Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
作者: Xuxian Jiang , Yajin Zhou , Wu Zhou , Zhi Wang
DOI:
关键词: Internet privacy 、 Android (operating system) 、 Computer security 、 Android security 、 Heuristics 、 Infection rate 、 Malware 、 Android malware 、 Computer science 、 Mobile malware
摘要: In this paper, we present a systematic study for the detection of malicious applications (or apps) on popular Android Markets. To end, first propose permissionbased behavioral footprinting scheme to detect new samples known malware families. Then apply heuristics-based filtering identify certain inherent behaviors unknown We implemented both schemes in system called DroidRanger. The experiments with 204, 040 apps collected from five different Markets May-June 2011 reveal 211 ones: 32 official Market (0.02% infection rate) and 179 alternative marketplaces (infection rates ranging 0.20% 0.47%). Among those apps, our also uncovered two zero-day (in 40 apps): one other marketplaces. results show that current are functional relatively healthy. However, there is clear need rigorous policing process, especially non-regulated
yajin.org 
columbia.edu 
ndss-symposium.org 参考文章(27)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning, Detecting repackaged smartphone applications in third-party android marketplaces Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12. pp. 317- 326 ,(2012) , 10.1145/2133601.2133640
Iker Burguera, Urko Zurutuza, Simin Nadjm-Tehrani, Crowdroid Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 15- 26 ,(2011) , 10.1145/2046614.2046619
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691