Using Application Metadata and Inter-Process Communication to Identify Threats in Android
Abstract
The leadership of Android in mobile device market share and the growth in the number and sophistication of cyber attacks highlight the need to study threat identification techniques in this environment. A popular approach for threat identification is the use of IDSs, which can explore multiple strategies to accomplish this. This work introduces a hybrid approach for detecting malware threats. This approach consists in using machine learning to detect malware based in static data and dynamic inter-process communication data from the analyzed apps. The results achieved shows that the proposed model has benefits in identifying threats and has an identification rate around 87%.
Keywords:
Android, Malware Detection, IPC, metadata, hybrid analysis
References
Afonso, V. M., de Amorim, M. F., Ellery, E., Grégio, A. R., Junquera, G. B., Schick, G. A., Dahab, R., and de Geus, P. L. (2013). Um sistema para análise e detecção de aplicações maliciosas de android.
Ajiri, V., Butakov, S., and Zavarsky, P. (2020). Detection efciency of static analyzers against obfuscated android malware. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity).
Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. (2016). Androzoo: Collecting millions of android apps for the research community. In 13th International Conference on Mining Software Repositories, MSR ’16, New York, NY, USA. ACM.
Alzaylaee, M. K., Yerima, S. Y., and Sezer, S. (2020). DL-droid: Deep learning based android malware detection using real devices. Computers & Security, 89:101663.
Android, D. (2019). Intents e ltros de intents. https://bit.ly/3gzwrTq.
Android, D. (2020). Proteja um dispositivo android. https://bit.ly/3wzmUSX.
Android, D. (2021). Visão geral do manifesto do aplicativo. https://bit.ly/35r1ifE.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket.
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access.
Artenstein, N. and Revivo, I. (2014). Man in the Binder: He Who Controls IPC, Controls the Droid. BlackHat Europe 2014.
Avira (2020). Americans are catching on. https://bit.ly/3b4jJKm.
Cai, H., Meng, N., Ryder, B., and Yao, D. (2018). Droidcat: Effective android malware detection and categorization via app-level proling. IEEE Transactions on Information Forensics and Security, 14(6):1455–1470.
Chebyshev, V. (2021). Mobile malware evolution 2020.
CISA (2020). Alert (aa20-099a): COVID-19 exploited by malicious cyber actors.
de Souza Polisciuc, R., Albini, L. C., Grégio, A., and Bona, L. C. (2020). Análise de aplicativos no android utilizando traços de execução.
Desnos, A. et al. (2015). Androguard: Reverse engineering, malware and goodware analysis of android applications.
Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. (2013). Highly precise taint analysis for android applications.
Golrang, A., Yayilgan, S. Y., and Elezaj, O. (2021). The multi-objective feature selection in android malware detection system. In Intelligent Technologies and Applications. Springer International Publishing.
Hamed, Y. S. I., AbdulKader, S. N. A., and Mostafa, M. S. (2019). Mobile malware detection: A survey. International Journal of Computer Science and Information Security.
Kato, H., Haruta, S., and Sasase, I. (2020). Android malware detection scheme based on level of SSL server certicate. IEICE Transactions on Information and Systems.
Kouliaridis, V., Barmpatsalou, K., Kambourakis, G., and Chen, S. (2020). A survey IEICE Transactions on Information and on mobile malware detection techniques. Systems.
Kumar, S. and Shukla, S. K. (2020). The state of android security. In Cyber Security in India, pages 17–22. Springer Singapore.
Nirumand, A., Zamani, B., and Ladani, B. T. (2018). VAnDroid: A framework for vulnerability analysis of android applications using a model-driven reverse engineering technique. Software: Practice and Experience, 49(1):70–99.
Pan, B. (2020). Tools to work with android .dex and java .class les. https://bit.ly/3pZOfv8.
Qiu, J., Nepal, S., Luo, W., Pan, L., Tai, Y., Zhang, J., and Xiang, Y. (2019). Data-driven In Machine Learning for Cyber Security, android malware intelligence: A survey. pages 183–202. Springer International Publishing.
Rahman, M., Rahman, M., Carbunar, B., and Chau, D. H. (2017). Search rank fraud IEEE Transactions on Knowledge and Data and malware detection in google play. Engineering.
Rashidi, B. and Fung, C. J. (2015). A survey of android security threats and defenses. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 6(3):3–35.
Rogers, R., Lombardo, J., Mednieks, Z., and Meike, B. (2009). Android application development: Programming with the Google SDK. O’Reilly Media, Inc.
StatCounter (2021). Mobile Android Version Market Share Worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). CopperDroid: Automatic reconstruction of android malware behaviors. In 2015 Network and Distributed System Security Symposium. Internet Society.
Zachariah, R., Akash, K., Yousef, M. S., and Chacko, A. M. (2017). Android malware detection a survey. In 2017 IEEE International Conference on Circuits and Systems.
Zhang, Y., Jin, R., and Zhou, Z.-H. (2010). Understanding bag-of-words model: a statistical framework. International Journal of Machine Learning and Cybernetics.
Ajiri, V., Butakov, S., and Zavarsky, P. (2020). Detection efciency of static analyzers against obfuscated android malware. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity).
Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. (2016). Androzoo: Collecting millions of android apps for the research community. In 13th International Conference on Mining Software Repositories, MSR ’16, New York, NY, USA. ACM.
Alzaylaee, M. K., Yerima, S. Y., and Sezer, S. (2020). DL-droid: Deep learning based android malware detection using real devices. Computers & Security, 89:101663.
Android, D. (2019). Intents e ltros de intents. https://bit.ly/3gzwrTq.
Android, D. (2020). Proteja um dispositivo android. https://bit.ly/3wzmUSX.
Android, D. (2021). Visão geral do manifesto do aplicativo. https://bit.ly/35r1ifE.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket.
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access.
Artenstein, N. and Revivo, I. (2014). Man in the Binder: He Who Controls IPC, Controls the Droid. BlackHat Europe 2014.
Avira (2020). Americans are catching on. https://bit.ly/3b4jJKm.
Cai, H., Meng, N., Ryder, B., and Yao, D. (2018). Droidcat: Effective android malware detection and categorization via app-level proling. IEEE Transactions on Information Forensics and Security, 14(6):1455–1470.
Chebyshev, V. (2021). Mobile malware evolution 2020.
CISA (2020). Alert (aa20-099a): COVID-19 exploited by malicious cyber actors.
de Souza Polisciuc, R., Albini, L. C., Grégio, A., and Bona, L. C. (2020). Análise de aplicativos no android utilizando traços de execução.
Desnos, A. et al. (2015). Androguard: Reverse engineering, malware and goodware analysis of android applications.
Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. (2013). Highly precise taint analysis for android applications.
Golrang, A., Yayilgan, S. Y., and Elezaj, O. (2021). The multi-objective feature selection in android malware detection system. In Intelligent Technologies and Applications. Springer International Publishing.
Hamed, Y. S. I., AbdulKader, S. N. A., and Mostafa, M. S. (2019). Mobile malware detection: A survey. International Journal of Computer Science and Information Security.
Kato, H., Haruta, S., and Sasase, I. (2020). Android malware detection scheme based on level of SSL server certicate. IEICE Transactions on Information and Systems.
Kouliaridis, V., Barmpatsalou, K., Kambourakis, G., and Chen, S. (2020). A survey IEICE Transactions on Information and on mobile malware detection techniques. Systems.
Kumar, S. and Shukla, S. K. (2020). The state of android security. In Cyber Security in India, pages 17–22. Springer Singapore.
Nirumand, A., Zamani, B., and Ladani, B. T. (2018). VAnDroid: A framework for vulnerability analysis of android applications using a model-driven reverse engineering technique. Software: Practice and Experience, 49(1):70–99.
Pan, B. (2020). Tools to work with android .dex and java .class les. https://bit.ly/3pZOfv8.
Qiu, J., Nepal, S., Luo, W., Pan, L., Tai, Y., Zhang, J., and Xiang, Y. (2019). Data-driven In Machine Learning for Cyber Security, android malware intelligence: A survey. pages 183–202. Springer International Publishing.
Rahman, M., Rahman, M., Carbunar, B., and Chau, D. H. (2017). Search rank fraud IEEE Transactions on Knowledge and Data and malware detection in google play. Engineering.
Rashidi, B. and Fung, C. J. (2015). A survey of android security threats and defenses. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 6(3):3–35.
Rogers, R., Lombardo, J., Mednieks, Z., and Meike, B. (2009). Android application development: Programming with the Google SDK. O’Reilly Media, Inc.
StatCounter (2021). Mobile Android Version Market Share Worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). CopperDroid: Automatic reconstruction of android malware behaviors. In 2015 Network and Distributed System Security Symposium. Internet Society.
Zachariah, R., Akash, K., Yousef, M. S., and Chacko, A. M. (2017). Android malware detection a survey. In 2017 IEEE International Conference on Circuits and Systems.
Zhang, Y., Jin, R., and Zhou, Z.-H. (2010). Understanding bag-of-words model: a statistical framework. International Journal of Machine Learning and Cybernetics.
Published
2021-10-04
How to Cite
LEMOS, Rodrigo; HEINRICH, Tiago; MAZIERO, Carlos.
Using Application Metadata and Inter-Process Communication to Identify Threats in Android. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 71-84.
DOI: https://doi.org/10.5753/sbseg.2021.17307.
