Review of Android Malware Detection

doi:10.3969/j.issn.1671-1122.2016.10.013

Abstract

Abstract:

Smart phones are becoming increasingly popular in daily routines around the world. However, malware in smart phones is getting more prevalent, and will introduce potential risks to smart phone users. Nowadays, eighty percent of smart phones adopt the Android operating system. However, the number of Android malware is rapidly increasing, and there are various kinds of malicious behaviors. Android malware has been a great threat to the security of the mobile users. In this paper, we investigate the harms of the Android malware. We first introduce the classification and features of malware and analyze the permission and behavior of malware. Then we introduce the malware detection tools and summarize the malware penetration and the stealth techniques. Furthermore, we analyze malware detection methods in prior works. Finally, we propose the detection direction in the future and give some advice to reduce the harm of malware.

Key words: Android, malware, detection

CLC Number:

TP309

Jiaping LIN, Hui LI. Review of Android Malware Detection[J]. Netinfo Security, 2016, 16(10): 80-88.

Figures/Tables 4

References 55

[1]	安卓ROM基地. 如何整治手机恶意软件?安卓清理大师有妙招[EB/OL]. .
[2]	汐元. 可怕:安卓平台每天诞生近5000款恶意程序[EB/OL]. .
[3]	网易科技报道. 每5个安卓应用有1个恶意软件[EB/OL]. .
[4]	Symantec. AndroidOS.Fakeplayer[EB/OL]. https://www.symantec.com/security_response/writeup.jsp?docid=2010-081100-1646-99, 2016-8-1.
[5]	CASTILLO C. A. Android malware past, present,future[EB/OL]. .
[6]	Spitm, Zitmo. Banking Trojans Target Android[EB/OL]. https://blogs.mcafee.com/mcafee-labs/spitmo-vs-zitmo-banking-trojans-target-android, 2016-8-1.
[7]	百度百科. Ginger Break [EB/OL]. .
[8]	ZHOU Y, JIANG X.Dissecting Android Malware: Characteriza-tion and Evolution[C] // IEEE. IEEE Symposium on Security and Privacy, May 20-23, 2012, San Francisco Bay Area, California, USA. New Jersey: IEEE, 2012 : 95-109.
[9]	Backdoor. AndroidOS. Obad.a [EB/OL]. .
[10]	天极新闻. 如何整治手机恶意软件?安卓清理大师有妙招 [EB/OL]. .
[11]	ZHOU W, ZHOU Y, JIANG X, et al.Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces[C] // ACM. Second ACM Conference on Data and Application Secu-rity and Privacy. Feberary 7-9, 2012. San Antonio, TX, USA. New York: ACM, 2012: 317-326.
[12]	Intel Security. ‘Android/NotCompatible’ Looks Like Piece of PC Botnet [EB/OL]. https://blogs.mcafee.com/mcafee-labs /androidnotcompatible-looks-like-piece-of-pc-botnet/, 2016-8-1.
[13]	CSDN. Androguard的使用方法[EB/OL]. .
[14]	CSDN. APKTOOL的使用心得 [EB/OL]. .
[15]	开源中国社区. dex2jar [EB/OL]. .
[16]	Linux中国. TaintDroid项目笔记 [EB/OL]. https://linux.cn/ article-2361-1.html, 2016-8-1.
[17]	IDREES F, RAJARAJAN M.Investigating the Android Intents and Permissions for Malware Detection[C] // IEEE. IEEE 10th International Conference on Wireless and Mobile Computing, October 8-10, 2014, WiMob, Larnaca, Cyprus, New Jersey: IEEE, 2014: 354-358.
[18]	LIANG S, DU X.Permission-Combination-based Scheme for Android Mobile Malware Detection[C] // IEEE. IEEE Interna-tional Conference on Communications (ICC), June 10-14, 2014, Sydney, Australia, New Jersey: IEEE, 2014 : 2301-2306.
[19]	FENG Y, ANAND S, DILLIG I, et al.Apposcopy: Seman-tics-Based Detection of Android Malware through Static Analysis[C] // ACM. Proceedings of the 22nd ACM SIGSOFT Interna-tional Symposium on Foundations of Software Engineering.(FSE-22). November 16-22, 2014. Hong Kong, China. New York: ACM, 2014: 576-587.
[20]	CHIN E, FELT A P, GREENWOOD K, et al.Analyzing In-ter-application communication in Android[C] // ACM. Proceed-ings of the 9th International Conference on Mobile Systems, Ap-plications, and Services. June 28-July 01, 2011. Bethesda, MD, USA. New York: ACM, 2011: 239-252.
[21]	FUCHS A P, CHAUDHURI A, FOSTER J S. SCanDroid: Auto-mated Security Certification of Android Applications[EB/OL]. .
[22]	LU L, LI Z, WU Z, et al.CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities[C] // ACM. the ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, NC, USA. New York: ACM, 2012 : 229-240.
[23]	MICHAEL G, ZHOU Y, ZHANG Q, et al.Riskranker: Scalable and Accurate Zero-day Android Malware Detection[C] // ACM. The 10th International Conference on Mobile Systems, Applica-tions and Services, June 25-29, 2014, Ambleside, United Kingdom. New York: ACM, 2012: 281-294.
[24]	KARLSEN H S, WOGNSEN E R, OLESEN M C, Hansen RR. Study, Formalisation, Analysis of Dalvik Bytecode[EB/OL]. .
[25]	PROTSENKO M, MULLER T. Android Malware Detection Based on Software Complexity Metrics[EB/OL]. .
[26]	SEDANO J, CHIRA C, GONZALEZ S, et al. On the Selection of Key Features for Android Malware Characterization [EB/OL]. .
[27]	SHABTAI A, KANONOV U, ELOVICI Y, et al.Andromaly: A Behavioral Malware Detection Framework for Android Devices[J]. Journal of Intelligent Information Systems, 2012, 38(1): 161-190.
[28]	REINA A, FATTORI A, CAVALLARO L. A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors [EB/OL]. .
[29]	DAMOPOULOS D, KAMBOURAKIS G, PORTOKALIDIS G.The Best of Both Worlds: A Framework for the Synergistic Ope-ration of Host and Cloud Anomaly-based IDS for Smartphones[C]// ACM. Proceedings of the Seventh European Workshop on Sys-tem Security, April 13, 2014, Amsterdam, The Netherlands. New York: ACM, 2014: 61-66.
[30]	YAN L K, YIN H. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis [EB/OL]. https://www.usenix.org/conference/usenix se-curity12/technical-sessions/presentation/yan, 2016-8-1.
[31]	BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S.Crowdroid: Behavior-Based Malware Detection System for An-droid[C]// ACM. Proceedings of the 1st ACM Workshop Securi-ty and Privacy in Smartphones and Mobile Devices, Co-located with CCS 2011, October 17, 2011, Chicago, USA. New York: ACM, 2011: 15-26.
[32]	ENCK W, GILBERT P, HAN S, et al.TaintDroid: An Informa-tion-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014( 5):1-5.
[33]	LI S, CHEN J, SPYRIDOPOULOS T, et al. Real-Time Monito-ring of Privacy Abuses and Intrusion Detection in Android Sys-tem[EB/OL]..
[34]	WANG D, DAI S, DING Y, et al.POSTER: AdHoneyDroid-Capture Malicious Android Advertisements[C]// ACM. Procee-dings of ACM Conference on Computer and Communications Security, 2014, Scottsdale, Arizona, USA. New York: ACM, 2014 : 1514-1516.
[35]	ANDRIATSIMANDEFITRA R, TONG V V T. Capturing An-droid Malware Behaviour Using System Flow Graph[EB/OL]. .
[36]	MAIER D, MULLER T, PROTSENKO M.Divide-and-Conquer: Why Android Malware Cannot Be Stopped[C] // IEEE,the Ninth International Conference on Availability, Reliability and Securi-ty(ARES), September 8-12, 2014, Fribourg, Switzerland. New Jersey: IEEE, 2014 : 30-39.
[37]	ZHAO S, LI X, XU G, et al.Attack Tree Based Android Malware Detection with Hybrid Analysis[C]// IEEE. The 13th IEEE In-ternational Conference on Trust, Security and Privacy in Compu-ting and Communications(TrustCom), September 24-26, 2014, Beijing, China. New Jersey: IEEE, 2014: 380-387.
[38]	SPREITZENBARTH M, SCHRECK T, ECHTLER F, et al.Mo-bile-Sandbox: Combining Static and Dynamic Analysis with Ma-chine-learning Techniques[J]. International Journal of Information Security, 2015, 14(2): 141-153.
[39]	LOCKHEIMER H. Android and Security [EB/OL]. .
[40]	PETSAS T, VOYATZIS G, ATHANASOPOULOS E, et al.Rage Against the Virtual Machine: Hindering Dynamic Analysis of An-droid Malware[C]// ACM. Proceedings of the Seventh European Workshop on System Security(EuroSec), April 13, 2014, Amster-dam, The Netherlands. New York: ACM, 2014: 51-56.
[41]	CodePainters. Android: IMEI Number and the Emulator [EB/OL]. https://codepainters.wordpress.com/2009/12/11/android-imei-number-and-the-emulator/, 2016-8-1.
[42]	Google. Sensor Simulaor[EB/OL] .
[43]	GOMEZ L, NEAMTIU I, AZIM T, et al.RERAN: Timing- and Touch-Sensitive Record and Replay for Android[C]// IEEE. 35th International Conference on Software Engineering (ICSE), May 18-26, 2013, San Francisco, CA, USA. New Jersey: IEEE, 2013: 72-81.
[44]	ARM. Virtualization Extensions [EB/OL]. .
[45]	MAIORCA D, ARIU D, CORONA I, et al.Stealth Attacks: An Extended Insight into the Obfuscation Effects on Android Malwa-re[J]. Computers & Security, 2015(51): 16-31.
[46]	LIU X, LIU J.A Two-layered Permission-based Android Malware Detection Scheme[C]// IEEE. 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, Mobile-Cloud, April 8-11, 2014, Oxford, United Kingdom. New Jersey: IEEE, 2014: 142-148.
[47]	WEKA, The University of Waikato. Weka 3: Data Mining Sof-tware in Java [EB/OL]. .
[48]	YU W, GE L, XU G, et al. Towards Neural Network Based Mal-ware Detection on Android Mobile Devices[EB/OL]. .
[49]	PEHLIVAN U, BALTACI N, ACARTURK C, et al.The Analysis of Feature Selection Methods and Classification Algorithms in Permission Based Android Malware Detection[C]// IEEE. IEEE Symposium on Computational Intelligence in Cyber Security (CICS), December 9-12, 2014, Orlando, FL, USA. New Jersey: IEEE, 2014 : 81-88.
[50]	SHEEN S, ANITHA R, NATARAJAN V.Android Based Mal-ware Detection Using a Multifeature Collaborative Decision Fusion Approach[J]. Neurocomputing, 2015( 151): 905-912.
[51]	YERIMA S Y, SEZER S, MUTTIK I.Android Malware Detection Using Parallel Machine Learning Classifiers[C]// IEEE. Eighth International Conference on Next Generation Mobile Apps, Ser-vices and Technologies, September 10-12, 2014, University of Oxford, UK. New Jersey: IEEE, 2014: 37-42.
[52]	ANDOOR J T. A Filtering Based Android Malware Detection System for Google PlayStore [EB/OL]. .
[53]	CEN L, GATES C S, SI L, et al.A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code[J]. IEEE Transactions on Dependable and Secure Compu-ting, 2015, 12(4): 400-412.
[54]	AFONSO V M, de Amorim M F, Gregio A R A, et al. Identifying Android Malware Using Dynamically Obtained Features[J]. Journal of Computer Virology and Hacking Techniques, 2015, 11(1): 9-17.
[55]	AAFER Y, DU W, YIN H. DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android[EB/OL]. .