Utilizando Metadados de Aplicações e Comunicação entre Processos para Identificar Ameaças no Android
Resumo
A predominância do Android no mercado de dispositivos móveis e o aumento significativo na quantidade e na sofisticação dos ataques cibernéticos, destaca a necessidade do estudo de técnicas de identificação de ameaças no meio de dispositivos móveis. Uma estratégia popular para a identificação de ameças é a utilização de um sistema de detecção de intrusão, que pode explorar diferentes estratégias para realizar a identificação das ameaças. Este estudo apresenta uma estratégia para a identificação de ameaças utilizando uma base de dados híbrida, explorando dados extraídos de aplicações e da comunicação entre processos para treinar modelos de aprendizado de máquina para efetuar a identificação de ameças. Os resultados demonstram que um modelo híbrido traz benefícios para a identificação de ameaças em dispositivos móveis, com uma taxa de identificação em torno de 87%.
Palavras-chave:
Android, Detecção de Malware, Binder, IPC, metadados, análise híbrida
Referências
Afonso, V. M., de Amorim, M. F., Ellery, E., Grégio, A. R., Junquera, G. B., Schick, G. A., Dahab, R., and de Geus, P. L. (2013). Um sistema para análise e detecção de aplicações maliciosas de android.
Ajiri, V., Butakov, S., and Zavarsky, P. (2020). Detection efciency of static analyzers against obfuscated android malware. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity).
Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. (2016). Androzoo: Collecting millions of android apps for the research community. In 13th International Conference on Mining Software Repositories, MSR ’16, New York, NY, USA. ACM.
Alzaylaee, M. K., Yerima, S. Y., and Sezer, S. (2020). DL-droid: Deep learning based android malware detection using real devices. Computers & Security, 89:101663.
Android, D. (2019). Intents e ltros de intents. https://bit.ly/3gzwrTq.
Android, D. (2020). Proteja um dispositivo android. https://bit.ly/3wzmUSX.
Android, D. (2021). Visão geral do manifesto do aplicativo. https://bit.ly/35r1ifE.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket.
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access.
Artenstein, N. and Revivo, I. (2014). Man in the Binder: He Who Controls IPC, Controls the Droid. BlackHat Europe 2014.
Avira (2020). Americans are catching on. https://bit.ly/3b4jJKm.
Cai, H., Meng, N., Ryder, B., and Yao, D. (2018). Droidcat: Effective android malware detection and categorization via app-level proling. IEEE Transactions on Information Forensics and Security, 14(6):1455–1470.
Chebyshev, V. (2021). Mobile malware evolution 2020.
CISA (2020). Alert (aa20-099a): COVID-19 exploited by malicious cyber actors.
de Souza Polisciuc, R., Albini, L. C., Grégio, A., and Bona, L. C. (2020). Análise de aplicativos no android utilizando traços de execução.
Desnos, A. et al. (2015). Androguard: Reverse engineering, malware and goodware analysis of android applications.
Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. (2013). Highly precise taint analysis for android applications.
Golrang, A., Yayilgan, S. Y., and Elezaj, O. (2021). The multi-objective feature selection in android malware detection system. In Intelligent Technologies and Applications. Springer International Publishing.
Hamed, Y. S. I., AbdulKader, S. N. A., and Mostafa, M. S. (2019). Mobile malware detection: A survey. International Journal of Computer Science and Information Security.
Kato, H., Haruta, S., and Sasase, I. (2020). Android malware detection scheme based on level of SSL server certicate. IEICE Transactions on Information and Systems.
Kouliaridis, V., Barmpatsalou, K., Kambourakis, G., and Chen, S. (2020). A survey IEICE Transactions on Information and on mobile malware detection techniques. Systems.
Kumar, S. and Shukla, S. K. (2020). The state of android security. In Cyber Security in India, pages 17–22. Springer Singapore.
Nirumand, A., Zamani, B., and Ladani, B. T. (2018). VAnDroid: A framework for vulnerability analysis of android applications using a model-driven reverse engineering technique. Software: Practice and Experience, 49(1):70–99.
Pan, B. (2020). Tools to work with android .dex and java .class les. https://bit.ly/3pZOfv8.
Qiu, J., Nepal, S., Luo, W., Pan, L., Tai, Y., Zhang, J., and Xiang, Y. (2019). Data-driven In Machine Learning for Cyber Security, android malware intelligence: A survey. pages 183–202. Springer International Publishing.
Rahman, M., Rahman, M., Carbunar, B., and Chau, D. H. (2017). Search rank fraud IEEE Transactions on Knowledge and Data and malware detection in google play. Engineering.
Rashidi, B. and Fung, C. J. (2015). A survey of android security threats and defenses. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 6(3):3–35.
Rogers, R., Lombardo, J., Mednieks, Z., and Meike, B. (2009). Android application development: Programming with the Google SDK. O’Reilly Media, Inc.
StatCounter (2021). Mobile Android Version Market Share Worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). CopperDroid: Automatic reconstruction of android malware behaviors. In 2015 Network and Distributed System Security Symposium. Internet Society.
Zachariah, R., Akash, K., Yousef, M. S., and Chacko, A. M. (2017). Android malware detection a survey. In 2017 IEEE International Conference on Circuits and Systems.
Zhang, Y., Jin, R., and Zhou, Z.-H. (2010). Understanding bag-of-words model: a statistical framework. International Journal of Machine Learning and Cybernetics.
Ajiri, V., Butakov, S., and Zavarsky, P. (2020). Detection efciency of static analyzers against obfuscated android malware. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity).
Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. (2016). Androzoo: Collecting millions of android apps for the research community. In 13th International Conference on Mining Software Repositories, MSR ’16, New York, NY, USA. ACM.
Alzaylaee, M. K., Yerima, S. Y., and Sezer, S. (2020). DL-droid: Deep learning based android malware detection using real devices. Computers & Security, 89:101663.
Android, D. (2019). Intents e ltros de intents. https://bit.ly/3gzwrTq.
Android, D. (2020). Proteja um dispositivo android. https://bit.ly/3wzmUSX.
Android, D. (2021). Visão geral do manifesto do aplicativo. https://bit.ly/35r1ifE.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket.
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access.
Artenstein, N. and Revivo, I. (2014). Man in the Binder: He Who Controls IPC, Controls the Droid. BlackHat Europe 2014.
Avira (2020). Americans are catching on. https://bit.ly/3b4jJKm.
Cai, H., Meng, N., Ryder, B., and Yao, D. (2018). Droidcat: Effective android malware detection and categorization via app-level proling. IEEE Transactions on Information Forensics and Security, 14(6):1455–1470.
Chebyshev, V. (2021). Mobile malware evolution 2020.
CISA (2020). Alert (aa20-099a): COVID-19 exploited by malicious cyber actors.
de Souza Polisciuc, R., Albini, L. C., Grégio, A., and Bona, L. C. (2020). Análise de aplicativos no android utilizando traços de execução.
Desnos, A. et al. (2015). Androguard: Reverse engineering, malware and goodware analysis of android applications.
Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. (2013). Highly precise taint analysis for android applications.
Golrang, A., Yayilgan, S. Y., and Elezaj, O. (2021). The multi-objective feature selection in android malware detection system. In Intelligent Technologies and Applications. Springer International Publishing.
Hamed, Y. S. I., AbdulKader, S. N. A., and Mostafa, M. S. (2019). Mobile malware detection: A survey. International Journal of Computer Science and Information Security.
Kato, H., Haruta, S., and Sasase, I. (2020). Android malware detection scheme based on level of SSL server certicate. IEICE Transactions on Information and Systems.
Kouliaridis, V., Barmpatsalou, K., Kambourakis, G., and Chen, S. (2020). A survey IEICE Transactions on Information and on mobile malware detection techniques. Systems.
Kumar, S. and Shukla, S. K. (2020). The state of android security. In Cyber Security in India, pages 17–22. Springer Singapore.
Nirumand, A., Zamani, B., and Ladani, B. T. (2018). VAnDroid: A framework for vulnerability analysis of android applications using a model-driven reverse engineering technique. Software: Practice and Experience, 49(1):70–99.
Pan, B. (2020). Tools to work with android .dex and java .class les. https://bit.ly/3pZOfv8.
Qiu, J., Nepal, S., Luo, W., Pan, L., Tai, Y., Zhang, J., and Xiang, Y. (2019). Data-driven In Machine Learning for Cyber Security, android malware intelligence: A survey. pages 183–202. Springer International Publishing.
Rahman, M., Rahman, M., Carbunar, B., and Chau, D. H. (2017). Search rank fraud IEEE Transactions on Knowledge and Data and malware detection in google play. Engineering.
Rashidi, B. and Fung, C. J. (2015). A survey of android security threats and defenses. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 6(3):3–35.
Rogers, R., Lombardo, J., Mednieks, Z., and Meike, B. (2009). Android application development: Programming with the Google SDK. O’Reilly Media, Inc.
StatCounter (2021). Mobile Android Version Market Share Worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). CopperDroid: Automatic reconstruction of android malware behaviors. In 2015 Network and Distributed System Security Symposium. Internet Society.
Zachariah, R., Akash, K., Yousef, M. S., and Chacko, A. M. (2017). Android malware detection a survey. In 2017 IEEE International Conference on Circuits and Systems.
Zhang, Y., Jin, R., and Zhou, Z.-H. (2010). Understanding bag-of-words model: a statistical framework. International Journal of Machine Learning and Cybernetics.
Publicado
04/10/2021
Como Citar
LEMOS, Rodrigo; HEINRICH, Tiago; MAZIERO, Carlos.
Utilizando Metadados de Aplicações e Comunicação entre Processos para Identificar Ameaças no Android. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 71-84.
DOI: https://doi.org/10.5753/sbseg.2021.17307.