skip to main content
10.1145/2802130.2802132acmconferencesArticle/Chapter ViewAbstractPublication PagesmobisysConference Proceedingsconference-collections
research-article

A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection

Authors Info & Claims
Published:11 September 2015Publication History

ABSTRACT

As the dominator of the Smartphone operating system market, Android has attracted the attention of malware authors and researchers alike. The number of Android malware is increasing rapidly regardless of the considerable number of proposed malware analysis systems. In this paper, by taking advantages of low false-positive rate of misuse detection and the ability of anomaly detection to detect zero-day malware, we propose a novel hybrid detection system based on a new open-source framework CuckooDroid, which enables the use of Cuckoo Sandbox's features to analyze Android malware through dynamic and static analysis. Our proposed system mainly consist of two parts, a misuse detector performing known malware detection and classification through combining static analysis with dynamic analysis; an anomaly detector performing abnormal apps detection through dynamic analysis. We evaluate our method with 5560 malware samples and 12000 benign samples. Experiments shows that our misuse detector with hybrid analysis can accurately detect and classify malware samples with an average positive rate 98.79%, 98.32% respectively; it is worth noting that our anomaly detector by dynamic analysis is capable of detecting zero-day malware with a low false negative rate (1.24%) and acceptable false positive rate (2.24%). Our proposed detection system is mainly designed for App store markets and the ordinary users who can access our system through mobile cloud service.

References

  1. Daniel Arp, Konrad Rieck, et al. "Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket", 21th Annual Network and Distributed System Security Symposium (NDSS), February 2014.Google ScholarGoogle ScholarCross RefCross Ref
  2. Lindorfer M, et al. MARVIN: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis{J}.Google ScholarGoogle Scholar
  3. E. Protalinski, "A first: Hacked sites with Android drive-by download malware", 2012.Google ScholarGoogle Scholar
  4. W. Enck, et al. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 393--407, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Y. Zhou, et al. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. Of Network and Distributed System Security Symposium (NDSS), 2012.Google ScholarGoogle Scholar
  6. L.-K. et al. Droidscope: Seamlessly reconstructing os and dalvik semantic views for dynamic Android malware analysis. In Proc. of USENIX Security Symposium, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Grace, et al. Riskranker: scalable and accurate zero-day Android malware detection. In Proc. of International Conference on Mobile Systems, Applications, and Services (MOBISYS), pages 281--294, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. OsamahL, et al. "Malware analysis performance enhancement using cloud computing". Journal of Computer Virology and Hacking Techniques, 10(1):1--10,2014.Google ScholarGoogle ScholarCross RefCross Ref
  9. CuckooDroid - http://cuckoo-droid.readthedocs.org/.Google ScholarGoogle Scholar
  10. Sahs J, Khan L. A machine learning approach to Android malware detection. In: European Intelligence and Security Informatics Conference (EISIC). IEEE; 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In Proc. of IEEE Symposium on Security and Privacy, pages 95--109, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Y. Aafer, et al. "DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android," in International Conference on Security and Privacy in Communication Networks (SecureComm), 2013.Google ScholarGoogle Scholar
  13. S. Chakradeo, et al. "MAST: Triage for Market-scale Mobile Malware Analysis," in ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. W. Enck, et al. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 393--407, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. I. Burguera, et al. "Crowdroid: BehaviorBased Malware Detection System for Android," in ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. V. M. Afonso, et al. "Identifying Android malware using dynamically obtained features," Journal of Computer Virology and Hacking Techniques, 2014.Google ScholarGoogle Scholar
  17. N. Srndi, et al, "Practical Evasion of a Learning-Based Classifier: A Case Study," in IEEE Symposium on Security and Privacy (S&P), 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Robotium, "robotium, The world's leading AndroidTM test automation framework," 2014. {Online}. Available: https://code.google.com/p/robotium/.Google ScholarGoogle Scholar
  19. http://scikitlearn.org/stable/modules/generated/sklearn.svm.OneClassSVM.html#sklearn.svm.OneClassSVM.Google ScholarGoogle Scholar
  20. Michael Spreitzenbarth, et al. "MobileSandbox: Looking Deeper into Android Applications", 28th International ACM Symposium on Applied Computing (SAC), March 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Zhang M, et al. Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs{C}//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 1105--1116. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Pin Lv, Xudong Wang and Ming Xu. Virtual Access Network Embedding in Wireless Mesh Networks. Ad hoc Networks. 10(7): 1362--1378. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Pin Lv, Zhiping Cai, Jia Xu and Ming Xu. Multicast Service-Oriented Virtual Network Embedding in Wireless Mesh Networks. IEEE Communications Letters. 16 (3): 375--377. 2012.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        MCS '15: Proceedings of the 6th International Workshop on Mobile Cloud Computing and Services
        September 2015
        56 pages
        ISBN:9781450335454
        DOI:10.1145/2802130

        Copyright © 2015 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 11 September 2015

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

        Acceptance Rates

        Overall Acceptance Rate8of12submissions,67%

        Upcoming Conference

        MOBISYS '24

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader