Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 239–254Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
Randomizing Smartphone Malware Profiles against Statistical Mining Techniques

Randomizing Smartphone Malware Profiles against Statistical Mining Techniques

  • Abhijith Shastry17,
  • Murat Kantarcioglu17,
  • Yan Zhou17 &
  • …
  • Bhavani Thuraisingham17 
  • Conference paper
  • 2062 Accesses

  • 3 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

The growing use of smartphones opens up new opportunities for malware activities such as eavesdropping on phone calls, reading e-mail and call-logs, and tracking callers’ locations. Statistical data mining techniques have been shown to be applicable to detect smartphone malware. In this paper, we demonstrate that statistical mining techniques are prone to attacks that lead to random smartphone malware behavior. We show that with randomized profiles, statistical mining techniques can be easily foiled. Six in-house proof-of-concept malware programs are developed on the Android platform for this study. The malware programs are designed to perform privacy intrusion, information theft, and denial of service attacks. By simulating and tuning the frequency and interval of attacks, we aim to answer the following questions: 1) Can statistical mining algorithms detect smartphone malware by monitoring the statistics of smartphone usage? 2) Are data mining algorithms robust against malware with random profiles? 3) Can simple consolidation of random profiles over a fixed time frame prepare a higher quality data source for existing algorithms?

Keywords

  • Support Vector Machine
  • Mobile Phone
  • Intrusion Detection
  • Data Mining Algorithm
  • Malicious Code

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys 2008, pp. 225–238. ACM, New York (2008)

    Google Scholar 

  2. Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: Proceedings of the 5th Annual ACM Workshop on Computational Learning Theory, pp. 144–152. ACM Press (1992)

    Google Scholar 

  3. Cheng, J., Wong, S.H., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: Proceedings of the 5th International Conference on Mobile Systems, Applications and Services, MobiSys 2007, pp. 258–271. ACM, New York (2007)

    Google Scholar 

  4. Christodorescu, M., Jhacomputer, S.: Testing malware detectors. In: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004, pp. 34–44. ACM Press (2004)

    Google Scholar 

  5. Dixon, B., Mishra, S.: On rootkit and malware detection in smartphones. In: 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W), June 28-July 1, pp. 162–163 (2010)

    Google Scholar 

  6. Gary McGraw, G.M.: Attacking malicious code: a report to the infosec research council. IEEE Software, 33–41 (2000), magazine article

    Google Scholar 

  7. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11, 10–18 (2009)

    CrossRef  Google Scholar 

  8. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)

    CrossRef  Google Scholar 

  9. Kantarcioglu, M., Xi, B., Clifton, C.: Classifier evaluation and attribute selection against active adversaries. Data Min. Knowl. Discov. 22, 291–335 (2011)

    CrossRef  MathSciNet  MATH  Google Scholar 

  10. Kim, H., Smith, J., Shin, K.G.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys 2008, pp. 239–252. ACM, New York (2008)

    Google Scholar 

  11. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the 7th Conference on USENIX Security Symposium, vol. 7, p. 6. USENIX Association, Berkeley (1998)

    Google Scholar 

  12. Mitchell, T.M.: Machine Learning. McGraw-Hill, New York (1997)

    MATH  Google Scholar 

  13. Moreau, Y., Shawe-taylor, P.B.J., Stoermann, C., Ag, S., Vodafone, C.C.: Novel techniques for fraud detection in mobile telecommunication networks. In: ACTS Mobile Summit (1997)

    Google Scholar 

  14. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 421–430 (2007)

    Google Scholar 

  15. Okazaki, Y., Sato, I., Goto, S.: A new intrusion detection method based on process profiling. In: Proceedings of the 2002 Symposium on Applications and the Internet, SAINT 2002, pp. 82–90 (2002)

    Google Scholar 

  16. Quinlan, J.R.: C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)

    Google Scholar 

  17. Rabek, J.C., Khazan, R.I., Lewandowski, S.M., Cunningham, R.K.: Detection of injected, dynamically generated, and obfuscated malicious code. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, WORM 2003, pp. 76–82. ACM, New York (2003)

    CrossRef  Google Scholar 

  18. Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and Classification of Malware Behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  19. Schmidt, A., Schmidt, H., Clausen, J., Camtepe, A., Albayrak, S.: Enhancing security of linux-based android devices. Image Rochester NY (2008)

    Google Scholar 

  20. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: ”Andromaly”: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 1–30 (2011)

    Google Scholar 

  21. Stolfo, S.J., Wang, K., Li, W.-J.: Worms 2005 columbia ids lab fileprint analysis for malware detection 1. In: 6th IEEE Information Assurance Workshop (2005)

    Google Scholar 

  22. Yap, T.S., Ewe, H.T.: A Mobile Phone Malicious Software Detection Model with Behavior Checker. In: Shimojo, S., Ichii, S., Ling, T.-W., Song, K.-H. (eds.) HSI 2005. LNCS, vol. 3597, pp. 57–65. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  23. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS 2012 (2012)

    Google Scholar 

  24. Zolkipli, M.F., Jantan, A.: Malware behavior analysis: Learning and understanding current malware threats. In: International Conference on Network Applications, Protocols and Services, pp. 218–221 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Texas at Dallas, Richardson, TX, 75080, USA

    Abhijith Shastry, Murat Kantarcioglu, Yan Zhou & Bhavani Thuraisingham

Authors
  1. Abhijith Shastry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murat Kantarcioglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yan Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bhavani Thuraisingham
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Shastry, A., Kantarcioglu, M., Zhou, Y., Thuraisingham, B. (2012). Randomizing Smartphone Malware Profiles against Statistical Mining Techniques. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_18

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature