Abstract
Nowadays mobile phone users download lots of applications for various purposes like learning, entertainment, businesses, etc. For a naive user, it is very difficult to identify whether the permissions provided to the application at the time of installation are being used properly or not. There are tools available for the detection of android malware but many of them are not open source or give tricky results which are not easily understandable. Various online services like VirusTotal uses the updated anti viruses for computing the malware detection ratio. However, since most of these anti-viruses are based on signature based detection methodology, therefore, it detection can be circumvented by using obfuscation methods. In our work we have implemented VULNEBDROID, an automated light weight obfuscation-tolerant static tool for computing the vulnerability score and assessing the vulnerability level of android applications. To assess the vulnerability, this tool selects the features of the application, like dangerous permissions used; vulnerable functions which can be used in order to misuse the application and can exploit the Application Programming Interface (API) to access the resources. Using this assessment tool, we are able to detect 96 % of malicious application as vulnerable either with high or medium degree of vulnerability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Feldman, S., Stadther, D., Wang, B.: Manilyzer: automated android malware detection through manifest analysis. In: IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (2014)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (SP) (2012)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)
Enck, W., Gilbert, P., McDaniel, P., Chun, B.-G.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM, October 2010
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM (2014)
OWASP Mobile Security. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
Virutota. https://VirusTotal.com/. Accessed Mar 2016
Yuan, Z., Min, Y., Yang, Z., Gu, G., Ning, P., Zang, B.: Permission use analysis for vetting undesirable behaviors in android apps. IEEE Trans. Inf. Forensics Secur. 9(11), 1828–1842 (2014)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: MobiSys. ACM (2012)
Jiang, X., Zhou, Y.: A survey of android malware. In: Jiang, X., Zhou, Y. (eds.) Android Malware. SpringerBreifs in Computer Science, pp. 3–20. Springer, New York (2013)
Desnos, A.: Androguard (2011). https://code.google.com/p/androguard/
Minitab. https://www.minitab.com/en-us/products/minitab/, Accessed 17 Mar 2016
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti- malware against transformation attack. In: ACM ASIA CCS, May 2013
Protsenko, M., Mller, T.: PANDORA applies non-deterministic obfuscation randomly to android. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE) (2013)
Malik, J., Kaushal, R.: CREDROID: android malware detection by network traffic analysis’. In: 1st ACM Workshop on Privacy-Aware Mobile Computing (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gupta, S., Kaushal, R. (2016). Vulnebdroid: Automated Vulnerability Score Calculator for Android Applications. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_40
Download citation
DOI: https://doi.org/10.1007/978-981-10-2738-3_40
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-2737-6
Online ISBN: 978-981-10-2738-3
eBook Packages: Computer ScienceComputer Science (R0)