Research Review and Outlook on Android Mobile Malware Detection

doi:10.3969/j.issn.1671-1122.2016.09.043

Abstract

Abstract:

With the wide spread of Android-based mobile applications, the problem of information security in Android system is increasingly serious . Although Android operating system adopted independent virtual memory space to guarantee the reliability of its kernel , because of calls and association between various events in application , it will lead to private data leakage , unauthorized operation procedures, attacks to run out the battery , malicious processes interact and other mobile security events. Therefore , Android malware detection techniques become a hot topic in the domain of mobile application security. In this paper, the application requirements and environments for Android malware detection are firstly described, and then the diversity malware detection methods are surveyed which include dynamic and static methods, machine learning-based schemes, formal method-based software engineering techniques. Finally, the research direction to initiate a comprehensive static detection framework by integrating machine learning and software engineering is proposed, with some key challenges concomitantly analyzed, which can be valuable reference both for academic communities and industrial products.

Key words: mobile malware, dynamic detection, static detection, machine learning, model checking

CLC Number:

TP309

Lin CAI, Tieming CHEN. Research Review and Outlook on Android Mobile Malware Detection[J]. Netinfo Security, 2016, 16(9): 218-222.

References 36

[1]	TRUSTGO. BSides Las Vegas: Your Droid Has No Clothes[EB/OL]. . 2014-01-08.
[2]	Google Project Hosting. Andoguard[EB/OL]. , 2013-12-09.
[3]	LIU Wu, REN Ping, LIU Ke, et a1.Behavior-based Malware Analysis and Detection[C]//IEEE. 2011 First International Workshop on Complexity and Data Mining(IWCDM), September 24-28, 2011, Nanjing, Jiangsu, China, NJ: IEEE, 2011 : 39-42.
[4]	ZHOU Y, JIANG X.Dissecting Android Malware:Characterization and Evolution.[C]//IEEE. of the 2012 IEEE Symposium on Security and Privacy, May 20-23, 2012. San Francisco Bay Area, California, IEEE Computer Society Washington, DC,USA, 2012 : 95-109.
[5]	ZOU S, ZHANG J, LIN X.An Effective Behavior-based Android Malware Detection System[J]. Security and Communication Networks, 2015, 8(12) : 2079-2089.
[6]	KUBOTA A.Kernel-based Behavior Analysis for Android Malware Detection[C]//IEEE. 2011 Seventh International Conference on Computational Intelligence and Security,CIS 2011,December 3-4,2011, Sanya ,Hainan. NJ: IEEE, 2011 : 1011-1015.
[7]	WU D, MAO C, Wei T.DroidMat: Android Malware Detection through Manifest and API Calls Tracing[C]//IEEE. 2012 Seventh Asia Joint Conference on Information Security,August 9-10, 2012, Tokyo, Japan. NJ: IEEE, 2012: 62-69.
[8]	GASCON H, YAMAGUCHI F, ARP D, et al.Structural Detection of Android Malware Using Embedded Call Graphs[C]//ACM. of the 2013 ACM Workshop on Artificial Intelligence and Security, November. 4-8 Berlin, Germany. NY: ACM, 2013: 45-54.
[9]	AVG. Malware Detection Methods[EB/OL]. , 2016-1-15.
[10]	Android and Security [EB/OL]. , 2016-1-15.
[11]	SPREITZENBARTH M, SCHRECK T, ECHTLER F, et al.Mobile-Sandbox: Combining Static and Dynamic Analysis with Machine-learning Techniques[J]. International Journal of Information Security, 2014:1-13.
[12]	ALLIX K, BISSYANDE T, KLEIN J. Machine Learning-Based Malware Detection for Android Applications: History Matters! University of Luxembourg [EB/OL], , 2016-1-15.
[13]	王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报,2012,23(2): 378-393.
[14]	任伟,柳坤,周金. AnDa:恶意代码动态分析系统[J]. 信息网络安全,2014(8):28-33.
[15]	AMOS B, TURNER H, White J.Applying Machine Learning Classifiers to Dynamic Android Malware Detection at Scale[C]//IEEE. Wireless Communications and Mobile Computing Conference (IWCMC), July 1-5,2013, Sardinia, Italy. NJ: IEEE, 2013:1666-1671.
[16]	NARUDIN F A, FEIZOLLAH A, ANUAR N B, et al.Evaluation of Machine Learning Classifiers for Mobile Malware Detection[J]. Soft Computing, 2014, 20(1):1-15.
[17]	李桂芝,韩臻,周启惠,等. 基于Binder信息流的Android恶意行为检测系统[J]. 信息网络安全,2016(2):54-59.
[18]	PREDA M D, al. E. A semantics-based Approach to Malware Detection[J]. ACM Transactions on Programming Languages and Systems, 2007, 42(25) : 377-388.
[19]	贾同彬,蔡阳,王跃武,等. 一种面向普通用户的Android APP安全性动态分析方法研究[J]. 信息网络安全,2015(9):1-5.
[20]	SONG D, BRUMLEY D, YIN H, et al.BitBlaze: A New Approach to Computer Security via Binary Analysis[M]. Springer Berlin Heidelberg Information Systems Security, 2008.
[21]	JOHANNES K, STEFAN K, CHRISTIAN S, et al.Detecting Malicious Code by Model Checking[J]. Lecture Notes in Computer Science Volume 3548, 2005 : 174-187.
[22]	ENCK W, GILBERT P, CHUN B, et al.TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.[J]. ACM Transactions on Computer Systems, 2010, 57(3):99-106.
[23]	MOSER A, KRUEGEL C, KIRDA E.Exploring Multiple Execution Paths for Malware Analysis[J]. Security and Privacy, Sp 07, IEEE Symposium on, 2007:231-245.
[24]	XIAO X, TILLMANN N, FAHNDRICH M, et al.User-aware Privacy Control via Extended Static-information-flow Analysis[J]. Automated Software Engineering, 2014, 7304(4):80-89.
[25]	FANG Z, HAN W, LI Y.Permission Based Android Security: Issues and Countermeasures[J]. Computers & Security, 2014, 43(6):205-218.
[26]	LIANG S, MIGHT M, VAN H D.Anadroid: Malware analysis of Android with User-supplied Predicates[J]. Electronic Notes in Theoretical Computer Science, 2013 (311) : 3-14.
[27]	ALESSANDRO A, GABRIELE C, ALESSIO M.Formal Modeling and Reasoning about the Android Security Framework[J]. Lecture Notes in Computer Science, 2012: 64-81.
[28]	MICHELE B, STEFANO C, ALVISE S.Lintent: Towards Security Type-Checking of Android Applications[J]. Lecture Notes in Computer Science, 2013 (7892) : 289-304.
[29]	FU S, TAYSSIR T.LTL Model-Checking for Malware Detection[J]. Lecture Notes in Computer Science , Springer Berlin Heidelberg, 2013 (7795) : 416-431.
[30]	FU S, TAYSSIR T.Efficient Malware Detection Using Model-Checking[J]. Lecture Notes in Computer Science , Springer Berlin Heidelberg, 2012 (7436): 418-433.
[31]	SONG F, TOUILI T.Pushdown Model Checking for Malware Detection[J]. International Journal on Software Tools for Technology Transfer, 2014, 16(2): 147-173.
[32]	RASTOGI V, CHEN Y, ENCK W.AppsPlayground: automatic security analysis of smartphone applications[C] //ACM third ACM conference on Data and Application Security and Privacy. February 18-20, 2013, San Antonio, Texas, USA. NY: ACM, 2013: 209-220.
[33]	PETSAS T, VOYATZIS G, ATHANASOPOULOS E, et al.Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware[C]//ACM Seventh European Workshop on System Security. April 13-16, 2014, Amsterdam, Netherlands. NY: ACM, 2014: 5-15.
[34]	VIJAYENDRA G, VIJAY K, SANJAY R, et al.Category Based Malware Detection for Android.[C]// SSCC. Second International Symposium, September 24-27, Delhi, India. SSCC 2014,2014: 239-249.
[35]	PASAREANU C S, VISSER W, BUSHNELL D, et al.Symbolic PathFinder: Integrating Symbolic Execution with Model Checking for Java Bytecode Analysis[J]. Automated Software Engineering, 2013, 20(3):391-425.
[36]	SABA A, MUNAM A, ABID K, et al.Android Malware Detection & Protection: A Survey[J]. International Journal of Advanced Computer Science and Applications, 2016, 7(2): 463-475.