Android malware analysis using application permissions

Android malware analysis using application permissions

Smartphones are the most useful devices nowadays because they offer a lot of useful services besides the aspect of mobility that benefit the user even more. In addition, the most popular platform is Android, because it offers verity of thousands free applications and also because the platform is ope...

Full description

Saved in:
Bibliographic Details
Main Author: Hamadi, Zaid Khalid
Format: Thesis
Language:English
English
Published: 2015
Subjects:
T Technology (General)
Online Access:http://eprints.utem.edu.my/id/eprint/15895/1/ANDROID%20MALWARE%20ANALYSIS%20USING%20APPLICATION%20PERMISSIONS%20%2824%20pgs%29.pdf
http://eprints.utem.edu.my/id/eprint/15895/2/Android%20malware%20analysis%20using%20application%20permissions.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.15895
record_format uketd_dc
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
advisor Hussin, Burairah
topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Hamadi, Zaid Khalid
Android malware analysis using application permissions
description Smartphones are the most useful devices nowadays because they offer a lot of useful services besides the aspect of mobility that benefit the user even more. In addition, the most popular platform is Android, because it offers verity of thousands free applications and also because the platform is open source. In this case anybody can develop an application and then publishing it on the store. In this research, we are aiming to analyze 400 Android application samples taken from Google’s play store, in order to determine the percentage of having the malware behavior within the collected samples. A confirmed malware dataset will be collected as well and the analysis will be done in order to derive malware patterns (permissions) and then comparing the 400 application samples with the malware derived malware patterns based upon the permissions requested. However, a certain combination of some Android user permissions could create a malware behavior such as the ability to read user contacts and the permission of using the web browser. At this point we can determine that this application has a malware behavior, which can send the user contacts to a third-party server without the knowledge of the user, but this is needed to be confirmed by analyzing the application’s source code. After doing the analysis, we will be able to propose a framework to protect the user private data that will benefit the users and the application developers to avoid designing an application that request such dangerous permissions combination if possible.
format Thesis
qualification_name Master of Philosophy (M.Phil.)
qualification_level Master's degree
author Hamadi, Zaid Khalid
author_facet Hamadi, Zaid Khalid
author_sort Hamadi, Zaid Khalid
title Android malware analysis using application permissions
title_short Android malware analysis using application permissions
title_full Android malware analysis using application permissions
title_fullStr Android malware analysis using application permissions
title_full_unstemmed Android malware analysis using application permissions
title_sort android malware analysis using application permissions
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2015
url http://eprints.utem.edu.my/id/eprint/15895/1/ANDROID%20MALWARE%20ANALYSIS%20USING%20APPLICATION%20PERMISSIONS%20%2824%20pgs%29.pdf
http://eprints.utem.edu.my/id/eprint/15895/2/Android%20malware%20analysis%20using%20application%20permissions.pdf
_version_ 1747833883048542208
spelling my-utem-ep.158952022-04-20T10:40:24Z Android malware analysis using application permissions 2015 Hamadi, Zaid Khalid T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Smartphones are the most useful devices nowadays because they offer a lot of useful services besides the aspect of mobility that benefit the user even more. In addition, the most popular platform is Android, because it offers verity of thousands free applications and also because the platform is open source. In this case anybody can develop an application and then publishing it on the store. In this research, we are aiming to analyze 400 Android application samples taken from Google’s play store, in order to determine the percentage of having the malware behavior within the collected samples. A confirmed malware dataset will be collected as well and the analysis will be done in order to derive malware patterns (permissions) and then comparing the 400 application samples with the malware derived malware patterns based upon the permissions requested. However, a certain combination of some Android user permissions could create a malware behavior such as the ability to read user contacts and the permission of using the web browser. At this point we can determine that this application has a malware behavior, which can send the user contacts to a third-party server without the knowledge of the user, but this is needed to be confirmed by analyzing the application’s source code. After doing the analysis, we will be able to propose a framework to protect the user private data that will benefit the users and the application developers to avoid designing an application that request such dangerous permissions combination if possible. 2015 Thesis http://eprints.utem.edu.my/id/eprint/15895/ http://eprints.utem.edu.my/id/eprint/15895/1/ANDROID%20MALWARE%20ANALYSIS%20USING%20APPLICATION%20PERMISSIONS%20%2824%20pgs%29.pdf text en public http://eprints.utem.edu.my/id/eprint/15895/2/Android%20malware%20analysis%20using%20application%20permissions.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=96210 mphil masters Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Hussin, Burairah 1. Amrutkar, C., Traynor, P. & van Oorschot, P.C., 2013. An Empirical Evaluation of Security Indicators in Mobile Web Browsers. IEEE Transactions on Mobile Computing, PP(99), pp.1–14. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6560336 [Accessed July 30, 2014]. 2. Arp, D. et al., 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. Available at: http://www.prosec-project.org/docs/2014-ndss.pdf [Accessed January 12, 2015]. 3. Barrera, D. & Van Oorschot, P., 2011. Secure Software Installation on Smartphones. IEEE Security & Privacy Magazine, 9(3), pp.42–48. Available at: http://people.scs.carleton.ca/~paulv/davidb.pdf [Accessed July 31, 2014]. 4. Bläsing, T. et al., 2010. An Android Application Sandbox system for suspicious software detection. In 2010 5th International Conference on Malicious and Unwanted Software. IEEE, pp. 55–62. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5665792 [Accessed July 30, 2014]. 5. Carettoni, L., Merloni, C. & Zanero, S., 2007. Studying Bluetooth Malware Propagation: The BlueBag Project. IEEE Security and Privacy Magazine, 5(2), pp.17–25. Available at: http://up.backtrack.cz/data/ebooks/BlueTooth/studying-bluetooth-malware.pdf [Accessed July 30, 2014]. 6. Chia, P.H., Yamamoto, Y. & Asokan, N., 2012. Is this app safe? In Proceedings of the 21st international conference on World Wide Web - WWW ’12. New York, New York, USA: ACM Press, p. 311. Available at: http://dl.acm.org/citation.cfm?id=2187879 [Accessed October 3, 2014]. 7. Chin, E. et al., 2011. Analyzing inter-application communication in Android. Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys ’11, pp.239–252. Available at: http://portal.acm.org/citation.cfm?doid=1999995.2000018. 8. Choi, K., Lee, C. & Jeon, W., 2011. A mobile based anti-phishing authentication scheme using QR code. In Mobile IT Convergence ( …. IEEE, pp. 109 – 113. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6061536 [Accessed July 30, 2014]. 9. Choudhury, H., Roychoudhury, B. & Saikia, D.K., 2011. UMTS user identity confidentiality: An end-to-end solution. In 2011 Eighth International Conference on Wireless and Optical Communications Networks. IEEE, pp. 1–6. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5872916 [Accessed July 30, 2014]. 10. Delac, G., Silic, M. & Krolo, J., 2011. Emerging security threats for mobile platforms. MIPRO, 2011 Proceedings of the 34th …, pp.1468–1473. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5967292 [Accessed July 31, 2014]. 11. Dunham, K., 2008. Mobile malware attacks and defense M. McGee et al., eds., Laura Colantoni. Available at: http://books.google.com/books?hl=en&lr=&id=Nd1RcGWMKnEC&oi=fnd&pg=PP2&dq=Mobile+Malware+Attacks+and+Defense&ots=8365xnEcF7&sig=lhaCOw_2NOPIWGZaP2_b5RECtOs [Accessed July 30, 2014]. 12. Eshmawi, A. & Nair, S., 2013. Smartphone applications security: Survey of new vectors and solutions. In 2013 ACS International Conference on Computer Systems and Applications (AICCSA). IEEE, pp. 1–4. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6616461 [Accessed July 30, 2014]. 13. Faghani, M.R., Matrawy, A. & Lung, C.-H., 2012. A Study of Trojan Propagation in Online Social Networks. In 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE, pp. 1–5. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6208767 [Accessed July 30, 2014]. 14. Felt, A.P., Finifter, M., et al., 2011. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’11. New York, New York, USA: ACM Press, p. 3. Available at: http://dl.acm.org/citation.cfm?doid=2046614.2046618 [Accessed July 31, 2014]. 15. Felt, A.P., Chin, E., et al., 2011. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11. New York, New York, USA: ACM Press, p. 627. Available at: http://dl.acm.org/citation.cfm?doid=2046707.2046779 [Accessed July 19, 2014]. 16. Figueiredo Loureiro, A., Gallegos, D. & Caldwell, G., 2014. Substandard cell phones: impact on network quality and a new method to identify an unlicensed IMEI in the network. IEEE Communications Magazine, 52(3), pp.90–96. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6766091 [Accessed July 30, 2014]. 17. Flo, A. & Josang, A., 2009. Consequences of botnets spreading to mobile devices. Short-Paper Proceedings of the 14th Nordic …, (October), pp.37–43. Available at: http://persons.unik.no/josang/papers/rfj2009-nordsec.pdf [Accessed July 30, 2014]. 18. Gour, A., Pimple, J. & Gangotri, S., 2014. Modelling & Detaining Mobile Virus Proliferation over Smart phones. ijcsit.com, 5(3), pp.3854–3862. Available at: http://www.ijcsit.com/docs/Volume 5/vol5issue03/ijcsit20140503263.pdf [Accessed July 30, 2014]. 19. Holavanalli, S. et al., 2013. Flow Permissions for Android. In 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, pp. 652–657. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6693128 [Accessed July 18, 2014]. 20. Husted, N., Saïdi, H. & Gehani, A., 2011. Smartphone security limitations: conflicting traditions. Proceedings of the 2011 Workshop on …. Available at: http://dl.acm.org/citation.cfm?id=2076497 [Accessed January 12, 2015]. 21. Idris, A.N. et al., 2013. Effect of radio frequency interference (RFI) on the Global Positioning System (GPS) signals. In 2013 IEEE 9th International Colloquium on Signal Processing and its Applications. IEEE, pp. 199–204. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6530041 [Accessed July 30, 2014]. 22. International Data Corporation, 2014. IDC: Smartphone OS Market Share. [online] www.idc.com. Available at: http://www.idc.com/prodserv/smartphone-os-market-share.jsp [Accessed 26 Jul. 2014]. 23. Jang, W., Cho, S. & Lee, H., 2011. Rooting attack detection method on the Android-based smart phone. In Proceedings of 2011 International Conference on Computer Science and Network Technology. IEEE, pp. 477–481. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6182000 [Accessed July 30, 2014]. 24. Jeng, A.B., 2012. Android privacy. In 2012 International Conference on Machine Learning and Cybernetics. IEEE, pp. 1830–1837. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6359654 [Accessed July 30, 2014]. 25. Kiyomoto, S., Fukushima, K. & Tanaka, T., 2010. A Small But Non-negligible Flaw in the Android Permission Scheme. In 2010 IEEE International Symposium on Policies for Distributed Systems and Networks. IEEE, pp. 107–110. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5630227 [Accessed July 27, 2014]. 26. Lei, L. et al., 2013. A Threat to Mobile Cyber-Physical Systems: Sensor-Based Privacy Theft Attacks on Android Smartphones. In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, pp. 126–133. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6680832 [Accessed July 18, 2014]. 27. Matsudo, T. et al., 2012. A Proposal of Security Advisory System at the Time of the Installation of Applications on Android OS. In 2012 15th International Conference on Network-Based Information Systems. IEEE, pp. 261–267. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6354836 [Accessed July 30, 2014]. 28. Milošević, N., 2013. History of malware. arXiv preprint arXiv:1302.5392, pp.1–11. Available at: http://arxiv.org/ftp/arxiv/papers/1302/1302.5392.pdf [Accessed July 27, 2014]. 29. Narsimha, K. & Akshey, B., 2014. Securing Mobile Applications Using Model Driven Architecture. IPASJ International Journal of Computer Science (IIJCS), 2(5), pp.41–48. Available at: http://ipasj.org/IIJCS/Volume2Issue5/IIJCS-2014-05-20-027.pdf. 30. Peng, S., Yu, S. & Yang, A., 2014. Smartphone Malware and Its Propagation Modeling: A Survey. IEEE Communications Surveys & Tutorials, 16(2), pp.925–941. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6563277 [Accessed July 30, 2014]. 31. Pieterse, H. & Olivier, M.S., 2012. Android botnets on the rise: Trends and characteristics. In 2012 Information Security for South Africa. IEEE, pp. 1–5. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6320432 [Accessed July 30, 2014]. 32. Racic, R., Ma, D. & Chen, H., 2006. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone’s Battery. In 2006 Securecomm and Workshops. IEEE, pp. 1–10. Available at: ftp://ool-ad02c0ce.dyn.optonline.net/MyNetDocs/_Utilities_/BackTrack4/mmaexploit.pdf [Accessed July 30, 2014]. 33. Ramu, S., 2012. Mobile Malware Evolution, Detection and Defense. EECE 571B, TERM SURVEY PAPER, (April), pp.1–15. Available at: http://blogs.ubc.ca/computersecurity/files/2012/04/SRamu_EECE572_SurveyPaper-SrikanthRamu.pdf [Accessed October 21, 2014]. 34. Reina, A., Fattori, A. & Cavallaro, L., 2013. A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. ACM European Workshop on Systems Security (EuroSec)., pp.1–6. Available at: http://www.cs.swarthmore.edu/~bylvisa1/cs97/f13/Papers/copperdroid.pdf [Accessed July 31, 2014]. 35. Sawle, M. & Gadicha, A., 2014. Analysis of Malware Detection Techniques in Android. International Journal of Computer Science and Mobile Computing, 3(3), pp.176–182. Available at: http://ijcsmc.com/docs/papers/March2014/V3I3201439.pdf [Accessed July 30, 2014]. 36. Schmidt, A.-D. et al., 2009. Smartphone malware evolution revisited: Android next target? In 2009 4th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, pp. 1–7. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5403026 [Accessed July 30, 2014]. 37. Shams, R. et al., 2011. Comparing Anti-Spyware products — A different approach. In 2011 6th IEEE Joint International Information Technology and Artificial Intelligence Conference. IEEE, pp. 75–80. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6030154 [Accessed July 30, 2014]. 38. Shao, Y., Luo, X. & Qian, C., 2014. RootGuard: Protecting Rooted Android Phones. Computer, 47(6), pp.32–40. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6838907 [Accessed July 30, 2014]. 39. Spreitzenbarth, M. et al., 2013. Mobile-Sandbox: Having a Deeper Look into Android Applications. , pp.1808–1815. 40. Stevens, R. et al., 2013. Asking for (and about) permissions used by Android apps. In 2013 10th Working Conference on Mining Software Repositories (MSR). IEEE, pp. 31–40. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6624000 [Accessed July 30, 2014]. 41. Stirparo, P. et al., 2013. In-memory credentials robbery on android phones. In World Congress on Internet Security (WorldCIS-2013). IEEE, pp. 88–93. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6751023 [Accessed July 30, 2014]. 42. Stutz, M., Thomas, V.M. & Saar, S., 2004. Linking bar codes to recycling information for mobile phones. In IEEE International Symposium on Electronics and the Environment, 2004. Conference Record. 2004. IEEE, pp. 313–316. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1299736 [Accessed July 30, 2014]. 43. Sun, L. et al., 2012. Application Policy Security Mechanisms of Android System. In 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems. IEEE, pp. 1722–1725. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6332392 [Accessed July 31, 2014]. 44. Tang, W. et al., 2011. Extending Android Security Enforcement with a Security Distance Model. In 2011 International Conference on Internet Technology and Applications. IEEE, pp. 1–4. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6006288 [Accessed July 30, 2014]. 45. Tenenboim-Chekina, L., Rokach, L. & Shapira, B., 2013. Ensemble of Feature Chains for Anomaly Detection. Multiple Classifier Systems. Available at: http://link.springer.com/chapter/10.1007/978-3-642-38067-9_26 [Accessed January 12, 2015]. 46. Thanh, H. Le, 2013. Analysis of Malware Families on Android Mobiles: Detection Characteristics Recognizable by Ordinary Phone Users and How to Fix It. Journal of Information Security, 2013(October), pp.213–224. Available at: http://www.scirp.org/journal/PaperInformation.aspx?paperID=36799 [Accessed November 5, 2014]. 47. Wang, Z. & Stavrou, A., 2010. Exploiting smart-phone USB connectivity for fun and profit. In Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC ’10. New York, New York, USA: ACM Press, p. 357. Available at: http://portal.acm.org/citation.cfm?doid=1920261.1920314 [Accessed July 30, 2014]. 48. Wei, X. et al., 2012. Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It? In 2012 IEEE 28th International Conference on Data Engineering Workshops. IEEE, pp. 251–254. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6313688 [Accessed July 18, 2014]. 49. Xu, R., Saïdi, H. & Anderson, R., 2012. Aurasium: Practical Policy Enforcement for Android Applications. USENIX Security Symposium, pp.1–14. Available at: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final60.pdf [Accessed July 31, 2014]. 50. Zhou, Y. & Jiang, X., 2012. Dissecting Android Malware: Characterization and Evolution. In 2012 IEEE Symposium on Security and Privacy. IEEE, pp. 95–109. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6234407 [Accessed July 19, 2014]. 51. Zhu, Z. et al., 2009. A Social Network Based Patching Scheme for Worm Containment in Cellular Networks. In IEEE INFOCOM 2009 - The 28th Conference on Computer Communications. IEEE, pp. 1476–1484. Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5062064 [Accessed July 30, 2014].

Similar Items