Real-Time Malware Detectors on Android projects
Android has become the leading operating systemfor next-generation smart devices. Consequently, the number ofAndroid malware has also skyrocketed. Many dynamic analysistechniques have been proposed to detect Android malware.However, very few of these techniques use real-time monitoringon user devices as Android does not provide low-level informa-tion to third-party apps. Moreover, some techniques detect aspecific malware class more effectively than others. Therefore,end users can be benefited by installing multiple malwaredetection techniques. In this paper, we propose SpyDroid, areal-time malware detection framework that can accommodatemultiple detectors from third-parties (e.g., researchers and an-tivirus vendors) and allows efficient and controlled real-timemonitoring. SpyDroid consists of two operating system modules(monitoring and detection) and supports application layer sub-detectors. Sub-detectors are regular Android applications thatmonitor and analyze different runtime information using themonitoring module and they report the detection module abouttheir findings. The detection module decides when to mark an appas malware. Researchers and antivirus vendors can now publishtheir techniques via app markets and end users can install anynumber of sub-detectors as they require. We have implementedSpyDroid using the Android Open Source Project (AOSP) andour experiments with a dataset containing 4,965 apps show thatdecisions from multiple sub-detectors can increase the malwaredetection rate significantly on a real device.Code Shoppy
Among all smartphone operating systems, Android occupiesover 85% market share in 2017 [1]. Moreover, Android-powered devices such as cars, fridges, televisions, point ofsale (POS) terminals, and ATM booths are expected to flooduser markets within a few years. Due to the popularity ofthe Android ecosystem, malware writers are targeting Androiddevices exclusively and the number of malware for Androidsurged exponentially in 2017. Android implements a num-ber of security mechanisms to ensure the safety of deviceresources, e.g., the permission mechanism.The permission mechanism of Android is coarse-grainedand users are usually ignorant about the sought permissions.Researchers also proposed attacks that can bypass the per-mission mechanism [2], [3]. As a result, effective detectionof malware is very important to mitigate security threats inthe Android ecosystem. Unfortunately, antiviruses are not veryeffective due to the restrictive security model of Android thatdoes not let any app scan the runtime behavior of others.Researchers have made great efforts to improve the securityf Android and proposed a number of static and dynamicanalysis techniques. In static analysis, the Android applicationfile (apk) is decompiled to perform analysis, such as data flowanalysis, control flow analysis, API call analysis, byte N-gram,and fingerprinting. Studies [4] have shown that static analysisis becoming less effective day by day due to powerful trans-formation techniques (call graph obfuscation, dynamic codeloading, manifest cheating, metamorphism, polymorphism,etc.). They concluded that dynamic analysis is a necessarycomplement to static analysis as it is less vulnerable to codetransformations.Dynamic analysis is more effective as it can extract featuresthat represent unique patterns of execution. Interestingly, ac-cording to this study [5], over 98% of the new malware arein fact variants of an existing malware family. Google usesa dynamic analysis system called Google Bouncer that ana-lyzes apks submitted to them. Unfortunately, dynamic analysistechniques that execute Android apps inside an emulator alsosuffer from the fact that malware writers can detect emulatorsand thus evade detection. Hence, real-time monitoring onuser devices becomes necessary. In addition, end users arenot benefiting from these research as it is very difficult forthem to integrate the techniques into their devices. Moreover,sometimes a specific class of malware can only be detected bya single technique or a particular antivirus. Therefore, deviceowners can be benefited by employing multiple malwaredetectors on their devices https://codeshoppy.com/php-projects-titles-topics.html
Android has become the leading operating systemfor next-generation smart devices. Consequently, the number ofAndroid malware has also skyrocketed. Many dynamic analysistechniques have been proposed to detect Android malware.However, very few of these techniques use real-time monitoringon user devices as Android does not provide low-level informa-tion to third-party apps. Moreover, some techniques detect aspecific malware class more effectively than others. Therefore,end users can be benefited by installing multiple malwaredetection techniques. In this paper, we propose SpyDroid, areal-time malware detection framework that can accommodatemultiple detectors from third-parties (e.g., researchers and an-tivirus vendors) and allows efficient and controlled real-timemonitoring. SpyDroid consists of two operating system modules(monitoring and detection) and supports application layer sub-detectors. Sub-detectors are regular Android applications thatmonitor and analyze different runtime information using themonitoring module and they report the detection module abouttheir findings. The detection module decides when to mark an appas malware. Researchers and antivirus vendors can now publishtheir techniques via app markets and end users can install anynumber of sub-detectors as they require. We have implementedSpyDroid using the Android Open Source Project (AOSP) andour experiments with a dataset containing 4,965 apps show thatdecisions from multiple sub-detectors can increase the malwaredetection rate significantly on a real device.Code Shoppy
Among all smartphone operating systems, Android occupiesover 85% market share in 2017 [1]. Moreover, Android-powered devices such as cars, fridges, televisions, point ofsale (POS) terminals, and ATM booths are expected to flooduser markets within a few years. Due to the popularity ofthe Android ecosystem, malware writers are targeting Androiddevices exclusively and the number of malware for Androidsurged exponentially in 2017. Android implements a num-ber of security mechanisms to ensure the safety of deviceresources, e.g., the permission mechanism.The permission mechanism of Android is coarse-grainedand users are usually ignorant about the sought permissions.Researchers also proposed attacks that can bypass the per-mission mechanism [2], [3]. As a result, effective detectionof malware is very important to mitigate security threats inthe Android ecosystem. Unfortunately, antiviruses are not veryeffective due to the restrictive security model of Android thatdoes not let any app scan the runtime behavior of others.Researchers have made great efforts to improve the securityf Android and proposed a number of static and dynamicanalysis techniques. In static analysis, the Android applicationfile (apk) is decompiled to perform analysis, such as data flowanalysis, control flow analysis, API call analysis, byte N-gram,and fingerprinting. Studies [4] have shown that static analysisis becoming less effective day by day due to powerful trans-formation techniques (call graph obfuscation, dynamic codeloading, manifest cheating, metamorphism, polymorphism,etc.). They concluded that dynamic analysis is a necessarycomplement to static analysis as it is less vulnerable to codetransformations.Dynamic analysis is more effective as it can extract featuresthat represent unique patterns of execution. Interestingly, ac-cording to this study [5], over 98% of the new malware arein fact variants of an existing malware family. Google usesa dynamic analysis system called Google Bouncer that ana-lyzes apks submitted to them. Unfortunately, dynamic analysistechniques that execute Android apps inside an emulator alsosuffer from the fact that malware writers can detect emulatorsand thus evade detection. Hence, real-time monitoring onuser devices becomes necessary. In addition, end users arenot benefiting from these research as it is very difficult forthem to integrate the techniques into their devices. Moreover,sometimes a specific class of malware can only be detected bya single technique or a particular antivirus. Therefore, deviceowners can be benefited by employing multiple malwaredetectors on their devices https://codeshoppy.com/php-projects-titles-topics.html
No comments:
Post a Comment