Skip to main content
SpringerLink
Log in

Vulnebdroid: Automated Vulnerability Score Calculator for Android Applications

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 625))

Included in the following conference series:

Abstract

Nowadays mobile phone users download lots of applications for various purposes like learning, entertainment, businesses, etc. For a naive user, it is very difficult to identify whether the permissions provided to the application at the time of installation are being used properly or not. There are tools available for the detection of android malware but many of them are not open source or give tricky results which are not easily understandable. Various online services like VirusTotal uses the updated anti viruses for computing the malware detection ratio. However, since most of these anti-viruses are based on signature based detection methodology, therefore, it detection can be circumvented by using obfuscation methods. In our work we have implemented VULNEBDROID, an automated light weight obfuscation-tolerant static tool for computing the vulnerability score and assessing the vulnerability level of android applications. To assess the vulnerability, this tool selects the features of the application, like dangerous permissions used; vulnerable functions which can be used in order to misuse the application and can exploit the Application Programming Interface (API) to access the resources. Using this assessment tool, we are able to detect 96 % of malicious application as vulnerable either with high or medium degree of vulnerability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/Xbalien/vetdroid.

References

  1. Feldman, S., Stadther, D., Wang, B.: Manilyzer: automated android malware detection through manifest analysis. In: IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (2014)

    Google Scholar 

  2. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (SP) (2012)

    Google Scholar 

  3. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)

    Google Scholar 

  4. Enck, W., Gilbert, P., McDaniel, P., Chun, B.-G.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM, October 2010

    Google Scholar 

  5. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM (2014)

    Google Scholar 

  6. OWASP Mobile Security. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  7. Virutota. https://VirusTotal.com/. Accessed Mar 2016

  8. Yuan, Z., Min, Y., Yang, Z., Gu, G., Ning, P., Zang, B.: Permission use analysis for vetting undesirable behaviors in android apps. IEEE Trans. Inf. Forensics Secur. 9(11), 1828–1842 (2014)

    Article  Google Scholar 

  9. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: MobiSys. ACM (2012)

    Google Scholar 

  10. Jiang, X., Zhou, Y.: A survey of android malware. In: Jiang, X., Zhou, Y. (eds.) Android Malware. SpringerBreifs in Computer Science, pp. 3–20. Springer, New York (2013)

    Chapter  Google Scholar 

  11. Desnos, A.: Androguard (2011). https://code.google.com/p/androguard/

  12. Minitab. https://www.minitab.com/en-us/products/minitab/, Accessed 17 Mar 2016

  13. Apktool. http://ibotpeaches.github.io/Apktool/install/

  14. Dex2jar. http://sourceforge.net/projects/dex2jar/files/

  15. Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti- malware against transformation attack. In: ACM ASIA CCS, May 2013

    Google Scholar 

  16. Protsenko, M., Mller, T.: PANDORA applies non-deterministic obfuscation randomly to android. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE) (2013)

    Google Scholar 

  17. Malik, J., Kaushal, R.: CREDROID: android malware detection by network traffic analysis’. In: 1st ACM Workshop on Privacy-Aware Mobile Computing (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Indira Gandhi Delhi Technical University for Women, New Delhi, India

    Sugandha Gupta & Rishabh Kaushal

Authors
  1. Sugandha Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rishabh Kaushal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sugandha Gupta .

Editor information

Editors and Affiliations

  1. IBM ZURICH RESEARCH LABORATORY, IBM ZURICH RESEARCH LABORATORY, RUESCHLIKON, Switzerland

    Peter Mueller

  2. Technology and Management, Indian Institute of Information Technology and Management, Kerala, India

    Sabu M. Thampi

  3. Temple University, New York, New York, USA

    Md Zakirul Alam Bhuiyan

  4. Computer Science, University of Waikato Computer Science, Hamilton, New Zealand

    Ryan Ko

  5. Deakin University , Burwood, Victoria, Australia

    Robin Doss

  6. University of the West of Scotland , Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Gupta, S., Kaushal, R. (2016). Vulnebdroid: Automated Vulnerability Score Calculator for Android Applications. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_40

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2738-3_40

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2737-6

  • Online ISBN: 978-981-10-2738-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation