Abstract
The diffusion of smartphones and the availability of powerful and cheap connections allow people to access heterogeneous information and data anytime and anywhere. In this scenario billions of mobile users as well as billions of under-protected IoT devices have high risk of being the target of malware, cybercrime and attacks. This work introduces visualization techniques applied to software apps installed on Android devices using features generated by mobile security detection tools through static security analysis. The aim of this work is to help common people and skilled analysts to quickly identify anomalous and malicious software on mobile devices. The visual findings are reached through text, tree and other techniques. An app inspection tool is also provided and its usability has been evaluated with an experimental study with ten participants.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Market Share: PCs, Ultramobiles and Mobile Phones, https://www.gartner.com/en/newsroom/press-releases/2021-02-22-4q20-smartphone-market-share-release, last visit: 2020-03-21.
- 2.
https://www.idc.com/promo/smartphone-market-share/os, last visit: 2020-03-21.
- 3.
Wirex, New Jersey Cybersecurity, https://bit.ly/2YUdzE4, last visit: 2019-03-21.
- 4.
Apple Threat Landscape, Symantec, https://symc.ly/2wtwSb2, last visit: 2019-03-21.
- 5.
youmi-ioslib, https://github.com/youmi/ios-sdk, last visit: 2019-03-21.
- 6.
Android.Youmi, Symantec, https://www.symantec.com, last visit: 2019-03-21.
- 7.
Android.FakeLogin, Symantec (2015), https://www.symantec.com/security-center/writeup/2015-102108-5457-99, last visit: 2019-03-21.
- 8.
Android.Locker, ESET (2014), https://www.virusradar.com, last visit: 2019-03-21.
References
Bitonto, P.D., Roselli, T., Rossano, V., Frezza, E., Piccinno, E.: An educational game to learn type 1 diabetes management. In: Proceedings of the 18th International Conference on Distributed Multimedia Systems, DMS 2012, August 9-11, 2012, Eden Roc Renaissance, Miami Beach, FL, USA, pp. 139–143. Knowledge Systems Institute (2012)
Balducci, F., Buono, P.: Building a qualified annotation dataset for skin lesion analysis trough gamification. In: Catarci, T., Norman, K.L., Mecella, M., (eds.), Proceedings of the 2018 International Conference on Advanced Visual Interfaces, AVI 2018, Castiglione della Pescaia, Italy, May 29 - June 01, 2018, pp. 36:1–36:5. ACM (2018). https://doi.org/10.1145/3206505.3206555
Benzi, F., Cabitza, F., Fogli, D., Lanzilotti, R., Piccinno, A.: Gamification techniques for rule management in ambient intelligence. In: de Ruyter, B.E.R., Kameas, A., Chatzimisios, P., Mavrommati, I. (eds.), Ambient Intelligence - 12th European Conference, AmI 2015, Athens, Greece, November 11-13, 2015, Proceedings, Series. Lecture Notes in Computer Science, vol. 9425, pp. 353–356. Springer (2015). https://doi.org/10.1007/978-3-319-26005-1_25
Karim, A., Salleh, R., Shah, S.A.A.: Dedroid: a mobile botnet detection approach based on static analysis. In: 2015 IEEE 12th International Conference on Ubiquitous Intelligence and Computing and 2015 IEEE 12th International Conference on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom), pp. 1327–1332 (2015)
Chakraborty, T., Pierazzi, F., Subrahmanian, V.S.: Ec2: Ensemble clustering and classification for predicting android malware families. IEEE Trans. Depend. Sec. Comput. 17(2), 262–277 (2020)
Sharif, A., Nauman, M.: Function identification in android binaries with deep learning. In: Seventh International Symposium on Computing and Networking (CANDAR), pp. 92–101. IEEE (2019)
Chen, Y.-M., Yang, C.-H., Chen, G.-C.: Using generative adversarial networks for data augmentation in android malware detection. In: 2021 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1–8. IEEE (2021)
Barletta, V.S., Caivano, D., Nannavecchia, A., Scalera, M.: Intrusion detection for in-vehicle communication networks: an unsupervised kohonen som approach. Fut. Internet 12(7), 119 (2020)
Barletta, V.S., Caivano, D., Nannavecchia, A., Scalera, M.: A kohonen som architecture for intrusion detection on in-vehicle communication networks. Appl. Sci. 10(15), 5062 (2020)
Caivano, D., Fogli, D., Lanzilotti, R., Piccinno, A., Cassano, F.: Supporting end users to control their smart home: design implications from a literature review and an empirical investigation. J. Syst. Softw. 144, 295–313 (2018). https://doi.org/10.1016/j.jss.2018.06.035
Bevanda, V., Azemovic, J., Music, D.: Privacy preserving in elearning environment (case of modeling hippocratic database structure). In: Fourth Balkan Conference in Informatics, vol. 2009, 47–52 (2009)
Buono, P., Carella, P.: Towards secure mobile learning. visual discovery of malware patterns in android apps. In: 23rd International Conference Information Visualisation (IV), vol. 2019, pp. 364–369. IEEE (2019)
Kandel, S., Heer, J., Plaisant, C., Kennedy, J., van Ham, F., Riche, N.H., Weaver, C., Lee, B., Brodbeck, D., Buono, P.: Research directions in data wrangling: visuatizations and transformations for usable and credible data. Inf. Vis. 10(4), 271–288 (2011)
Benito, J.C., García-Peñalvo, F.J., Therón, R., Maderuelo, C., Pérez-Blanco, J.S., Zazo, H., Martín-Suárez, A.: Using software architectures to retrieve interaction information in elearning environments. In: 2014 International Symposium on Computers in Education (SIIE), pp. 117–120 (2014)
Eick, S.G., Nelson, M.C., Schmidt, J.D.: Graphical analysis of computer log files. Commun. ACM 37(12), 50–56 (1994)
Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H.: A survey of security visualization for computer network logs. Secur. Commun. Netw. 5(4), 404–421 (2011)
Erbacher, R.F., Walker, K.L., Frincke, D.A.: Intrusion and misuse detection in large-scale systems. IEEE Comput. Graphics Appl. 22(1), 38–47 (2002)
Xydas, I., Miaoulis, G., Bonnefoi, P.-F., Plemenos, D., Ghazanfarpour, D.: 3d graph visualization prototype system for intrusion detection: a surveillance aid to security analysts. In: Handbook of Graph Drawing and Visualization (2006)
Argyriou, E.N., Sotiraki, A.A., Symvonis, A.: Occupational fraud detection through visualization. In: IEEE International Conference on Intelligence and Security Informatics, vol. 2013, pp. 4–6 (2013)
Lee, J., Jeon, J., Lee, C., Lee, J., Cho, J., Lee, K.: A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–6 (2016)
Shen, Z., Ma, K.: Mobivis: a visualization system for exploring mobile data. In: IEEE Pacific Visualization Symposium, vol. 2008, pp. 175–182 (2008)
Lahmadi, A., Beck, F., Finickel, E., Festor, O.: A platform for the analysis and visualization of network flow data of android environments. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), vol. 2015, pp. 1129–1130 (2015)
Somarriba, O., Zurutuza, U., Uribeetxeberria, R., Delosières, L., Nadjm-Tehrani, S.: Detection and visualization of android malware behavior. In: JECE, vol. 2016 (2016)
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Symposium on Network and Distributed System Security (NDSS), vol. 02 (2014)
Canbek, G., Sagiroglu, S., Taskaya Temizel, T.: New techniques in profiling big datasets for machine learning with a concise review of android mobile malware datasets. In: International Congress on Big Data. Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), vol. 2018, pp. 117–121 (2018)
Jiang, J., Li, S., Yu, M., Li, G., Liu, C., Chen, K., Liu, H., Huang, W.: Android malware family classification based on sensitive opcode sequence. In: IEEE Symposium on Computers and Communications (ISCC), vol. 2019, pp. 1–7 (2019)
Zhang, Y., Feng, C., Huang, L., Ye, C., Weng, L.: Detection of android malicious family based on manifest information. In: 2020 15th International Conference on Computer Science Education (ICCSE), pp. 202–205 (2020)
Jiang, X.: Security alert: new droidkungfu variant again! found in alternative android markets (2011). http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu3/
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. IEEE Symp. Secur. Privacy 2012, 95–109 (2012)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Ser. CCS ’11, pp. 627–638. ACM, New York (2011)
Collins, C., Carpendale, S., Penn, G.: Docuburst: visualizing document content using language structure. In: Proceedings of the 11th Eurographics / IEEE - VGTC Conference on Visualization, Series EuroVis’09, pp. 1039–1046. Chichester, UK: The Eurographs Association & Wiley, Ltd (2009)
Wattenberg, M., Viégas, F.B.: The word tree, an interactive visual concordance. IEEE Trans. Visual Comput. Graph. 14(6), 1221–1228 (2008)
IBM.: (2016) Word-cloud generator. https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=AW-0VW
Nodus.: Textexture - visualize text network (2012). https://noduslabs.com/radar/textexture-visualize-text-network/
Buono, P., Costabile, M., Lanzilotti, R.: A circular visualization of people’s activities in distributed teams. J. Vis. Lang. Comput. 25(6), 903–911 (2014)
Shneiderman, B.: A grander goal: a thousand-fold increase in human capabilities. Educom Rev. 32, 4–10 (1997)
Bastian, M., Heymann, S., Jacomy, M.: Gephi: an open source software for exploring and manipulating networks (2009)
Yu, R.: Ginmaster: a case study in android malware. In: Proceedings of Virus Bulletin Conference, pp. 92–104 (2013)
Ardito, C. Buono, P., Costabile, M., Lanzilotti, R.: Systematic inspection of information visualization systems. In: Proceedings of BELIV’06: BEyond Time and Errors - Novel EvaLuation Methods for Information Visualization. A Workshop of the AVI 2006 International Working Conference (2006)
Costabile, M., Buono, P.: Principles for Human-Centred Design of IR Interfaces. Lecture Notes in Computer Science (including LNAI and LNBI), LNCS, vol. 7757, pp. 28–47 (2013)
Desolda, G., Ardito, C., Jetter, H.-C., Lanzilotti, R.: Exploring spatially-aware cross-device interaction techniques for mobile collaborative sensemaking. Int. J. Hum Comput Stud. 122, 1–20 (2019)
Acknowledgements
The authors thank Pietro Carella for the early contribution of this work and Vincenzo Nigro for his help in the implementation of the app inspection tool and the successive evaluation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Buono, P., Balducci, F. (2022). Visual Discovery of Malware Patterns in Android Apps. In: Kovalerchuk, B., Nazemi, K., Andonie, R., Datia, N., Banissi, E. (eds) Integrating Artificial Intelligence and Visualization for Visual Knowledge Discovery. Studies in Computational Intelligence, vol 1014. Springer, Cham. https://doi.org/10.1007/978-3-030-93119-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-93119-3_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93118-6
Online ISBN: 978-3-030-93119-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)