ANDROID MALWARE ANALYSIS : A SURVEY PAPER

IJCSIS, 2019

The innovation and growth in the usability of mobile phones is astonishing. There is the nightmare of getting a malware program through many applications and games available on google play free. Therefore, users require some computational capacity to execute profoundly complex effective algorithms for mobile intrusion detection discovery, which is impossible to be available on mobile devices. Therefore, the need for a powerful platform like cloud seems to be necessary to protect the user from threats and several security issues. Cloud computing has overwhelmed the world, as there are various cloud-based intrusion detection Systems (IDS) that can enhance Smartphones security and enhance the mobile performance. In this review paper, a study of the terms related to mobile malware techniques, classes and the techniques used for the detection of malware by using different systems of cloud-based intrusion detection is covered. In this research, applied proposed methods and types of approach are highlighted. Index Terms-- Malware techniques, Mobile cloud computing, Mobile malware detection, Intrusion Detection System.

Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards cyber-criminals. In this research work, we have done a systematic review of the terms related to malware detection algorithms and have also summarized behavioral description of some known mobile malwares in tabular form. After careful solicitation of all the possible methods and algorithms for detection of mobile-based malwares, we give some recommendations for designing future malware detection algorithm by considering computational complexity and detection ration of mobile malwares.

Android based devices are rapidly flourishing day-by-day, due to its ease of use and popularity. As a result, the number of malware attacks on Android is also increasing. This paper is based on the Text Mining approach for analyzing Android malware families. The proposed methodology is motivated by the method introduced by Guillermo Suarez-Tangil which aims to automate malware analysis process based on DENDROID. The main issue in this regard is the storage of Family Feature Vectors (FFV) which is stored as sparse matrix. Therefore, this work presents a novel concept of Compressed Row Storage (CRS) to store the statistical features intellectually. By implementing this methodology, the FFV of Malware families are stored in an efficient manner. The experimental result proves that the large reduction (79%) in space needed to store FFV which incorporates only the non-zero elements is observed. This eventually leads to the reduction in the Feature Vector generation time and the Total process time. The proposed methodology will reduce the dimensionality and hence the time searching for a particular malware family signature.

—Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.

Smartphones have become an essential part of human life and its usage has grown exponentially in the past few years. The growth of smartphone usage can be directly linked to its ability to support third-party applications that are offered through online application markets. Due to its worldwide adoption and widespread popularity, the mobile malware attacks also growing at an alarming rate (http://bit.ly/sbtujI). Malware authors make use of third-party applications to inject malicious content into smartphones and thus compromise phone‟s security. In response, mobile security research has become critical and focused on protecting smartphones from malware attacks and other security threats. In this paper, we present a survey of techniques that are used to detect mobile malware in the wild and discuss the limitations of current techniques and provide some tips to protect smartphones from potential security threats.

• Hybrid mobile malware detection based on both malware and normal patterns. • Implementation and performance test based on an Android mobile platform. • Self-improvement based on automatic optimization of pattern sets. • Detection accuracy and generality showed through comparison. a b s t r a c t Android security incidents occurred frequently in recent years. This motivates us to study mobile app security, especially in Android open mobile operating system. In this paper, we propose a novel hybrid approach for mobile malware detection by adopting both dynamic analysis and static analysis. We collect execution data of sample malware and benign apps using a net_link technology to generate patterns of system calls related to file and network access. Furthermore, we build up a malicious pattern set and a normal pattern set by comparing the patterns of malware and benign apps with each other. For detecting an unknown app, we use a dynamic method to collect its system calling data. We then compare them with both the malicious and normal pattern sets offline in order to judge the unknown app. Based on the test on a set of mobile malware and benign apps, we found that our approach achieves better detection success rate than some methods using either static analysis or dynamic analysis. What is more, the proposed approach is generic, which can detect different types of malware effectively. Its detection accuracy can be further improved since the pattern sets can be automatically optimized through self-learning.

Mobile computing has grown and developed in recent years with huge popularity. Gadgets like Smart phones, Tablets, etc have become trendy by the ease of use. Android is more famous platform and turned out to be the most important target of Malware developers in precedent years. The malware hazard for cellular telephones is evaluated to increment security and usefulness of smartphones. Hackers and malware program developers are benefitted by the limited capabilities and lack of standard security mechanism of Android. Nowadays smart phones are omnipresent, i.e. they fill numerous needs such as data storage, personal mobile communication, multimedia and entertainment etc. therefore, implementing secure mobile connections is challenging. As a result, it becomes essential to have some valuable and probabilistic detection along with preventive mechanisms. Many preventive tools are available in market but current trend for malware security is before installing the app user should be able to identify possible threats. Hence we propose permission based mobile malware detection system. It has 3 components in it 1) Client 2) Server 3) Signature Database. In the whole analysis process, Server plays important role and user is warned at the end of analysis process whether the requested app contains malware or not.

—The Android OS has become the most popular mobile operating system leading to a significant increase in the spread of Android malware. Consequently, several static and dynamic analysis systems have been developed to detect Android malware. With dynamic analysis, efficient test input generation is needed in order to trigger the potential run-time malicious behaviours. Most existing dynamic analysis systems employ random-based input generation methods usually built using the Android Monkey tool. Random-based input generation has several shortcomings including limited code coverage, which motivates us to explore combining it with a state-based method in order to improve efficiency. Hence, in this paper, we present a novel hybrid test input generation approach designed to improve dynamic analysis on real devices. We implemented the hybrid system by integrating a random based tool (Monkey) with a state based tool (DroidBot) in order to improve code coverage and potentially uncover more malicious behaviours. The system is evaluated using 2,444 Android apps containing 1222 benign and 1222 malware samples from the Android malware genome project. Three scenarios, random only, state-based only, and our proposed hybrid approach were investigated to comparatively evaluate their performances. Our study shows that the hybrid approach significantly improved the amount of dynamic features extracted from both benign and malware samples over the state-based and commonly used random test input generation method.

This paper will discuss the different approaches of how to analyze malware. Specifically, how to analyze malware affecting mobile devices. The article discusses the different types of malware affecting smartphones. Further discussion on how these malware could be analyzed with current approaches and how each one compares and differs from each other. The article also elaborates on manual and dynamic automation of malware being analyzed.

Mobile malware is growing -both in overall volume and in number of existing variants -at a pace rapid enough that systematic manual, human analysis is becoming increasingly difficult. As a result, there is a pressing need for techniques and tools that provide automated analysis of mobile malware samples. We present A5, an open source automated system to process Android malware. A5 is a hybrid system combining static and dynamic malware analysis techniques. Android's architecture permits many different paths for malware to react to system events, any of which may result in malicious behavior. Key innovations in A5 consist of novel methods of interacting with mobile malware to better coerce malicious behavior, and in combining both virtual and physical pools of Android platforms to capture behavior that could otherwise be missed. The primary output of A5 is a set of network threat indicators and intrusion detection system signatures that can be used to detect and prevent malicious network activity. We detail A5's distributed design and demonstrate applicability of our interaction techniques using examples from real malware. Additionally, we compare A5 with other automated systems and provide performance measurements of an implementation, using a published dataset of 1,260 unique malware samples, showing that A5 can quickly process large amounts of malware. We provide a public web interface to our implementation of A5 that allows third parties to use A5 as a web service.