ABSTRACT
Android operating system is constantly overwhelmed by new sophisticated threats and new zero-day attacks. While aggressive malware, for instance malicious behaviors able to cipher data files or lock the GUI, are not worried to circumvention users by infection (that can try to disinfect the device), there exist malware with the aim to perform malicious actions stealthy, i.e., trying to not manifest their presence to the users. This kind of malware is less recognizable, because users are not aware of their presence. In this paper we propose FormalDroid, a tool able to detect silent malicious beaviours and to localize the malicious payload in Android application. Evaluating real-world malware samples we obtain an accuracy equal to 0.94.
- F. Mercaldo, V. Nardone, A. Santone, and C. A. Visaggio, "Ransomware steals your phone. formal methods rescue it," in International Conference on Formal Techniques for Distributed Objects, Components, and Systems, pp. 212--221, Springer, 2016.Google Scholar
- V. Rastogi, Y. Chen, and X. Jiang, "Droidchameleon: evaluating android anti-malware against transformation attacks," in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 329--334, ACM, 2013. Google ScholarDigital Library
- R. Milner, Communication and concurrency. PHI Series in computer science, Prentice Hall, 1989. Google ScholarDigital Library
- C. Stirling, "An introduction to modal and temporal logics for ccs," in Concurrency: Theory, Language, And Architecture (A. Yonezawa and T. Ito, eds.), LNCS, pp. 2--20, Springer, 1989. Google ScholarDigital Library
- R. Cleaveland and S. Sims, "The ncsu concurrency workbench," in CAV (R. Alur and T. A. Henzinger, eds.), vol. 1102 of Lecture Notes in Computer Science, Springer, 1996. Google ScholarDigital Library
- L. Deshotels, V. Notani, and A. Lakhotia, "Droidlegacy: Automated familial classification of android malware," in Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, PPREW'14, (New York, NY, USA), pp. 3:1--3:12, ACM, 2014. Google ScholarDigital Library
- G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and J. Blasco, "Dendroid: A text mining approach to analyzing and classifying code structures in android malware families," Expert Syst. Appl., vol. 41, pp. 1104--1117, Mar. 2014. Google ScholarDigital Library
- Y. Feng, S. Anand, I. Dillig, and A. Aiken, "Apposcopy: Semantics-based detection of android malware through static analysis."Google Scholar
- G. Canfora, F. Mercaldo, and C. A. Visaggio, "An hmm and structural entropy based detector for android malware," Comput. Secur., vol. 61, pp. 1--18, Aug. 2016. Google ScholarDigital Library
- S. Alam, R. Riley, I. Sogukpinar, and N. Carkaci, "Droidclone: Detecting android malware variants by exposing code clones," in 2016 Sixth International Conference on Digital Information and Communication Technology and its Applications (DICTAP), pp. 79--84, July 2016.Google Scholar
- D. Arp, M. Spreitzenbarth, M. Huebner, H. Gascon, and K. Rieck, "Drebin: Efficient and explainable detection of android malware in your pocket," in Proceedings of 21th NDSS, IEEE, 2014.Google Scholar
- M. Zheng, P. P. Lee, and J. C. Lui, "Adam: an automatic and extensible platform to stress test android anti-virus systems," in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 82--101, Springer, 2012. Google ScholarDigital Library
Index Terms
- How Discover a Malware using Model Checking
Recommendations
Smart malware detection on Android
Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
The Next Malware Battleground: Recovery After Unknown Infection
Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Exploiting Model Checking for Mobile Botnet Detection
AbstractAndroid malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal ...
Comments