• PDF / 843,149 Bytes
• 21 Pages / 439.37 x 666.142 pts Page_size
• 97 Downloads / 175 Views

DOWNLOAD

REPORT

Abstract. The need to accurately specify and detect malicious behavior is widely known. This paper presents a novel and convenient way of accurately specifying malicious behavior in mobile environments by taking Android as a representative platform of analysis and implementation. Our specification takes a sequence-based approach in declaratively formulating a malicious action, whereby any two consecutive securitysensitive operations are connected by either a control or taint flow. It also captures the invocation context of an operation within an app’s component type and lifecycle/callback method. Additionally, exclusion of operations that are invoked from UI-related callback methods can be specified to indicate an action’s stealthy execution portions. We show how the specification is sufficiently expressive to describe malicious patterns that are commonly exhibited by mobile malware. To show the usefulness of the specification, and to demonstrate that it can derive stable and distinctive patterns of existing Android malware, we develop a static analyzer that can automatically check an app for numerous securitysensitive actions written using the specification. Given a target app’s uncovered behavior, the analyzer associates it with a collection of known malware families. Experiments show that our obfuscation-resistant analyzer can associate malware samples with their correct family with an accuracy of 97.2 %, while retaining the ability to differentiate benign apps from the profiled malware families with an accuracy of 97.6 %. These results positively show how the specification can lend to robust mobile malware detection. Keywords: Behavior specification tion

1

·

Mobile security

·

Malware detec-

Introduction

Recent years have seen smart mobile devices becoming increasingly pervasive in our world. The threat posed by malicious mobile applications (apps), however, seriously undermines the security and privacy of mobile users [16], who are usually not even aware of any incidents occurring on their own devices. To deal with this, a mechanism that can accurately specify malicious behavior of mobile malware is important and necessary. Using such a specification, malware detectors can subsequently be built to help ascertain the presence of malicious apps. c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 355–375, 2015. DOI: 10.1007/978-3-319-24177-7 18

356

Sufatrio et al.

This paper presents a novel way of accurately specifying malicious behavior in mobile environments. The specification is concise, convenient to write, and sufficiently expressive to capture a wide range of malicious behavior patterns that are commonly exhibited by mobile malware. Our specification declaratively expresses a malicious behavioral action as a sequence of security-sensitive operations, where any two consecutive operations are connected by either a control or taint flow. It also captures the invocation context of an operation, including the one that intercepts a broadcast-based system

Recommend Documents

PIoU Loss: Towards Accurate Oriented Object Detection in Complex Environments

186 26 166MB

Mobile Malicious Node Detection Using Mobile Agent in Cluster-Based Wireless Sensor Networks

155 78 2MB

Detection of Malicious URLs on Twitter

187 51 63MB

Real-time and accurate abnormal behavior detection in videos

210 112 2MB

Machine Learning for Malicious URL Detection

193 81 27MB

Oversampling for Detection of Malicious JavaScript in Realistic Environment

155 100 54MB

Speech Processing in Mobile Environments

196 55 5MB

HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication

161 36 27MB

Fast and Accurate Self-calibration Using Vanishing Point Detection in Manmade Environments

161 49 3MB

Sequential Deformation for Accurate Scene Text Detection

214 5 177MB

Balanced Loss for Accurate Object Detection

194 16 65MB

Multiple classifier systems for robust classifier design in adversarial environments

199 47 1MB