundup-android-under-siege-popularity-comes-at-a-price.pdf
Mobile threat report q4 2012 (2012). http://www.f-secure.com/static/doc/labs_global/Research/MobileThreatReport Q4 2012.pdf
Mcafee threats report: Third quarter 2012 (2012). http://www.mcafee.com/it/resources/reports/rp-quarterly-threat-q3-2012.pdf
The nemesys project (2012). http://www.nemesys-project.eu/nemesys/index.html
Google play (2013). https://play.google.com/store
Amazon appstore for android (2013). http://www.amazon.com/mobile-apps/b?ie=UTF8&node=2350149011
Getjar (2013). http://www.getjar.com/
Cyanogenmod (2013). http://www.cyanogenmod.org/
D. Bornstein. Dalvik virtual machine internals (2008). http://de.youtube.com/watch?v=ptjedOZEXPM
Netcraft. Angry birds impersonated to distribute malware (2013). http://news.netcraft.com/archives/2013/04/12/angry-birds-impersonated-to-distribute-malware.html
Karlof C, Shankar U, Tygar JD, Wagner D (2007) Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM conference on Computer and communications security, CCS ’07, ACM, New York, USA, pp 58–71. doi:10.1145/1315245.1315254, http://doi.acm.org/10.1145/1315245.1315254
The samsung exynos kernel exploit–what you need to know (2012). http://www.androidcentral.com/samsung-exynos-kernel-exploit-what-you-need-know
Black hat hacker lays waste to android and meego using nfc exploits (2012). http://www.extremetech.com/computing/133501-black-hat-hacker-lays-waste-to-android-and-meego-using-nfc-exploits
Naraine R (2012) Exploit beamed via nfc to hack samsung galaxy s3 (android 4.0.4) (2012). http://www.zdnet.com/exploit-beamed-via-nfc-to-hack-samsung-galaxy-s3-android-4-0-4-7000004510/
Google fixes sms crashing bug in mobile os (2009). http://www.theregister.co.uk/2009/10/12/google_android_security_update
Android smartphones infected via drive-by exploit (2012). http://www.h-online.com/security/news/item/Android-smartphones-infected-via-drive-by-exploit-Update-1446992.html
Revealed! the top five android malware detected in the wild (2012). http://nakedsecurity.sophos.com/2012/06/14/top-five-android-malware/
Caro naming scheme (2013). http://www.caro.org/naming/scheme.html
Cme common malware enumeration (2013). http://cme.mitre.org/about/faqs.html
Maec malware attribute enumeration and characterizacion (2013). http://maec.mitre.org/
Androguard (2013). https://code.google.com/p/androguard/
Droibox (2013). https://code.google.com/p/droidbox/
Using the android emulator (2013). http://developer.android.com/tools/devices/emulator.html
Android debug bridge - android developer documentation (2012). http://developer.android.com/tools/help/adb.html
Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX conference on operating systems design and implementation, OSDI’10, USENIX Association, Berkeley, CA, USA, pp 1–6. http://dl.acm.org/citation.cfm?id=1924943.1924971
Tamada H, Nakamura M, Monden A, Matsumoto KI (2008) Introducing dynamic name resolution mechanism for obfuscating system-defined names in programs. In: Proceedings of the IASTED international conference on software engineering, SE ’08, ACTA Press, Anaheim, CA, USA, pp 125–130. http://dl.acm.org/citation.cfm?id=1722603.1722627
P. Moschonas, N. Kaklanis, D. Tzovaras (2011) Novel human factors for ergonomy evaluation in virtual environments using virtual user models. In: Proceedings of the 10th international conference on virtual reality continuum and its applications in industry, VRCAI ’11, ACM, New York, NY, USA, pp 31–40. doi:10.1145/2087756.2087760, http://doi.acm.org/10.1145/2087756.2087760
Android and security (2012). http://googlemobile.blogspot.com.es/2012/02/android-and-security.html
Circumventing google’s bouncer, android’s anti-malware system (2012). http://www.extremetech.com/computing/130424-circumventing-googles-bouncer-androids-anti-malware-system
Kelley PG, Consolvo S, Cranor LF, Jung J, Sadeh N, Wetherall D (2012) A conundrum of permissions: installing applications on an android smartphone. In: Proceedings of the 16th international conference on financial cryptography and data security, FC’12, Springer, Berlin, Heidelberg, pp 68–79. doi:10.1007/978-3-642-34638-56, http://dx.doi.org/10.1007/978-3-642-34638-5_6
Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and Privacy, SP ’12, IEEE Computer Society, Washington, DC, USA, pp 95–109. doi:10.1109/SP.2012.16, http://dx.doi.org/10.1109/SP.2012.16
Acknowledgments
The work presented in this paper is funded by the European Commission FP7 collaborative research project NEMESYS (Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem), no. 317888 within the Trustworthy ICT domain.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Delosières, L., García, D. (2013). Infrastructure for Detecting Android Malware. In: Gelenbe, E., Lent, R. (eds) Information Sciences and Systems 2013. Lecture Notes in Electrical Engineering, vol 264. Springer, Cham. https://doi.org/10.1007/978-3-319-01604-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-319-01604-7_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-01603-0
Online ISBN: 978-3-319-01604-7
eBook Packages: Computer ScienceComputer Science (R0)