Anomaly Detection Using String Analysis for Android Malware Detection

  • Borja Sanz
  • Igor Santos
  • Xabier Ugarte-Pedrero
  • Carlos Laorden
  • Javier Nieves
  • Pablo García Bringas
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 239)

Abstract

The usage of mobile phones has increased in our lives because they offer nearly the same functionality as a personal computer. Specifically, Android is one of the most widespread mobile operating systems. Indeed, its app store is one of the most visited and the number of applications available for this platform has also increased. However, as it happens with any popular service, it is prone to misuse, and the number of malware samples has increased dramatically in the last months. Thus, we propose a new method based on anomaly detection that extracts the strings contained in application files in order to detect malware.

Keywords

malware detection anomaly detection Android mobile malware 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)Google Scholar
  2. 2.
    Blasing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62. IEEE (2010)Google Scholar
  3. 3.
    Shabtai, A., Elovici, Y.: Applying behavioral detection on android-based devices. In: Mobile Wireless Middleware, Operating Systems, and Applications, pp. 235–249 (2010)Google Scholar
  4. 4.
    Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P., Alvarez, G.: Puma: Permission usage to detect malware in android. In: Proceedings of the 5th International Conference on Computational Intelligence in Security for Information Systems, CISIS (2012)Google Scholar
  5. 5.
    Santos, I., Penya, Y., Devesa, J., Bringas, P.: N-Grams-based file signatures for malware detection. In: Proceedings of the 11th International Conference on Enterprise Information Systems (ICEIS), vol. AIDSS, pp. 317–320 (2009)Google Scholar
  6. 6.
    Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: Opem: A static-dynamic approach for machine-learning-based malware detection. In: Herrero, Á., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 271–280. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Baeza-Yates, R.A., Ribeiro-Neto, B.: Modern Information Retrieval. Addison-Wesley Longman Publishing Co., Inc., Boston (1999)Google Scholar
  8. 8.
    Salton, G., McGill, M.: Introduction to modern information retrieval. McGraw-Hill, New York (1983)MATHGoogle Scholar
  9. 9.
    Tata, S., Patel, J.M.: Estimating the selectivity of tf-idf based cosine similarity predicates. ACM SIGMOD Record 36(2), 7–12 (2007)CrossRefGoogle Scholar
  10. 10.
    Singh, Y., Kaur, A., Malhotra, R.: Comparative analysis of regression and machine learning methods for predicting fault proneness models. International Journal of Computer Applications in Technology 35(2), 183–193 (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Borja Sanz
    • 1
  • Igor Santos
    • 1
  • Xabier Ugarte-Pedrero
    • 1
  • Carlos Laorden
    • 1
  • Javier Nieves
    • 1
  • Pablo García Bringas
    • 1
  1. 1.S3LabUniversity of DeustoBilbaoSpain

Personalised recommendations