Abstract
This paper represents a static analysis based research of android’s feature in obfuscated android malware. Android smartphone’s security and privacy of personal information remain threatened because of android based device popularity. It has become a challenging and diverse area to research in information security. Though malware researchers can detect already identified malware, they can not detect many obfuscated malware. Because, malware attackers use different obfuscation techniques, as a result many anti malware engines can not detect obfuscated malware applications. Therefore, it is necessary to identify the obfuscated malware pattern made by attackers. A large-scale investigation has been performed in this paper by developing python scripts, named it AndroShow, to extract pattern of permission, app component, filtered intent, API call and system call from an obfuscated malware dataset named Android PRAGuard Dataset. Finally, the patterns in a matrix form have been found and stored in a Comma Separated Values (CSV) file which will be the base of detecting the obfuscated malware in future.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Operating system market share worldwide. https://gs.statcounter.com/os-market-share
Sen S, Aysan AI, Clark JA (2018) SAFEDroid: using structural features for detecting Android malware. In: Security and privacy in communication networks: SecureComm 2017 international workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, 22–25 Oct 2017. Proceedings 13. Springer, pp 255–270
Alazab M, Broadhurst R (2016) Spam and criminal activity. Trends Issues Crime Criminal Just (Aust Inst Criminol) 52
Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens CERT (2014) DREBIN: effective and explainable detection of android malware in your pocket. NDSS 14:23–26
Saracino A, Sgandurra D, Dini G, Martinelli F (2016) Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Depend Secure Comput
Number of smartphones sold to end users worldwide from 2007 to 2020. https://www.statista.com/statistics/263437/global-smartphone-salesto-end-users-since-2007/
Huda S, Abawajy J, Alazab M, Abdollalihian M, Islam R, Yearwood J (2016) Hybrids of support vector machine wrapper and filter based framework for malware detection. Future Gener Comput Syst 55:376–390
Reina A, Fattori A, Cavallaro L (2013) A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. EuroSec
Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550
Alazab M (2015) Profiling and classifying the behavior of malicious codes. J Syst Softw 100:91–102
Gibler C, Crussell J, Erickson J, Chen H (2012) AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International conference on trust and trustworthy computing. Springer, Berlin, Heidelberg, pp 291–307
Backes M, Gerling S, Hammer C, Maffei M, von Styp-Rekowsky P (2014) AppGuard–Fine-grained policy enforcement for untrusted Android applications. Data privacy management and autonomous spontaneous security. Springer, Berlin, Heidelberg, pp 213–231
Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi AR, Shastry B (2012) Towards taming privilege-escalation attacks on android. In: NDSS, vol 17, p 19
Viswanath H, Mehtre BM (2018) U.S. Patent No. 9,959,406. U.S. Patent and Trademark Office, Washington, DC
Zhong X, Zeng F, Cheng Z, Xie N, Qin X, Guo S (2017) Privilege escalation detecting in android applications. In: 2017 3rd international conference on big data computing and communications (BIGCOM). IEEE, pp 39–44
Aafer Y, Du W, Yin H (2013) Droidapiminer: mining API-level features for robust malware detection in android. In: International conference on security and privacy in communication systems. Springer, Cham, pp 86–103
Demontis A, Melis M, Biggio B, Maiorca D, Arp D, Rieck K, Corona I, Giacinto G, Roli F (2017) Yes, machine learning can be more secure! A case study on Android malware detection. IEEE Trans Depend Secure Comput
Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):6
Papadopoulos H, Georgiou N, Eliades C, Konstantinidis A (2017) Android malware detection with unbiased confidence guarantees. Neurocomputing
Shabtai A, Moskovitch R, Elovici Y, Glezer C (2009) Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf Secur Tech Rep 14(1):16–29
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26
Fereidooni H, Moonsamy V, Conti M, Batina L (2016) Efficient classification of android malware in the wild using robust static features. Protecting mobile networks and devices: challenges and solutions, p 181
Permissions overview. https://developer.android.com/guide/topics/permissions/o-verview
Huang, C-Y, Tsai Y-T, Hsu C-H (2013) Performance evaluation on permission-based detection for android malware. Advances in intelligent systems and applications, vol 2. Springer, Berlin, Heidelberg, pp 111–120
Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on computer and communications security, pp 627–638
Arslan RS, Dogru IA, Barişçi N (2019) Permission-based malware detection system for android using machine learning techniques. Int J Softw Eng Knowl Eng 29(01):43–61
Yildiz O, Dogru IA (2019) Permission-based android malware detection system using feature selection with genetic algorithm. Int J Softw Eng Knowl Eng 29(02):245–262
Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225
Arora A, Peddoju SK, Conti M (2019) PermPair: android malware detection using permission pairs. IEEE Trans Inf Forens Secur 15:1968–1982
Arora A, Peddoju SK (2018) NTPDroid: a hybrid android malware detector using network traffic and system permissions. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). IEEE, pp 808–813
Şahın DO, Kural OE, Akleylek S, Kiliç E (2018) New results on permission based static analysis for Android malware. In 2018 6th international symposium on digital forensic and security (ISDFS). IEEE, pp 1–4
Wang C, Xu Q, Lin X, Liu S (2018) Research on data mining of permissions mode for Android malware detection. Cluster Comput 22:13337–13350
Motiur Rahman SSM, Saha SK, (2019) StackDroid: evaluation of a multi-level approach for detecting the malware on android using stacked generalization. In: Santosh K, Hegadi R (eds) Recent trends in image processing and pattern recognition. RTIP2R 2018. Communications in computer and information science, vol 1035. Springer, Singapore
Rana MS, Rahman SS, Sung AH (2018) Evaluation of tree based machine learning classifiers for android malware detection. In: International conference on computational collective intelligence. Springer, Cham, pp 377–385
App components. https://developer.android.com/guide/components/fundamentals
Wang X, Zhang D, Su X, Li W (2017) Mlifdect: android malware detection based on parallel machine learning and information fusion. Secur Commun Netw 2017
Android—application components. https://www.tutorialspoint.com/android/an-droid application components.htm
Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: android malware detection through manifest and API calls tracing. In: 2012 seventh Asia joint conference on information security. IEEE, pp 62–69
Kim T, Kang B, Rho M, Sezer S, Im EG (2018) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inf Forens Secur 14(3):773–788
Shen T, Zhongyang Y, Xin Z, Mao B, Huang H (2014) Detect android malware variants using component based topology graph. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications. IEEE, pp 406–413
Li C, Mills K, Niu D, Zhu R, Zhang H, Kinawi H (2019) Android malware detection based on factorization machine. IEEE Access 7:184008–184019
Rana MS, Gudla C, Sung AH (2018) Evaluating machine learning models for android malware detection: a comparison study. In: Proceedings of the 2018 VII international conference on network, communication and computing. ACM, pp 17–21
Android developers, intents and intent filters. https://developer.android.com/guide/components/Intents-filters
Xu K, Li Y, Deng RH (2016) Iccdetector: ICC-based malware detection on android. IEEE Trans Inf Forens Secur 11(6):1252–1264
Elish KO, Yao D, Ryder BG (2015) On the need of precise inter-app ICC classification for detecting Android malware collusions. In: Proceedings of IEEE mobile security technologies (MoST), in conjunction with the IEEE symposium on security and privacy
Feng Y, Anand S, Dillig I, Aiken (2014) Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering. ACM, pp 576–587
Feizollah A, Anuar NB, Salleh R, Suarez-Tangil G, Furnell S (2017) Androdialysis: analysis of android intent effectiveness in malware detection. Comput Secur 65:121–134
Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2015) Iccta: detecting inter-component privacy leaks in android apps. In: Proceedings of 60 \(\copyright \)Daffodil International University the 37th international conference on software engineering, vol 1. IEEE Press, pp 280–291
Li L, Bartel A, Klein J, Le Traon Y (2014) Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications. IEEE, pp 388–397
What exactly IS an API? https://medium.com/@perrysetgo/what-exactly-is-an-API-69f36968a41f
Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence. IEEE, pp 300–305
Seo SH, Gupta A, Sallam AM, Bertino E, Yim K (2014) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl 38:43–53
Yang M, Wang S, Ling Z, Liu Y, Ni Z (2017) Detection of malicious behavior in android apps through API calls and permission uses analysis. Concurr Comput: Pract Exp 29(19):e4172
Skovoroda A, Gamayunov D (2017) Automated static analysis and classification of Android malware using permission and API calls models. In: 2017 15th annual conference on privacy, security and trust (PST). IEEE, pp 243–24309
Shen F, Del Vecchio J, Mohaisen A, Ko SY, Ziarek L (2018) Android malware detection using complex-flows. IEEE Trans Mob Comput
Ghani SMA, Abdollah MF, Yusof R, Mas’ud MZ (2015) Recognizing API features for malware detection using static analysis. J Wirel Netw Commun 5(2A):6–12
Malik S, Khatter K (2016) System call analysis of android malware families. Indian J Sci Technol 9(21)
Dimjaševic M, Atzeni S, Ugrina I, Rakamaric Z (2015) Android malware detection based on system calls. Tech. Rep, University of Utah
Firdaus A, Anuar NB (2015) Root-exploit malware detection using static analysis and machine learning. In: Proceedings of the fourth international conference on computer science & computational mathematics (ICCSCM 2015). Langkawi, Malaysia, pp 177–183
Da C, Hongmei Z, Xiangli Z (2016) Detection of Android malware security on system calls. In: 2016 IEEE advanced information management, communicates, electronic and automation control conference (IMCEC). IEEE, pp 974–978
Kedziora M, Gawin P, Szczepanik M, Jozwiak I (2018) Android malware detection using machine learning and reverse engineering. Comput Sci Inf Technol (CS&IT) 95–107
Tchakounté F, Dayang P (2013) System calls analysis of malware on android. Int J Sci Technol 2(9):669–674
Wahanggara V, Prayudi Y (2015) Malware detection through call system on android smartphone using vector machine method. In: 2015 fourth international conference on cyber security, cyber warfare, and digital forensic (CyberSec). IEEE, pp 62–67
Maiorca D, Ariu D, Corona I, Aresu M, Giacinto G (2015) Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput Secur 51:16–31
Rastogi V, Chen Y, Jiang X (2013) Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security. ACM, pp 329–334
Android PRAGuard Dataset. http://pralab.diee.unica.it/en/AndroidPRAGuardD-ataset
MalGenome. http://www.malgenomeproject.org/
Contagio. http://contagiominidump.blogspot.com/
Androguard. https://github.com/androguard/androguard
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Russel, M.O.F.K., Rahman, S.S.M.M., Alazab, M. (2021). AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware. In: Maleh, Y., Shojafar, M., Alazab, M., Baddi, Y. (eds) Machine Intelligence and Big Data Analytics for Cybersecurity Applications. Studies in Computational Intelligence, vol 919. Springer, Cham. https://doi.org/10.1007/978-3-030-57024-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-57024-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57023-1
Online ISBN: 978-3-030-57024-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)