Detection of Mobile Terminal Malware Based on Kernel Log

doi:10.3969/j.issn.1671-1122.2015.07.009

Abstract

Abstract:

With the intelligent mobile terminal, mobile terminal store a large amount of personal privacy information. Due to the growing number of malicious applications on mobile terminals and for detecting malicious applications lack of effective mechanism, the existence of malicious applications will result in the leakage of personal privacy information, personal property, and reputation damage. In order to prevent the happening of this kind of harm, kernel is proposed in this paper, based on system call log information to identify the behavior of the application. Detection method is as follows, first download malicious application with benign application, run and collect their system kernel call log information, the statistics system call frequency information as the original data. Then normalized processing the raw data, generated for the analysis of the input data and generate the input vector. Finally use the K-Means clustering algorithm to cluster the input vector, the generated two clustering cluster, malicious and benign application of clustering cluster respectively, and then apply some unknown types of kernel call information as the validation data generated input vector, determine the application belongs to which cluster, can know the application of the presence of malicious behavior. This paper test the method using WEKA, test results show that the method is effective to distinguish the malicious applications and benign applications.

Key words: mobile terminal, malware detection, kernel log, K-Means

CLC Number:

TP309

LI Jian-yi, LI Hui, HUANG Meng-yuan. Detection of Mobile Terminal Malware Based on Kernel Log[J]. Netinfo Security, 2015, 15(7): 58-63.

Figures/Tables 6

References 12

[1]	LARRY T, BATYUK L, ACHMIDT A D.An Android application sandbox system for suspicious softwaredetection[C]//Proceedings of the 5th International Conference on Malicious and Unwanted Software, USA, 2010: 55-62.
[2]	SHABTAI A, MOSKOVITCH R, ELOVICI Y.Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey[J].Information Security Technical Report, 2009, 14(1): 16-29.
[3]	Barrera D, Kayacik H G.A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android[C]//Ccs Proceedings of Acm Conference on Computer & Communications Security, 2010: 73-84.
[4]	FINICKEL E, LAHMADI A, BECK F, et al.Empirical Analysis of Android Logs Using Self-Organizing Maps[C]//Communications (ICC), 2014 IEEE International Conference on, Sydney, 2014: 1802-1807.
[5]	Google Android[EB/OL]. , 2013-03-25.
[6]	LLOYD S.Least squares quantization in pcm[J]. IEEE Transactions on Information Theory, 1982, 28(2): 129-136.
[7]	DINI I, MARTINELLI F, SARACINO A.MADAM: A multi—level anomaly detector for android malware[C]//Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security, Berlin Heidelberg, 2012: 240-253.
[8]	Isohara T, Takemori K, Kubota A.Kernel—based behavior analysis for Android malware detection[C]//Computational Intelligence and Security (CIS), 2011 Seventh International Conference on, IEEE, Sanya, 2011:1011-1015.
[9]	MUTZ D, VALEUR F, VIGNA G.Anomalous system call detection[J]. ACM Transactions on Information and System Security, 2006, 9(1): 61-93.
[10]	FEIZOLLAH A, ANUAR N B, SALLEH R, et al.Comparative study of k-means and mini batch k-means clustering algorithms in android malware detection using network traffic analysis[C]//Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, Kuala Lumpur, 2014: 193-197.
[11]	UMRATKARM S, KARNEWAR J.K-Means Algorithm for Selective Filtration of Malicious Android Mobile Applications[J]. International Journal of Advent Research in Computer & Electronics, 2014, 1(3):5-12.
[12]	YALCIN B, TASDEMIR K. The use of K-means++ for approximate spectral clustering of large datasets[C]//Signal Processing and Communications Applications Conference (SIU), 2014: 220-223.

[1]	WANG Yu, LYU Liangshuang, XIA Chunhe. A Windows Malware Detection Method Based on Semantic Analysis [J]. Netinfo Security, 2023, 23(10): 58-63.
[2]	XU Guotian, LIU Mengmeng. Malware Detection Method Based on Improved Harris Hawks Optimization Synchronization Optimization Feature Selection [J]. Netinfo Security, 2021, 21(12): 9-18.
[3]	XU Guotian, SHEN Yaotong. A Malware Detection Method Based on XGBoost and LightGBM Two-layer Model [J]. Netinfo Security, 2020, 20(12): 54-63.
[4]	HUANG Baohua, CHENG Qi, YUAN Hong, HUANG Pirong. K-means Clustering Algorithm Based on Differential Privacy with Distance and Sum of Square Error [J]. Netinfo Security, 2020, 20(10): 34-40.
[5]	Xin SONG, Kai ZHAO, Linlin ZHANG, Wenbo FANG. Research on Android Malware Detection Based on Random Forest [J]. Netinfo Security, 2019, 19(9): 1-5.
[6]	Yanming FU, Zhenduo LI. Research on k-means++ Clustering Algorithm Based on Laplace Mechanism for Differential Privacy Protection [J]. Netinfo Security, 2019, 19(2): 43-52.
[7]	Tao LI, Junxian SHI, Aiqun HU. Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs [J]. Netinfo Security, 2019, 19(11): 56-62.
[8]	Jian ZHANG, Bohan CHEN, Liangyi GONG, Zhaojun GU. Research on Malware Detection Technology Based on Image Analysis [J]. Netinfo Security, 2019, 19(10): 24-31.
[9]	Xie LU, Shoushan LUO, Yumei ZHANG. Research on Hadoop-based Massive Security Log Clustering Algorithm [J]. Netinfo Security, 2018, 18(8): 56-63.
[10]	Jin WANG, Xiao YU, Chang LIU, Bo ZHAO. A Remote Attestation Scheme for Intelligent Mobile Terminal Based on SDKey in Smart Grid Environment [J]. Netinfo Security, 2018, 18(7): 1-6.
[11]	Wei HU, Qiuhan WU, Shengli LIU, Wei FU. Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain [J]. Netinfo Security, 2018, 18(7): 7-9.
[12]	Yunchun LI, Wentao LU, Wei LI. Malware Detection Method Based on Shapelet [J]. Netinfo Security, 2018, 18(3): 70-77.
[13]	Linxiang CAI. An Intelligent Analysis to the Crowd Involved in Cyber Fraud Case [J]. Netinfo Security, 2016, 16(9): 246-250.
[14]	Jun FANG, Jianquan WANG, Lianyin WANG, Huifang WANG. Design and Implementation on Elevator Maintenance System Based on the Technology of NFC and Cloud Computing [J]. Netinfo Security, 2016, 16(12): 74-80.
[15]	Yangrui HU, Xingshu CHEN, Junfeng WANG, Xiaoming YE. Anomalous Traffic Detection Based on Traffic Behavior Characteristics [J]. Netinfo Security, 2016, 16(11): 45-51.