Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.1.145

Andro-profiler: Anti-malware system based on behavior profiling of mobile malware  

Yun, Jae-Sung (Graduate School of Information Security, Korea University)
Jang, Jae-Wook (Graduate School of Information Security, Korea University)
Kim, Huy Kang (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.1, 2014 , pp. 145-154 More about this Journal
Abstract
In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.
Keywords
Behavior profiling; Malicious behavior; Similarity; System call; Integrated system log; Android platform; Malware;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Enck, W., Ongtang, M. and McDaniel, P., "On lightweight mobile phone applica tion certification," Proceedings of the 16th ACM conference on Computer and communications security, pp. 235-245, 2009
2 "AV-TEST Examines 22 Antivirus Apps for Android Smartphones and Tablets", Av-Test, Accessed August 13, 2013, http: //www.av-test.org/fileadmin/pdf/avtest_2013-01_android_testreport_english.pdf
3 Bayer, U. and Comparetti, P.M., Hlauschek, C, Kruegel, C, "Kirda, E.: Scalable, Behavior-Based Malware Clustering," NDSS, pp. 8-11, 2009
4 Contagion blog, http://contagiominidump.blogspot.kr/
5 Droidbox Android Application Sandox, http://code.google.com/p/dr oidbox/
6 Enck, W., McDaniel, P. and Chaudhuri, S, "A study of android application security," Proceedings of the 20th USENIX conference on Security, pp. 21-21, 2011
7 FakeBattScar, https://www.f-secure.com/v-descs/trojan_android_fakebattscar.shtml
8 F-Secure.com, http://www.f-secure.com/en/web/labs_global/
9 "Gartner Says 821 Million Smart Devices Will Be Purchased Worldwide in 2012; Sal es to Rise to 1.2 Billion in 2013," Nov 6, 2012, Accessed August 13, 2013, http://www.gartner.com/newsroom/id/2227215
10 Kocsis, R.N., "Applied criminal psychology: A guide to forensic behavioral sciences," Charles C Thomas Publisher, 2009
11 Malware.lu, http://malware.lu/
12 "Mobile Threat Report Q4 2012," F-Secure, Accessed August 13, 2013, http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf
13 Nick Nykodym, Robert Taylor and Julia Vilela, "Criminal profiling and insider cybercrime: Digital Investigation," pp 261-267, 2005
14 Pearce, P., Felt, A.P., Nunez, G., Wagner, D., "Addroid: Privilege sepa ration for applications and advertisers in android," Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71-72, 2012
15 Virusshare, http://virusshare.com
16 Burguera, I., Zurutuza, U., Nadjm-Te hrani, S., "Crowdroid: behavior-based malware detection system for Andr oid," Proceedings of the 1st ACM work shop on Security and privacy in sma rtphones and mobile devices, pp. 15-26, 2011
17 Yang, C., Yegneswaran, V., Porras, P., Gu, G., "Detecting money-stealing apps in alternative Android markets," Proceedings of the 2012 ACM conference on Computer and communications security, pp. 1034-1036, 2012
18 Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I., "Using probabilistic generative models for ranking risks of Android apps," Proceedings of the 2012 ACM conference on Computer and communications security, pp. 241-252, 2012
19 VirusTotal, http://www.virustotal.com
20 Zheng, M., Lee, P.P., Lui, J.C., "Adam: An automatic and extensible platform to stress test android anti-virus systems. Detection of Intrusions and Malware, and Vulnerability Assessment," Springer, pp. 82-101, 2013
21 Zhou, Y., Wang, Z., Zhou, W., Jiang, X., "Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets," Proceedings of the 19th Annual Network and Distributed System Security Symposium, pp. 5-8, 2012