research-article

A kernel-based monitoring approach for analyzing malicious behavior on Android

Authors:

Minkyu ParkAuthors Info & Claims

SAC '14: Proceedings of the 29th Annual ACM Symposium on Applied Computing

Pages 1737 - 1738

https://doi.org/10.1145/2554850.2559915

Published: 24 March 2014 Publication History

Get Access

Abstract

This paper proposes a new technique that monitors important events at the kernel level of Android and analyzes malicious behavior systematically. The proposed technique is designed in two ways. First, in order to analyze malicious behavior that might happen inside one application, it monitors file operations by hooking the system calls to create, read from, and write to a file. Secondly, in order to analyze malicious behavior that might happen in the communication between colluding applications, it monitors IPC messages (Intents) by hooking the binder driver. Our technique can detect even the behavior of obfuscated malware using a run-time monitoring method. In addition, it can reduce the possibility of false detection by providing more specific analysis results compared to the existing methods on Android. Experimental results show that our technique is effective to analyze malicious behavior on Android and helpful to detect malware.

References

[1]

Zhou, Y., & Jiang, X. (2012) Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on (pp. 95--109). IEEE.

Digital Library

Google Scholar

[2]

Isohara, T., Takemori, K., Kubota, A. (2011) Kernel-based Behavior Analysis for Android Malware Detection. In Computational Intelligence and Security (CIS), 2011 Seventh International Conference on (pp. 1011--1015). IEEE.

Digital Library

Google Scholar

[3]

Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation (pp. 1--6).

Digital Library

Google Scholar

[4]

Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., & Wallach, D. S. (2011) Quire: Lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Security Symposium.

Digital Library

Google Scholar

[5]

Zhou, Y. and Jiang, X. Android Malware Genome Project. www.malgenomeproject.org

Google Scholar

Cited By

View all

Miranda-Garcia APastor-López IUrquijo Bde la Puerta JBringas P(2023)Bytecode-Based Android Malware Detection Applying Convolutional Neural NetworksInternational Joint Conference 16th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2023) 14th International Conference on EUropean Transnational Education (ICEUTE 2023)10.1007/978-3-031-42519-6_11(111-121)Online publication date: 27-Aug-2023
https://doi.org/10.1007/978-3-031-42519-6_11
May MCohen YMenachem HSwisa YHong JBures MPark JCerny T(2022)CEMDAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507009(917-925)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507009
Amenova STuran CZharkynbek D(2022)Android Malware Classification by CNN-LSTM2022 International Conference on Smart Information Systems and Technologies (SIST)10.1109/SIST54437.2022.9945816(1-4)Online publication date: 28-Apr-2022
https://doi.org/10.1109/SIST54437.2022.9945816
Show More Cited By

Index Terms

A kernel-based monitoring approach for analyzing malicious behavior on Android
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

An Overview of Techniques for Obfuscated Android Malware Detection
Abstract
Obfuscation is a method to hide coding strategies for security and privacy. Despite its positive use, malware experts have also used this technique to develop malware applications. A variety of malware has taken over the market in recent times. ...
DroidLegacy: Automated Familial Classification of Android Malware
PPREW'14: Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014

We present an automated method for extracting familial signatures for Android malware, i.e., signatures that identify malware produced by piggybacking potentially different benign applications with the same (or similar) malicious code. The APK classes ...
Profiling user-trigger dependence for Android malware detection

As mobile computing becomes an integral part of the modern user experience, malicious applications have infiltrated open marketplaces for mobile platforms. Malware apps stealthily launch operations to retrieve sensitive user or device data or abuse ...

Comments

Information & Contributors

Information

Published In

SAC '14: Proceedings of the 29th Annual ACM Symposium on Applied Computing

March 2014

1890 pages

ISBN:9781450324694

DOI:10.1145/2554850

Conference Chairs:
Yookun Cho
Seoul National University, Korea
,
Sung Y. Shin
South Dakota State University
,
Program Chairs:
Sangwook Kim
Kyungpook National University, Korea
,
Chih-Cheng Hung
Southern Polytechnic State University
,
Jiman Hong
Soongsil University, South Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministry of Culture, Sports and Tourism
Ministry of Culture, Sports and Tourism (MCST) and Korea Copyright Commission in 2013
Ministry of Science, ICT and Future Planning

Conference

SAC 2014

Sponsor:

SIGAPP

SAC 2014: Symposium on Applied Computing

March 24 - 28, 2014

Gyeongju, Republic of Korea

Acceptance Rates

SAC '14 Paper Acceptance Rate 218 of 939 submissions, 23%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
345
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Miranda-Garcia APastor-López IUrquijo Bde la Puerta JBringas P(2023)Bytecode-Based Android Malware Detection Applying Convolutional Neural NetworksInternational Joint Conference 16th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2023) 14th International Conference on EUropean Transnational Education (ICEUTE 2023)10.1007/978-3-031-42519-6_11(111-121)Online publication date: 27-Aug-2023
https://doi.org/10.1007/978-3-031-42519-6_11
May MCohen YMenachem HSwisa YHong JBures MPark JCerny T(2022)CEMDAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507009(917-925)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507009
Amenova STuran CZharkynbek D(2022)Android Malware Classification by CNN-LSTM2022 International Conference on Smart Information Systems and Technologies (SIST)10.1109/SIST54437.2022.9945816(1-4)Online publication date: 28-Apr-2022
https://doi.org/10.1109/SIST54437.2022.9945816
Yuan BWang JWu PQing X(2022)IoT Malware Classification Based on Lightweight Convolutional Neural NetworksIEEE Internet of Things Journal10.1109/JIOT.2021.31000639:5(3770-3783)Online publication date: 1-Mar-2022
https://doi.org/10.1109/JIOT.2021.3100063
Nguyen TOrenbach MAtamli A(2022)Live system call trace reconstruction on LinuxForensic Science International: Digital Investigation10.1016/j.fsidi.2022.30139842(301398)Online publication date: Jul-2022
https://doi.org/10.1016/j.fsidi.2022.301398
Bernardi MCimitile MMaggi F(2022)Data-aware process discovery for malware detection: an empirical studyMachine Learning10.1007/s10994-022-06154-3112:4(1171-1199)Online publication date: 31-Mar-2022
https://doi.org/10.1007/s10994-022-06154-3
Zhang Y(2021)User Identity Hiding Method of AndroidResearch Anthology on Securing Mobile Technologies and Applications10.4018/978-1-7998-8545-0.ch022(413-425)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-8545-0.ch022
Sharma TRattan D(2021)Malicious application detection in android — A systematic literature reviewComputer Science Review10.1016/j.cosrev.2021.10037340(100373)Online publication date: May-2021
https://doi.org/10.1016/j.cosrev.2021.100373
Zhang Y(2020)User Identity Hiding Method of AndroidInternational Journal of Digital Crime and Forensics10.4018/IJDCF.202007010212:3(15-26)Online publication date: Jul-2020
https://doi.org/10.4018/IJDCF.2020070102
Ardimento PAversano LBernardi MCimitile M(2020)Data-Aware Declarative Process Mining for Malware Detection2020 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN48605.2020.9206902(1-8)Online publication date: Jul-2020
https://doi.org/10.1109/IJCNN48605.2020.9206902
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

An Overview of Techniques for Obfuscated Android Malware Detection

DroidLegacy: Automated Familial Classification of Android Malware

Profiling user-trigger dependence for Android malware detection

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations