StormDroid
155
Citation
45
Reference
10
Related Paper
Citation Trend
Abstract:
Mobile devices are especially vulnerable nowadays to malware attacks, thanks to the current trend of increased app downloads. Despite the significant security and privacy concerns it received, effective malware detection (MD) remains a significant challenge. This paper tackles this challenge by introducing a streaminglized machine learning-based MD framework, StormDroid: (i) The core of StormDroid is based on machine learning, enhanced with a novel combination of contributed features that we observed over a fairly large collection of data set; and (ii) we streaminglize the whole MD process to support large-scale analysis, yielding an efficient and scalable MD technique that observes app behaviors statically and dynamically. Evaluated on roughly 8,000 applications, our combination of contributed features improves MD accuracy by almost 10% compared with state-of-the-art antivirus systems; in parallel our streaminglized process, StormDroid, further improves efficiency rate by approximately three times than a single thread.Keywords:
Mobile malware
The open-source and popularity of Android attracts hackers and has multiplied security concerns targeting devices. As such, malware attacks on Android are one of the security challenges facing society. This paper presents an analysis of mobile malware evolution between 2000-2020. The paper presents mobile malware types and in-depth infection strategies malware deploys to infect mobile devices. Accordingly, factors that restricted the fast spread of early malware and those that enhance the fast propagation of recent malware are identified. Moreover, the paper discusses and classifies mobile malware based on privilege escalation and attack goals. Based on the reviewed survey papers, our research presents recommendations in the form of measures to cope with emerging security threats posed by malware and thus decrease threats and malware infection rates. Finally, we identify the need for a critical analysis of mobile malware frameworks to identify their weaknesses and strengths to develop a more robust, accurate, and scalable tool from an Android detection standpoint. The survey results facilitate the understanding of mobile malware evolution and the infection trend. They also help mobile malware analysts to understand the current evasion techniques mobile malware deploys.
Mobile malware
Cryptovirology
Hacker
Android Malware
Popularity
Application security
Malware analysis
Cite
Citations (21)
This chapter examines the scope of malicious software (malware) threats to mobile devices. The stakes for the wireless industry are high. While malware is rampant among 1 billion PCs, approximately twice as many mobile users currently enjoy a malware-free experience. However, since the appearance of the Cabir worm in 2004, malware for mobile devices has evolved relatively quickly, targeted mostly at the popular Symbian smartphone platform. Significant highlights in malware evolution are pointed out that suggest that mobile devices are attracting more sophisticated malware attacks. Fortunately, a range of host-based and network-based defenses have been developed from decades of experience with PC malware. Activities are underway to improve protection of mobile devices before the malware problem becomes catastrophic, but developers are limited by the capabilities of handheld devices.Request access from your librarian to read this chapter's full text.
Mobile malware
Scope (computer science)
Cryptovirology
Cite
Citations (2)
This chapter examines the scope of malicious software (malware) threats to mobile devices. The stakes for the wireless industry are high. While malware is rampant among 1 billion PCs; approximately twice as many mobile users currently enjoy a malware-free experience. However; since the appearance of the Cabir worm in 2004; malware for mobile devices has evolved relatively quickly; targeted mostly at the popular Symbian smartphone platform. Significant highlights in malware evolution are pointed out that suggest that mobile devices are attracting more sophisticated malware attacks. Fortunately; a range of host-based and network-based defenses have been developed from decades of experience with PC malware. Activities are underway to improve protection of mobile devices before the malware problem becomes catastrophic; but developers are limited by the capabilities of handheld devices.
Mobile malware
Scope (computer science)
Cryptovirology
Cite
Citations (8)
Mobile Peer-to-Peer (P2P) malware has emerged as one of the major challenges in mobile network security in recent years. Around four hundred mobile viruses, worms, trojans and spy ware, together with approximately one thousand of their variants have been discovered to-date. So far no classification of such mobile P2P security threats exists. There is no well known simulation environment to model mobile P2P network characteristics and provide a platform for the analysis of the propagation of different types of mobile malware. Therefore, our research provides a classification of mobile malware based on the behaviour of a node during infection and develops a platform to analyse malware propagation. It proposes and evaluates a novel behaviour-based approach, using AI, for the detection of various malware families. Unlike existing approaches, our approach focuses on identifying and classifying malware families rather than detecting individual malware and their variants. Adaptive detection of currently known and previously unknown mobile malware on designated mobile nodes through a deployed detection framework aided by AI classifiers enables successful detection. Although we have classified around 30% of the existing mobile P2P malware into 13 distinct malware families based on their behaviour during infection, this paper focuses on two, Cabir & Commwarrior, in order to analyse the proposed detection framework.
Mobile malware
Cryptovirology
Cite
Citations (7)
In March of 2018, about 500,000 desktop computers were infected with cryptocurrency mining malware in less than 24 hours. In addition to attacking desktop computers, malware also attacks laptops, tablets, mobile phones. That is, any device connected via the Internet, or a network is at risk of being attacked. In recent years, mobile phones have become extremely popular that places them as a big target of malware infections. In this study, the effectiveness of treatment for infected mobile devices is examined using compartmental modeling. Many studies have considered malware infections which also include treatment effectiveness. However, in this study we examine the treatment effectiveness of mobile devices based on the type of malware infections accrued (hostile or malicious malware). This model considers six classes of mobile devices based on their epidemiological status: susceptible, exposed, infected by hostile malware, infected by malicious malware, quarantined, and recovered. The malware reproduction number, RM, was identied to discover the threshold values for the dynamics of malware infections to become both prevalent or absent among mobile devices. Numerical simulations of the model give insights of various strategies that can be implemented to control malware epidemic in a mobile network.
Mobile malware
Cryptovirology
Epidemic model
Cite
Citations (12)
The growth in use of mobile phones to communicate and access sensitive resources drives the research of new approaches for protecting smartphones from all the possible attacks deriving from malicious software. Moreover, the continuous emerging of new and sophisticated malware makes current solutions to protect mobile phones inadequate shortly after being implemented. In this paper a new approach for run-time malware detection is proposed. It consists in analyzing system call traces gathered from malware and trusted applications to identify a set of relationships and recurring execution patterns that characterize their respective behavior. The characterization of the malware behaviour is expressed in terms of declarative constraints between system calls and can be used to identify similarities across malware families, detect malware variants within the same family, and to build trees of malware families based on their similarities. The effectiveness and efficiency of the approach have been assessed using a dataset of more than 1500 between trusted and malicious applications across six malware families. The results show that the proposed approach exhibits a very good discriminating ability exploitable for both malware detection and the study of malware evolution.
Mobile malware
Cryptovirology
System call
Malware analysis
Cite
Citations (4)
This chapter examines the scope of malicious software (malware) threats to mobile devices. The stakes for the wireless industry are high. While malware is rampant among 1 billion PCs, approximately twice as many mobile users currently enjoy a malware-free experience. However, since the appearance of the Cabir worm in 2004, malware for mobile devices has evolved relatively quickly, targeted mostly at the popular Symbian smartphone platform. Significant highlights in malware evolution are pointed out that suggest that mobile devices are attracting more sophisticated malware attacks. Fortunately, a range of host-based and network-based defenses have been developed from decades of experience with PC malware. Activities are underway to improve protection of mobile devices before the malware problem becomes catastrophic, but developers are limited by the capabilities of handheld devices.
Mobile malware
Scope (computer science)
Cryptovirology
Cite
Citations (5)
There are raising cases of mobile malwares exploiting iOS users across the world such as FinSpy and Exodus that were able to steal credential information from the victims and affect loss of victims' productivity. Yet, not many solutions were able to encounter iOS malware attacks. Hence, this paper presents a new iOS mobile malware classification based on mobile behaviour, vulnerability exploitation inspired by phylogenetic concept. The experiment was conducted by using hybrid analysis. Proof of concept (POC) was conducted and based on the POC it indicated that this proposed classification is significant to detect the malware attacks. In future, this proposed classification will be the input for iOS mobile malware detection.
Mobile malware
Credential
Vulnerability
Proof of concept
Cite
Citations (1)