Multimedia Tools and Applications

, Volume 76, Issue 17, pp 18153–18173 | Cite as

SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform

  • Eun Su Jeong
  • In Seok Kim
  • Dong Hoon Lee


SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.


Android malware detection Mobile multimedia application Behavior detection Android platform Mobile security 



This work was supported by the ICT R&D program of MSIP/IITP. [R0101-15-0195(10043959), Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices

Compliance with ethical standards

Conflict of interest

The authors declare that they have no competing interests.


  1. 1.
    Blasing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak S (2010) An Android Application Sandbox system for suspicious software detection. 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp 55–62, October 2010Google Scholar
  2. 2.
    Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for Android. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp 15–26Google Scholar
  3. 3.
    Chan PPK, Song W-K (2014) Static detection of Android malware by using permissions and API calls. in 2014 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1, pp. 82–87Google Scholar
  4. 4.
    Di Cerbo F, Girardello A, Michahelles F, Voronkova S (2011) Detection of malicious applications on android os. Proceedings of the 4th international conference on Computational forensics, IWCF’10, pp 138–149, November 2011Google Scholar
  5. 5.
    Enck W, Gilbert P, Chun B-G, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proceedings of the 9th USENIX conference on Operating systems design and implementation, October 2010Google Scholar
  6. 6.
    Fuchs AP, Chaudhuri A, Foster JS (2009) SCanDroid: Automated Security Certification of Android Applications. Technical Report CSTR-4991, Department of Computer Science, University of Maryland, November 2009Google Scholar
  7. 7.
    Google Play. Retrieved 25 June 2015, from
  8. 8.
    Isohara T, Takemori K, Kubota A (2011) Kernel-based Behavior Analysis for Android Malware Detection. 2011 Seventh International Conference on Computational Intelligence and Security, pp 1011–1015, Dec 2011Google Scholar
  9. 9.
    Jang J, Yun J, Woo J, Kim HK (2014) Andro-profiler: anti-malware system based on behavior profiling of mobile malware. in Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion, pp. 737–738Google Scholar
  10. 10.
    Juniper Networks Inc (2011) Malicious mobile threats report 2010/2011. Technical report, Juniper Networks, Inc.Google Scholar
  11. 11.
    Kim S, Cho JI, Myeong HW, Lee DH (2012) A study on static analysis model of mobile application for privacy protection. Computer Science and Convergence 114:529–540CrossRefGoogle Scholar
  12. 12.
    Manjunath V (2011) Reverse Engineering of Malware on Android. SANS Institute InfoSec Reading Room, August 2011Google Scholar
  13. 13.
    NQ Mobile’s Security Lab (2012) NQ mobile’s 2012 security report, pp 1–4. Retrieved from
  14. 14.
    Rastogi V, Chen Y, Enck W (2013) AppsPlayground: automatic security analysis of smartphone applications. in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY '13), pp. 209–220, ACM, February 2013Google Scholar
  15. 15.
    Retina-X Studios (2009) Android mobile spy software. [Online]
  16. 16.
    Wu D-J, Mao C-H, Wei T-E, Lee H-M, Wu K-P (2012) DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp 62–29, August 2012Google Scholar
  17. 17.
    Wu L, Du X, Fu X (March 2014) Security threats to mobile multimedia applications: Camera-based attacks on mobile phones. Communications Magazine, IEEE 52(3):80–87CrossRefGoogle Scholar
  18. 18.
    Zhao M, Ge F, Zhang T, Yuan Z (2011) Antimaldroid: An efficient SVM-based malware detection framework for android. Communications in Computer and Information Science 243:158–166CrossRefGoogle Scholar
  19. 19.
    Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. Proceedings of the 19th Annual Network & Distributed System Security Symposium, Feb 2012Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.SK Planet Co., Ltd.Seongnam-siSouth Korea
  2. 2.CISTKorea UniversitySeoulSouth Korea

Personalised recommendations