Abstract
With the rapid development of mobile environment, cyber-attacks have become more commonplace and more sophisticated. In smartphone operating system market, in particular, Android platform accounts for a large portion (65 % or higher). At the same time, malwares on the Android platform, has increased exponentially. This, such as mobile Internet service provider (ISP) operator and device manufacturers, have applied an anti-virus product. However, there exhibit a high false-positive rate to detect malwares because these are based on patterns or heuristic. To solve this problem, this study proposed and implemented Android malware detection techniques in virtual environment, using single physical machine. The proposed system is divided into a host system and virtual environment. The former features black market crawler designed to collect malware, hypervisor targeted for the communication and control of virtual machine and host machine and main module which transmits analysis file and result log to each system. In virtual environment, agent and emulator were implemented to analyze malware-suspicious application. This study implemented more active and faster Android malware detection techniques through black market crawling and Linux kernel-hooking mechanism.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-016-0630-5/MediaObjects/10586_2016_630_Fig1_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-016-0630-5/MediaObjects/10586_2016_630_Fig2_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-016-0630-5/MediaObjects/10586_2016_630_Fig3_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-016-0630-5/MediaObjects/10586_2016_630_Fig4_HTML.gif)
Similar content being viewed by others
References
Jung, H.M.: A methodology of honeynet based Android malicious code detection. Ph.D. thesis, Hannnm University (2014)
Jung, H.M., Song J., Park, H.-S, Song, B.: A framework for overcoming a limitation of emulator-based dynamic analysis tools on the Android platform. The 3rdICCT 2013, pp. 960–961 (2013)
Jeong, K., Park, H.-S.: A detection system of Android malware using mobile honeynet. In: The 1st International Conference for Small and Medium. pp. 51–52 (2014)
Siles, R.: The spanish honeynet project (SHP). http://www.honeynet.org.es (2007). Accessed 17 Dec 2007
Freeman, M., Woodward, A.: SmartPot: creating a 1st generation smartphone Honeypot. In: Australian Digital Forensics Conference. p. 64 (2009)
Paranoid Android. http://wombat-project.eu/WP3/FP7-ICT-216026-Wombat_WP3_D13_V01-Sensor-deployment.pdf.
WORMBAT project. http://www.wombat-project.eu/
Webcrawling. http://ko.wikipedia.org/wiki/
Gahalaut A.K., Khandnor P.: Reverse engineering: an essence for software re-engineering and program analysis. http://www.ijest.info/docs/IJEST10-02-06-131.pdf (2011)
Symantec white paper series. Understanding Heuristics. http://symantec.com/avcenter/reference/heuristc.pdf (1998)
Schmal, M.: Heuristic Techniques in AV Solutions, http://symantec.com/connect/articles/heuristic-techniques-av-solutions-overview (2002)
Android apkTool. http://code.google.com/p/android-apktool/ (2011)
Cute Android. Open source Android apps for developers: Dex2Jar. http://www.cuteandroid.com/tag/dex2jar (2011)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: MobiSys ’11 Proceedings of the 9th international conference on Mobile systems, applications, and services, pp. 239–252 (2011)
Wang, Y., Chandrasekhar, S., Singhal, M., Ma, J.: A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing. Clust. Comput. 19(2), 647–662 (2016)
Jung, H.M., Choi, J.W.: The integrated management method of heterogeneous WIPS sensors. Clust. Comput. 19(2), 911–919 (2016)
Blasing, T., Batyuk, A., Camptepe, D., Albayrak, S.: An Android application sandbox system for suspicious software detection. http://www.dailabor.de/fileadmin/Files/Publikationen/Buchdatei/Thomas_AAS_Malware2010.pdf (2011)
Kim, M., Park, S.O.: Trust management on user behavioral patterns for a mobile cloud computing. Clust. Comput. 16(4), 725–731 (2013)
API hooking. http://ko.wikipedia.org/wiki/
Edgar, B.: Taint analysis. COSEINC, solid security, In: H2HC (2009)
Denning, D.E., Denning, P.J.: Certification if programs for secure information flow. Commun. ACM 20, 504–513 (1997)
Daemon, BS: Dynamic program analysis and software exploitation. In: Phrack issue pp. 67–10 (2010)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’0) (2010)
Android Reverse Engineering. https://redmine.honeynet.org/projects/are/wiki
Moon, H.S.: Android-based malware detection technology trends. Electron. Telecommun. Trend. 28(3), 980–985 (2013)
Zhou, W., et al.: DroidMOSS: detecting repackaged smartphone applications in third-party Android marketplaces. In: Proceeding 2nd ACM Conference Data Application Security Privacy (CODASPY) (2012)
Pouladzadeh, P., Peddi, S.V., Kuhad, P., Yassine, A., Shirmohammadi, S.: A virtualization mechanism for real-time multimedia-assisted mobile food recognition application in cloud computing. Clust. Comput. 18(3), 1099–1110 (2015)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jung, H.M., Kim, KB. & Cho, HJ. A study of android malware detection techniques in virtual environment. Cluster Comput 19, 2295–2304 (2016). https://doi.org/10.1007/s10586-016-0630-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-016-0630-5