Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android
作者: Mingshen Sun , Xiaolei Li , John C. S. Lui , Richard T. B. Ma , Zhenkai Liang
DOI: 10.1109/TIFS.2016.2646641
关键词:
摘要: Android, the most popular mobile OS, has around 78% of market share. Due to its popularity, it attracts many malware attacks. In fact, people have discovered 1 million new samples per quarter, and was reported that over 98% these are in fact “ derivatives ” (or variants) from existing families. this paper, we first show runtime behaviors malware’s core functionalities similar within a family. Hence, propose framework combine behavior with static structures detect variants. We present design implementation Monet, which client backend server module. The module is lightweight, in-device app for monitoring signature generation, realize using two novel interception techniques. responsible large scale detection. collect 3723 top 500 benign apps carry out extensive experiments detecting variants defending against transformation. Our Monet can achieve 99% accuracy Furthermore, defend ten different obfuscation transformation techniques, while only incurs 7% performance overhead about 3% battery overhead. More importantly, will automatically alert users intrusion details so prevent further malicious behaviors.
arxiv.org
sci-hub.se 参考文章(41)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Jonathan Crussell, Clint Gibler, Hao Chen, AnDarwin: Scalable Detection of Semantically Similar Android Applications european symposium on research in computer security. pp. 182- 199 ,(2013) , 10.1007/978-3-642-40203-6_11
Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, Phillip Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications european symposium on research in computer security. pp. 163- 182 ,(2014) , 10.1007/978-3-319-11203-9_10
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Heqing Huang, Yeonjoon Lee, Kai Chen, Peng Liu, Peng Wang, Nan Zhang, Wei Zou, XiaoFeng Wang, Finding unknown malice in 10 seconds: mass vetting for new threats at the Google-play scale usenix security symposium. pp. 659- 674 ,(2015)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Min Zheng, Patrick P. C. Lee, John C. S. Lui, ADAM: an automatic and extensible platform to stress test android anti-virus systems international conference on detection of intrusions and malware and vulnerability assessment. pp. 82- 101 ,(2012) , 10.1007/978-3-642-37300-8_5
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, Dawn Song, Juxtapp: a scalable system for detecting code reuse among android applications international conference on detection of intrusions and malware and vulnerability assessment. pp. 62- 81 ,(2012) , 10.1007/978-3-642-37300-8_4
Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer, None, MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis computer software and applications conference. ,vol. 2, pp. 422- 433 ,(2015) , 10.1109/COMPSAC.2015.103
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)