Abstract
Mobile malware has grown in scale and complexity, as a consequence of the unabated uptake of smartphones worldwide. Malware writers have been developing detection evasion techniques which are rapidly making anti-malware technologies ineffective. In particular, zero-days malware is able to easily pass signature based detection, while techniques based on dynamic analysis, which could be more accurate and robust, are too costly or inappropriate to real contexts, especially for reasons related to usability. This paper discusses a technique for discriminating Android malware from trusted applications that does not rely on signatures, but exploits a vector of features obtained from the static analysis of the Android’s Dalvik code. Experiments on a sample of 11,200 applications revealed that the proposed technique produces high precision (over 93 %) in mobile malware detection. Furthermore we investigate whether the feature vector is useful to identify the malware family and if it is possible to discriminate whether an application was retrieved from the official market or third-party one.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
Androguard (2014). https://code.google.com/p/androguard/
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS 2014, Network and Distributed System Security Symposium. IEEE (2014)
Attaluri, S., McGhee, S., Stamp, M.: Profile hidden markov models and metamorphic virus detection. J. Comput. Virol. Hacking Tech. 5(2), 179–192 (2008)
Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9(4), 179–192 (2013)
Bilar, D.: Opcodes as predictor for malware. Int. J. Electron. Secur. Digital Forensics 1(2), 156–168 (2007)
Canfora, G., Mercaldo, F., Visaggio, C.: A classifier of malicious android applications. In: IWSMA 2013, 2nd International Workshop on Security of Mobile Applications, in conjunction with the International Conference on Availability, Reliability and Security, pp. 607–614. IEEE (2013)
Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: Mast: triage for market-scale mobile malware analysis. In: WISEC 2013, 6th ACM Conference on Security in Wireless and Mobile Networks, pp. 13–24. ACM (2013)
Chandra, D., Franz, M.: Fine-grained information flow analysis and enforcement in a java virtual machine. In: ACSAC 2007, 23rd Annual Computer Security Applications Conference, pp. 463–475. IEEE (2007)
Choucane, M., Lakhotia, A.: Using engine signature to detect metamorphic malware. In: WORM 2006, 4th ACM workshop on Recurring malcode, pp. 73–78. ACM (2006)
Desnos, A.: Android: static analysis using similarity distance. In: HICSS 2012, 45th Hawaii International Conference on System Sciences, pp. 5394–5403. IEEE (2012)
Enck, W., Gilbert, P., Chun, B., Con, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI 2010, 9th USENIX Symposium on Operating Systems Design and Implementation (2010)
Fedler, R., Schütte, J., Kulicke, M.: On the effectiveness of malware protection on android: An evaluation of android antivirus apps, (2014). http://www.aisec.fraunhofer.de/, http://www.aisec.fraunhofer.de/content/dam/aisec/Dokumente/Publikationen/Studien_TechReports/deutsch/042013-Technical-Report-Android-Virus-Test.pdf
Gartner (2014). http://www.gartner.com/newsroom/id/2944819
Gibler, C., Crussell, J., Erickson, J., Chen, H.: Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)
GoogleMobile (2014). http://googlemobile.blogspot.it/2012/02/android-and-security.html
GooglePlay (2014). https://play.google.com/
Marforio, C., Aurelien, F., Srdjan, C.: Application collusion attack on the permission-based security model and its implications for modern smartphone systems (2011). ftp://ftp.inf.ethz.ch/doc/tech-reports/7xx/724.pdf
Oberheide, J., Miller, C.: Dissecting the android bouncer. In: SummerCon (2012). https://jon.oberheide.org/files/summercon12-bouncer.pdf
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: CCS 2012, 19th ACM Conference on Computer and Communications Security, pp. 241–252 (2012)
Rad, B.B., Masrom, M.: Metamorphic virus variants classification using opcode frequency histogram. Latest Trends on Computers (Volume I) (2010)
Rad, B., Masrom, M., Ibrahim, S.: Opcodes histogram for classifying metamorphic portable executables malware. In: ICEEE 2012, International Conference on E-Learning and E-Technologies in Education, pp. 209–213 (2012)
Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. In: EUROSEC 2013, 6th European Workshop on Systems Security (2013)
Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: EISIC 2012, European Intelligence and Security Informatics Conference, pp. 141–147 (2012)
Spreitzenbarth, M., Ectler, F., Schreck, T., Freling, F., Hoffmann, J.: Mobilesandbox: looking deeper into android applications. In: SAC 2013, 28th International ACM Symposium on Applied Computing (2013)
Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: Droidmat: android malware detection through manifest and api calls tracing. In: Asia JCIS 2012, 7th Asia Joint Conference on Information Security, pp. 62–69 (2012)
Zheng, M., Sun, M., Lui, J.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: TrustCom 2013, International Conference on Trust, Security and Privacy in Computing and Communications, pp. 163–171 (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: SP 2012, IEEE Symposium on Security and Privacy, pp. 95–109 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Canfora, G., Mercaldo, F., Visaggio, C.A. (2016). Evaluating Op-Code Frequency Histograms in Malware and Third-Party Mobile Applications. In: Obaidat, M., Lorenz, P. (eds) E-Business and Telecommunications. ICETE 2015. Communications in Computer and Information Science, vol 585. Springer, Cham. https://doi.org/10.1007/978-3-319-30222-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-30222-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30221-8
Online ISBN: 978-3-319-30222-5
eBook Packages: Computer ScienceComputer Science (R0)