Abstract
The sharp increase of smartphone malwares has become one of the most serious security problems. The most significant part of the growth is the variants of existing malwares. A legacy approach for malware, the signature matching, is efficient in temporal dimension, but it is not practical because of its lack of robustness against the variants. A counter approach, the behavior analysis to handle the variant issue, takes too much time and resources. We propose a variant detection mechanism using runtime semantic signature. Our key idea is to reduce the control and data flow analysis overhead by using binary patterns for the control and data flow of critical actions as a signature. The flow information is a significant part of behavior analysis but takes high analysis overhead. In contrast to the previous behavioral signatures, the runtime semantic signature has higher family classification accuracy without the flow analysis overhead, because the binary patterns of flow parts is hardly shared by the out of family members. Using the proposed signature, we detect the new variants of known malwares by static matching efficiently and accurately. We evaluated our mechanism with 1,759 randomly collected real-world Android applications including 79 variants of 4 malware families. As the experimental result, our mechanism showed 99.89% of accuracy on variant detection. We also showed that the mechanism has a linear time complexity as the number of target applications. It is fully practical and advanced performance than the previous works in both of accuracy and efficiency.
Chapter PDF
Similar content being viewed by others
References
F-Secure: Mobile threat report q2 2012. Report, F-Secure (2012)
Kwon, J., Lee, H.: Bingraph: Discovering mutant malware using hierarchical semantic signatures. In: Proc. of 7th International Conference on Malicious and Unwanted Software, MALWARE 2012 (2012)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: Proc. of the 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)
Microsoft: Atl collection classes (2010), http://msdn.microsoft.com/en-us/library/vstudio/15e672bdv=vs.100.aspx
Schmidt, A.D., Bye, R., Schmidt, H.G., Clausen, J., Kiraz, O., Yuksel, K., Camtepe, S., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: Proc. of the IEEE International Conference on Communications (ICC 2009), pp. 1–5 (June 2009)
Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: Proc. of International Conference on Computational Intelligence and Security (CIS 2010), pp. 329–333 (December 2010)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 15–26. ACM (2011)
Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proc. of the 2010 ACM Symposium on Applied Computing (SAC 2010), pp. 1970–1977. ACM (2010)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI 2010), pp. 1–6. USENIX Association (2010)
Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proc. of the Second International Workshop on Mobile Cloud Computing and Services (MCS 2011), pp. 21–26. ACM (2011)
Blasing, T., Batyuk, L., Schmidt, A.D., Camtepe, S., Albayrak, S.: An android application sandbox system for suspicious software detection. In: Proc. of the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010), pp. 55–62 (October 2010)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proc. of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 73–84. ACM (2010)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security and Privacy 8(2), 35–44 (2010)
Enck, W.: Defending users against smartphone apps: Techniques and future directions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 49–70. Springer, Heidelberg (2011)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 3–14. ACM (2011)
Whitney, L.: Android’s popularity makes it open target for malware, says study. Technical report, CNET (December 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Lee, S., Lee, J., Lee, H. (2013). Screening Smartphone Applications Using Behavioral Signatures. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)