Skip to main content
SpringerLink
Log in

MeadDroid: Detecting Monetary Theft Attacks in Android by DVM Monitoring

  • Conference paper
Information Security and Cryptology – ICISC 2012 (ICISC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7839))

Included in the following conference series:

Abstract

Monetary theft attacks are one of the most popular attack forms towards Android system in recent years. In this paper, we present MeadDroid, a lightweight real-time detection system atop Android, to hold back this type of attacks. An FSM of monetary theft attacks is constructed, based on the analysis of real-world attacks. Employing an FSM-based detection approach, with the information obtained from dynamically monitoring the API calls and tracking the processing flow of UI (User Interface) inputs, MeadDroid can detect monetary theft attacks effectively and incurs only a small performance overhead. In addition, realized as an extension of Dalvik VM, MeadDroid is transparent to the user, and thus can provide a good user experience. Based on a prototype system, experiments are conducted with 195 popular Android applications. 11 applications with monetary theft attacks are found and the detection accuracy is almost 100% through comparing the results with the charge bill of the phone number used in the experiments. The performance overhead on a CPU-bound micro-benchmark is 8.97%. Experimental results demonstrate that MeadDroid has good performance in terms of effectiveness and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://searchenginewatch.com/article/2155122/Android-Market-vs.-App-Store-Prices-Why-Android-Users-Pay-Double-Study

  2. http://news.cntv.cn/china/20120408/110689.shtml

  3. Porter Felt, A., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A Survey of Mobile Malware In The Wild. In: Proceedings of the 1st Workshop on Security and Privacy in Smartphones and Mobile Devices, CCS-SPSM 2011 (2011)

    Google Scholar 

  4. http://techcrunch.com/2011/11/20/mcafee-nearly-all-new-mobile-malware-in-q3-targeted-at-Android-phones-up-37-percent/

  5. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing Inter-Application Communication in Android. In: Proceedings of the 9th Annual Symposium on Network and Distributed System Security, MobiSys 2011 (2011)

    Google Scholar 

  6. Fuchs, A., Chaudhuri, A., Foster, J.: SCanDroid: Automated Security Certification of Android Applications., http://www.cs.umd.edu/avik/projects/scAndroidascaa

  7. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of Android Application Security. In: Proceedings of the 20th USENIX Security Symposium, USENIX Security 2011 (2011)

    Google Scholar 

  8. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (October 2011)

    Google Scholar 

  9. Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: Towards formal analysis of the permission-based security model for Android. In: Proceedings of the 2009 Fifth International Conferenceon Wireless and Mobile Communications, ICWMC 2009, pp. 87–92. IEEE Computer Society, Washington, DC (2009)

    Chapter  Google Scholar 

  10. Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, SOCIALCOM 2010, pp. 944–951. IEEE Computer Society, Washington, DC (2010)

    Chapter  Google Scholar 

  11. Shin, W., Kwak, S., Kiyomoto, S., Fukushima, K., Tanaka, T.: A small but non-negligible aw in the Android permission scheme. In: Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2010, pp. 107–110. IEEE Computer Society, Washington, DC (2010)

    Chapter  Google Scholar 

  12. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)

    Google Scholar 

  13. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., Mc- Daniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010 (February 2010)

    Google Scholar 

  14. Android Permissions, http://Android-permissions.org/

  15. http://www.f-secure.com/en/web/labs_global/mobile-security

  16. Trojan:Android/RogueSPPush, http://www.cs.ncsu.edu/faculty/jiang/RogueSPPush/

  17. Trojan:Android/ Zsone.a, http://www.f-secure.com/v-descs/trojan_Android_zsone_a.shtml

  18. Android dalvik, http://source.Android.com/tech/dalvik/index.html

  19. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-Based Malware Detection System for Android. Proceedings of the 1st Workshop on Security and Privacy in Smartphones and Mobile Devices, CCS SPSM 2011 (2011)

    Google Scholar 

  20. Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009 (2009)

    Google Scholar 

  21. Schmidt, A.-D., Schmidt, H.-G., Clausen, J., Yuksel, K.A., Kiraz, O., Camtepe, A., Albayrak, S.: Enhancing security of linux-based Android devices. In: Proceedings of 15th International Linux Kongress, Lehmann (October 2008)

    Google Scholar 

  22. Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yxksel, K., Camtepe, S., Sahin, A.: Static analysis of executables for collaborative malware detection on Android. In: ICC 2009 Communication and Information Systems Security Symposium, Dresden, Germany (June 2009)

    Google Scholar 

  23. Blasing, T., Schmidt, A.-D., Batyuk, L., Camtepe, S.A., Albayrak, S.: An Android application sandbox system for suspicious software detection. In: 5th International Conference on Malicious and Unwanted Software, MALWARE 2010, Nancy, France (2010)

    Google Scholar 

  24. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off My Market: Detecting Malicious Apps in Alternative Android Markets. In: Proceedings of the 16th Network and Distributed System Security Symposium, NDSS 2012 (February 2012)

    Google Scholar 

  25. AppChina, http://www.appchina.com/

  26. Pendragon Software Corporation. CaffeineMark 3.0

    Google Scholar 

  27. http://www.benchmarkhq.ru/cm30/

  28. Di Cerbo, F., Girardello, A., Michahelles, F., Voronkova, S.: Detection of malicious applications on Android os. In: Sako, H., Franke, K.Y., Saitoh, S. (eds.) IWCF 2010. LNCS, vol. 6540, pp. 138–149. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  29. http://developer.android.com/reference/android/content/Intent.html

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing, China

    Lingguang Lei, Yuewu Wang, Jiwu Jing, Zhongwen Zhang & Xingjie Yu

  2. University of Chinese Academy of Sciences, Beijing, China

    Lingguang Lei, Zhongwen Zhang & Xingjie Yu

Authors
  1. Lingguang Lei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuewu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiwu Jing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhongwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xingjie Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Sejong University, 143-747, Seoul, Korea

    Taekyoung Kwon

  2. School of Computer Science and Engineering, Inha University, 402-751, Incheon, Korea

    Mun-Kyu Lee

  3. National Security Research Institute, 306-600, Daejeon, Korea

    Daesung Kwon

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lei, L., Wang, Y., Jing, J., Zhang, Z., Yu, X. (2013). MeadDroid: Detecting Monetary Theft Attacks in Android by DVM Monitoring. In: Kwon, T., Lee, MK., Kwon, D. (eds) Information Security and Cryptology – ICISC 2012. ICISC 2012. Lecture Notes in Computer Science, vol 7839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37682-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37682-5_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37681-8

  • Online ISBN: 978-3-642-37682-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation