Análise de Aplicativos no Android utilizando Traços de Execução
Resumo
O Android é o sistema operacional mais utilizado por dispositivos móveis no mundo. Esse fato tem atraído cada vez mais desenvolvedores para a plataforma devido a sua característica opensource e desenvolvimento gratuito de aplicativos. Um problema que surgiu a partir disso são os aplicativos maliciosos, que visam prejudicar o usuário final e que muitas vezes são difíceis de identificar, o que tem levado autores a propor soluções para diferenciá-los dos benignos. Nesse sentido, neste trabalho será apresentado o DroiDiagnosis, uma solução que utiliza aprendizado de máquina e que classifica 80% das amostras entre benignas e maliciosas baseada em suas características dinâmicas e estáticas.
Referências
ADB (2019). Android debug bridge. https://developer.android.com. Acessado em 05/01/2019.
Ahsan-Ul-Haque, A. S. M., Hossain, M. S., and Atiquzzaman, M. (2018). Sequencing system calls for effective malware detection in android. In 2018 IEEE Global Communications Conference (GLOBECOM), pages 1–7.
Allix, K., Bissyand´e, T. F., Klein, J., and Traon, Y. L. (2016). Androzoo: Collecting millions of android apps for the research community. In 2016 IEEE/ACM 13thWorking Conference on Mining Software Repositories (MSR), pages 468–471.
AndroidStudio (2019). Run apps on the android emulator. https://developer.android.com/studio/run/emulator. Acessado em 06/11/2019.
Anthony Desnos, Geoffroy Gueguen, S. B. (2018). Androguard. https://androguard.readthedocs.io/en/latest/. Acessado em 10/01/2020.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In Symposium on Network and Distributed System Security (NDSS).
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access, 6:4321–4339.
Asmitha, K. A. and Vinod, P. (2014). A machine learning approach for linux malware detection. In 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT), pages 825–830.
Bhatia, T. and Kaushal, R. (2017). Malware detection in android based on dynamic analysis. In 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security), pages 1–6.
Burguera, I., Zurutuza, U., and Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based malware detection system for android. pages 15–26.
Dash, S. K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., and Cavallaro, L. (2016). Droidscribe: Classifying android malware based on runtime behavior. In 2016 IEEE Security and Privacy Workshops (SPW), pages 252–261.
Denney, K., Kaygusuz, C., and Zuluaga, J. (2018). A survey of malware detection using system call tracing techniques.
Dent, S. (2018). Report finds android malware pre-installed on hundreds of phones. https://www.engadget.com. Acessado em 01/08/2018.
Feng, P., Ma, J., Sun, C., Xu, X., and Ma, Y. (2018). A novel dynamic android malware detection system with ensemble learning. IEEE Access, 6:30996–31011.
Gupta, P. (2017). Decision trees in machine learning. [link]. Acessado em 09/09/2018.
Hou, S., Saas, A., Chen, L., and Ye, Y. (2016). Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs. In 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), pages 104–111.
Jaiswal, M., Malik, Y., and Jaafar, F. (2018). Android gaming malware detection using system call analysis. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pages 1–5.
Kolbitsch, C., Comparetti, P., Kruegel, C., Kirda, E., Zhou, X.-y., and Wang, X. (2009). Effective and efficient malware detection at the end host. pages 351–366.
Kubovic, O. (2018). Ransomware para android em 2017: Novas infiltrações e extorsões mais graves. [link]. Acessado em 20/08/2018.
Lavado, T. (2019). Em 10 anos no brasil, android foi de 2 smartphones para sistema operacional dominante do mercado. https://g1.globo.com. Acessado em 08/02/2020.
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., F, Y., v. d. Veen, V., and Platzer, C. (2014). Andrubis – 1,000,000 apps later: A view on current android malware behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pages 3–17.
Malik, S. (2016). System call analysis of android malware families. Indian Journal of Science and Technology, 9.
Markovskaya, A. (2017). Loapi — this trojan is hot! https://www.kaspersky.com/blog/loapi-trojan/20510/. Acessado em 01/09/2018.
Mas’ud, M. Z., Sahib, S., Abdollah, M. F., Selamat, S. R., Yusof, R., and Ahmad, R. (2013). Profiling mobile malware behaviour through hybrid malware analysis approach. In 2013 9th International Conference on Information Assurance and Security (IAS), pages 78–84.
O’Donnell, L. (2018). New banking trojan can launch overlay attacks on latest android versions. https://threatpost.com. Acessado em 02/08/2018.
Pham, D.-P., Vu, D.-L., and Massacci, F. (2019). Mac-a-mal: macos malware analysis framework resistant to anti evasion techniques. Journal of Computer Virology and Hacking Techniques, pages 1–9.
RAY, S. (2017). Understanding support vector machine algorithm from examples (along with code). [link]. Acessado em 08/09/2018.
SRIVASTAVA, T. (2018). Introduction to k-nearest neighbors: Simplified (with implementation in python). https://www.analyticsvidhya.com. Acessado em 08/09/2018.
Statista (2018). Global market share held by smartphone operating systems from 2009 to 2017. https://www.statista.com. Acessado em 02/10/2018.
Tran, N., Nguyen, N., Ngo, Q., and Le, V. (2017). Towards malware detection in routers with c500-toolkit. In 2017 5th International Conference on Information and Communication Technology (ICoIC7), pages 1–5.
VirusTotal (2018). Virustotal. https://www.virustotal.com/. Acessado em 01/09/2018.
Wu, D. J., Mao, C. H., Wei, T. E., Lee, H. M., and Wu, K. P. (2012). Droidmat: Android malware detection through manifest and api calls tracing. In 2012 Seventh Asia Joint Conference on Information Security, pages 62–69.
Yerima, S. Y. and Sezer, S. (2018). Droidfusion: A novel multilevel classifier fusion approach for android malware detection. IEEE Transactions on Cybernetics, pages 1–14.
Ahsan-Ul-Haque, A. S. M., Hossain, M. S., and Atiquzzaman, M. (2018). Sequencing system calls for effective malware detection in android. In 2018 IEEE Global Communications Conference (GLOBECOM), pages 1–7.
Allix, K., Bissyand´e, T. F., Klein, J., and Traon, Y. L. (2016). Androzoo: Collecting millions of android apps for the research community. In 2016 IEEE/ACM 13thWorking Conference on Mining Software Repositories (MSR), pages 468–471.
AndroidStudio (2019). Run apps on the android emulator. https://developer.android.com/studio/run/emulator. Acessado em 06/11/2019.
Anthony Desnos, Geoffroy Gueguen, S. B. (2018). Androguard. https://androguard.readthedocs.io/en/latest/. Acessado em 10/01/2020.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In Symposium on Network and Distributed System Security (NDSS).
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., and Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access, 6:4321–4339.
Asmitha, K. A. and Vinod, P. (2014). A machine learning approach for linux malware detection. In 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT), pages 825–830.
Bhatia, T. and Kaushal, R. (2017). Malware detection in android based on dynamic analysis. In 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security), pages 1–6.
Burguera, I., Zurutuza, U., and Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based malware detection system for android. pages 15–26.
Dash, S. K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., and Cavallaro, L. (2016). Droidscribe: Classifying android malware based on runtime behavior. In 2016 IEEE Security and Privacy Workshops (SPW), pages 252–261.
Denney, K., Kaygusuz, C., and Zuluaga, J. (2018). A survey of malware detection using system call tracing techniques.
Dent, S. (2018). Report finds android malware pre-installed on hundreds of phones. https://www.engadget.com. Acessado em 01/08/2018.
Feng, P., Ma, J., Sun, C., Xu, X., and Ma, Y. (2018). A novel dynamic android malware detection system with ensemble learning. IEEE Access, 6:30996–31011.
Gupta, P. (2017). Decision trees in machine learning. [link]. Acessado em 09/09/2018.
Hou, S., Saas, A., Chen, L., and Ye, Y. (2016). Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs. In 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), pages 104–111.
Jaiswal, M., Malik, Y., and Jaafar, F. (2018). Android gaming malware detection using system call analysis. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pages 1–5.
Kolbitsch, C., Comparetti, P., Kruegel, C., Kirda, E., Zhou, X.-y., and Wang, X. (2009). Effective and efficient malware detection at the end host. pages 351–366.
Kubovic, O. (2018). Ransomware para android em 2017: Novas infiltrações e extorsões mais graves. [link]. Acessado em 20/08/2018.
Lavado, T. (2019). Em 10 anos no brasil, android foi de 2 smartphones para sistema operacional dominante do mercado. https://g1.globo.com. Acessado em 08/02/2020.
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., F, Y., v. d. Veen, V., and Platzer, C. (2014). Andrubis – 1,000,000 apps later: A view on current android malware behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pages 3–17.
Malik, S. (2016). System call analysis of android malware families. Indian Journal of Science and Technology, 9.
Markovskaya, A. (2017). Loapi — this trojan is hot! https://www.kaspersky.com/blog/loapi-trojan/20510/. Acessado em 01/09/2018.
Mas’ud, M. Z., Sahib, S., Abdollah, M. F., Selamat, S. R., Yusof, R., and Ahmad, R. (2013). Profiling mobile malware behaviour through hybrid malware analysis approach. In 2013 9th International Conference on Information Assurance and Security (IAS), pages 78–84.
O’Donnell, L. (2018). New banking trojan can launch overlay attacks on latest android versions. https://threatpost.com. Acessado em 02/08/2018.
Pham, D.-P., Vu, D.-L., and Massacci, F. (2019). Mac-a-mal: macos malware analysis framework resistant to anti evasion techniques. Journal of Computer Virology and Hacking Techniques, pages 1–9.
RAY, S. (2017). Understanding support vector machine algorithm from examples (along with code). [link]. Acessado em 08/09/2018.
SRIVASTAVA, T. (2018). Introduction to k-nearest neighbors: Simplified (with implementation in python). https://www.analyticsvidhya.com. Acessado em 08/09/2018.
Statista (2018). Global market share held by smartphone operating systems from 2009 to 2017. https://www.statista.com. Acessado em 02/10/2018.
Tran, N., Nguyen, N., Ngo, Q., and Le, V. (2017). Towards malware detection in routers with c500-toolkit. In 2017 5th International Conference on Information and Communication Technology (ICoIC7), pages 1–5.
VirusTotal (2018). Virustotal. https://www.virustotal.com/. Acessado em 01/09/2018.
Wu, D. J., Mao, C. H., Wei, T. E., Lee, H. M., and Wu, K. P. (2012). Droidmat: Android malware detection through manifest and api calls tracing. In 2012 Seventh Asia Joint Conference on Information Security, pages 62–69.
Yerima, S. Y. and Sezer, S. (2018). Droidfusion: A novel multilevel classifier fusion approach for android malware detection. IEEE Transactions on Cybernetics, pages 1–14.
Publicado
13/10/2020
Como Citar
POLISCIUC, Renan; ALBINI, Luiz; GRÉGIO, André; BONA, Luis.
Análise de Aplicativos no Android utilizando Traços de Execução. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 133-146.
DOI: https://doi.org/10.5753/sbseg.2020.19233.
