Detecting Symbian OS malware through static function call analysis
作者: Aubrey-Derrick Schmidt , Jan Hendrik Clausen , Ahmet Camtepe , Sahin Albayrak
DOI: 10.1109/MALWARE.2009.5403024
关键词:
摘要: Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed while not only being used for classical voice-centric communication. New smartphone malwares keep emerging where most them still target Symbian OS. In the case OS, application signing seemed to be an appropriate measure slowing down malware appearance. Unfortunately, latest examples showed that can bypassed resulting in new outbreak. this paper, we present a novel approach static detection resource-limited mobile environments. This extend currently third-party mechanisms increasing capabilities. work, extract function calls from binaries order apply clustering mechanism, called centroid. method is capable detecting unknown malwares. Our results promising employed mechanism might find at distribution channels, like online stores. Additionally, it seems suitable directly on smartphones (pre-)checking installed applications.
dai-labor.de 参考文章(14)
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
I. Rish, An empirical study of the naive Bayes classifier ,(2001)
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Chris Eagle, The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler ,(2008)
Friedrich Pukelsheim, The Three Sigma Rule The American Statistician. ,vol. 48, pp. 88- 91 ,(1994) , 10.1080/00031305.1994.10476030
A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, S. Albayrak, Static Analysis of Executables for Collaborative Malware Detection on Android international conference on communications. pp. 631- 635 ,(2009) , 10.1109/ICC.2009.5199486
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910
Andreas Moser, Christopher Kruegel, Engin Kirda, Limits of Static Analysis for Malware Detection annual computer security applications conference. pp. 421- 430 ,(2007) , 10.1109/ACSAC.2007.21
Ulrich Bayer, Andreas Moser, Christopher Kruegel, Engin Kirda, Dynamic Analysis of Malicious Code Journal in Computer Virology. ,vol. 2, pp. 67- 77 ,(2006) , 10.1007/S11416-006-0012-2