Skip to main content

Advertisement

Log in

A study of android malware detection techniques in virtual environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

With the rapid development of mobile environment, cyber-attacks have become more commonplace and more sophisticated. In smartphone operating system market, in particular, Android platform accounts for a large portion (65 % or higher). At the same time, malwares on the Android platform, has increased exponentially. This, such as mobile Internet service provider (ISP) operator and device manufacturers, have applied an anti-virus product. However, there exhibit a high false-positive rate to detect malwares because these are based on patterns or heuristic. To solve this problem, this study proposed and implemented Android malware detection techniques in virtual environment, using single physical machine. The proposed system is divided into a host system and virtual environment. The former features black market crawler designed to collect malware, hypervisor targeted for the communication and control of virtual machine and host machine and main module which transmits analysis file and result log to each system. In virtual environment, agent and emulator were implemented to analyze malware-suspicious application. This study implemented more active and faster Android malware detection techniques through black market crawling and Linux kernel-hooking mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Jung, H.M.: A methodology of honeynet based Android malicious code detection. Ph.D. thesis, Hannnm University (2014)

  2. Jung, H.M., Song J., Park, H.-S, Song, B.: A framework for overcoming a limitation of emulator-based dynamic analysis tools on the Android platform. The 3rdICCT 2013, pp. 960–961 (2013)

  3. Jeong, K., Park, H.-S.: A detection system of Android malware using mobile honeynet. In: The 1st International Conference for Small and Medium. pp. 51–52 (2014)

  4. Siles, R.: The spanish honeynet project (SHP). http://www.honeynet.org.es (2007). Accessed 17 Dec 2007

  5. Freeman, M., Woodward, A.: SmartPot: creating a 1st generation smartphone Honeypot. In: Australian Digital Forensics Conference. p. 64 (2009)

  6. Paranoid Android. http://wombat-project.eu/WP3/FP7-ICT-216026-Wombat_WP3_D13_V01-Sensor-deployment.pdf.

  7. WORMBAT project. http://www.wombat-project.eu/

  8. Webcrawling. http://ko.wikipedia.org/wiki/

  9. Gahalaut A.K., Khandnor P.: Reverse engineering: an essence for software re-engineering and program analysis. http://www.ijest.info/docs/IJEST10-02-06-131.pdf (2011)

  10. Symantec white paper series. Understanding Heuristics. http://symantec.com/avcenter/reference/heuristc.pdf (1998)

  11. Schmal, M.: Heuristic Techniques in AV Solutions, http://symantec.com/connect/articles/heuristic-techniques-av-solutions-overview (2002)

  12. Android apkTool. http://code.google.com/p/android-apktool/ (2011)

  13. Cute Android. Open source Android apps for developers: Dex2Jar. http://www.cuteandroid.com/tag/dex2jar (2011)

  14. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: MobiSys ’11 Proceedings of the 9th international conference on Mobile systems, applications, and services, pp. 239–252 (2011)

  15. Wang, Y., Chandrasekhar, S., Singhal, M., Ma, J.: A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing. Clust. Comput. 19(2), 647–662 (2016)

    Article  Google Scholar 

  16. Jung, H.M., Choi, J.W.: The integrated management method of heterogeneous WIPS sensors. Clust. Comput. 19(2), 911–919 (2016)

    Article  Google Scholar 

  17. Blasing, T., Batyuk, A., Camptepe, D., Albayrak, S.: An Android application sandbox system for suspicious software detection. http://www.dailabor.de/fileadmin/Files/Publikationen/Buchdatei/Thomas_AAS_Malware2010.pdf (2011)

  18. Kim, M., Park, S.O.: Trust management on user behavioral patterns for a mobile cloud computing. Clust. Comput. 16(4), 725–731 (2013)

    Article  Google Scholar 

  19. API hooking. http://ko.wikipedia.org/wiki/

  20. Edgar, B.: Taint analysis. COSEINC, solid security, In: H2HC (2009)

  21. Denning, D.E., Denning, P.J.: Certification if programs for secure information flow. Commun. ACM 20, 504–513 (1997)

    Article  MATH  Google Scholar 

  22. Daemon, BS: Dynamic program analysis and software exploitation. In: Phrack issue pp. 67–10 (2010)

  23. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’0) (2010)

  24. Android Reverse Engineering. https://redmine.honeynet.org/projects/are/wiki

  25. Moon, H.S.: Android-based malware detection technology trends. Electron. Telecommun. Trend. 28(3), 980–985 (2013)

    Google Scholar 

  26. Zhou, W., et al.: DroidMOSS: detecting repackaged smartphone applications in third-party Android marketplaces. In: Proceeding 2nd ACM Conference Data Application Security Privacy (CODASPY) (2012)

  27. Pouladzadeh, P., Peddi, S.V., Kuhad, P., Yassine, A., Shirmohammadi, S.: A virtualization mechanism for real-time multimedia-assisted mobile food recognition application in cloud computing. Clust. Comput. 18(3), 1099–1110 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Han-Jin Cho.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jung, H.M., Kim, KB. & Cho, HJ. A study of android malware detection techniques in virtual environment. Cluster Comput 19, 2295–2304 (2016). https://doi.org/10.1007/s10586-016-0630-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-016-0630-5

Keywords

Navigation