Abstract
The outstanding advances of mobile devices stimulate their wide usage. Since mobile devices are coupled with third-party applications, lots of security and privacy problems are induced. However, current mobile malware detection and analysis technologies are still imperfect, ineffective, and incomprehensive. Due to the specific characteristics of mobile devices such as limited resources, constant network connectivity, user activities and location sensing, and local communication capability, mobile malware detection faces new challenges, especially on dynamic runtime malware detection. Many intrusions or attacks could happen after a mobile app is installed or executed. The literature still expects practical and effective dynamic malware detection approaches. In this paper, we give a thorough survey on dynamic mobile malware detection. We first introduce the definition, evolution, classification, and security threats of mobile malware. Then, we summarize a number of criteria and performance evaluation measures of mobile malware detection. Furthermore, we compare, analyze, and comment on existing mobile malware detection methods proposed in recent years based on evaluation criteria and measures. Finally, we figure out open issues in this research field and motivate future research directions.
Similar content being viewed by others
References
Abawajy, J., & Kelarev, A. (2017). Iterative classifier fusion system for the detection of Android malware. IEEE Transaction on Big Data., 5, 1–12.
Alam, M.S., Vuong, S.T. (2013). Random forest classification for detecting Android malware. In: 2013 I.E. International Conference on Green Computing and Communications & IEEE Internet of Things & IEEE Cyber, Physical and Social Computing. pp. 663–669. IEEE, Beijing.
Ali, A., Rida, K., Marc, L. (2014). A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications. In: 2014 Global Information Infrastructure and Networking Symposium (GIIS). pp.1–6. IEEE, Montreal.
Almin, S. B., & Chatterjee, M. (2015). A novel approach to detect Android malware. Procedia Computer Science., 45, 407–417.
Amos, B., Turner, H., White, J. (2013). Applying machine learning classifiers to dynamic Android malware detection at scale. In: Wireless Communication and Mobile Computing Conference (IWCME). vol. 14, pp. 1666–1671. IEEE, Nicosia. doi:10.1109/IWCMC.2013.6583806.
Andriatsimandefitra, R., Tong, V. (2015). Detection and identification of Android malware based on information flow monitoring. In: 2015 I.E. 2nd International Conference on Cyber Security and Cloud Computing. pp. 200–203. IEEE, New York.
Bai, X., Xing, L., Zhang, N., Wang, X., Liao, X., Li, T., Hu, S. (2016). Staying secure and unprepared: understanding and mitigating the security risks of Apple ZeroConf. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 655–674. IEEE, San Jose.
Bazrafshan, Z., Hashemi, H., Fard, S., Hamzeh, A. (2013). A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology(IKT). pp. 113–120. IEEE, Shiraz.
Blasing, T., Batyuk, L., Schmidt, A., Camtepe, S.A., Albayrak S. (2010). An Android application sandbox system for suspicious software detection. In: 2010 5th International Coference on Malicous and Unwanted Software (MALWARE). pp. 55–62. IEEE, Nancy.
Calderon, C., Mohan, E., & Ng, B. (2015). Development of a hospital mobile platform for logistics tasks. Digital Communication and Networks, 1, 102–111.
Caviglione, L., Gaggero, M., Lalande, J., Mazurczyk, W., & Urbanski, M. (2016). Seeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans. Inform. Forensic Secur., 11, 799–810.
Chen, P., Lin, S., & Sun, C. (2015a). Simple and effective method for detecting abnormal Internet behaviors of mobile devices. Information Sciences., 321, 193–204.
Chen, L., Yan, Z., Zhang, W., & Kantole, R. (2015b). TruSMS: a trustworthy SMS spam control system based on trust management. Future Generation Computer Systems, 49, 77–93.
Chen, K., Wang, X., Chen, Y., Wang, P., Lee, Y., Wang, X., Ma, B., Wang, A., Zhang, Y., Zou, W. (2016). Following devil’s footprints: cross-platform analysis of potentially harmful libraries on Android and iOS. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 357–376. IEEE, San Jose.
Cui, B., Jin, H., Carullo, G., & Liu, Z. (2015). Service-oriented mobile malware detection system based on mining strategies. Pervasive and Mobile Computer., 24, 101–116.
Das, S., Liu, Y., Zhang, W., & Chandramohan, M. (2016). Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans.Inform.Forensic Secur., 11, 289–302.
Dixon, B., Mishra, S. (2013). Power based malicious code detection techniques for smartphone. In: 2013 12th IEEE international conference on trust, security and privacy in computing and communications. pp. 142–149. IEEE, Melbourne.
Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44, 1–42.
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chen, B., Cox, L. P., Jung, J., Mcdaniel, P., & Sheth, A. N. (2014). TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones. Acm Transactions on Computer Systems., 32, 393–407.
Fan M., Liu, J., Luo, X., Chen, K., Chen, T., Tian, Z., Zhang, X., Zheng, Q., Liu, T. (2016). Frequent subgraph based familial classification of android malware. In: 2016 I.E. 27th International Symposium on Software Reliability Engineering. pp. 24–35. IEEE, Ottawa.
Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T. (2017). DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Transactions on Information Forensics & Security. doi:10.1109/TIFS.2017.2687880.
Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M., & Conti, M. (2015). Android security: a survey of issues, malware penetration, and defenses. IEEE Communication Surveys & Tutorials., 17, 998–1022.
Fung, C., Lam, D., Boutaba, R. (2014). RevMatch: an efficient and robust decision model for collaborative malware detection. In: 2014 I.E. Network Operations and Management Symposium (NOMS). pp. 1–9. IEEE, Krakow.
Guo, D., Sui, A., Shi, Y., Hu, J., Lin, G., & Guo, T. (2014). Behavior classification based self-learning mobile malware detection. Journal of Computer (JCP)., 9, 851–858.
Hardware Attacks, Backdoors and Electronic Component Qualification | InfoSec Resources, http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/.
Holland, B., Deering, T., Kothari, S. (2015). Security toolbox for detecting novel and sophisticated android malware. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE). pp. 733–736. IEEE, Florence.
Hung, S., Tu, C., Yeh, C. (2016). A cloud-assisted malware detection framework for mobile devices. In: 2016 International Computer Symposium. pp. 537–542. Merida.
IT Threat Evolution in Q2 (2016). Statistics | Securelist, https://securelist.com/analysis/quarterly-malware-reports/75640/it-threat-evolution-in-q2-2016-statistics/.
Kaspersky Personal & Family Security Software. https://www.kaspersky.com/about/news/virus/2016/gugi-banking-trojan-outsmarts-new-android-6-security.
Khan, J., Abbas, H., & Al-Muhtadi, J. (2015). Survey on mobile user’s data privacy threats and defense mechanisms. Procedia Computer Science, 56, 376–383.
Li, J., Zhai, L., Zhang, X. (2014). Research of android malware detection based on network traffic monitoring. In: 2014 I.E. 9th International Conference on Industrial Electronics and Applications (ICIEA). pp. 1739–1744. IEEE, Hangzhou.
Liao, X., Yuan, K., Wang, X., Pei, Z., Yang, H., Chen, J., Duan, H., Du, K., Alowaisheq, E., Alrwais, S., Xing, L., Beyah, R. (2016). Seeking nonsense, looking for trouble: efficient promotional-infection detection through semantic inconsistency search. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 707–723. IEEE, San Jose.
List of Machine Learning Concepts, https://en.wikipedia.org/wiki/List_of_machine_learning_concepts.
Liu, Y., Ganapathy, V., Iftode, L. (2011). Enhancing mobile malware detection with social collaboration. In: IEEE International Conference on Privacy, Security, Risk, & Trust (PASSAT), & 2011 I.E. 3rd International Conference on Social Computation (SocialCom). pp. 572–576. IEEE, Boston.
Ma, S. X., & Yan, Z. (2015). PSNController: an unwanted content control system in pervasive social networking based on trust management. ACM Transactions on Multimedia Computing Communications and Applications., 12, 1–23.
Martinelli, F., Mercaldo, F., Saracino, A. (2017). BIRDEMAID: a hybrid tool for accurate detection of Android malware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. pp. 899–901. ACM, Abu Dhabi.
Memon, A. M., & Anwar, A. (2015). Colluding apps: tomorrow’s mobile malware threat. IEEE Security & Privacy Magazine., 13, 77–81.
Mobile Malware Evolution 2015 | Securelist, https://securelist.com/analysis/kaspersky-security-bulletin/73839/mobile-malware-evolution-2015/.
Motive Security Labs Malware Reports | Nokia Networks. https://networks.nokia.com/solutions/malware-reports.
Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2014). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20, 343–357.
Ng, D., Hwang, J. (2014). Android malware detection using the dendritic cell algorithm. In: 2014 International Conference on Machine Learning and Cybernetics (ICMLC). pp. 257–262. IEEE, Lanzhou.
Quan, D., Zhai, L., Yang, F., Wang, P. (2014). Detection of android malicious apps based on the sensitive behaviors. In: 2014 I.E. 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 877–883. IEEE, Beijing.
Rahman, M. (2013). DroidMLN: a Markov logic network approach to detect Android malware. In: 2013 12th International Conference on Machining Learning and Applications (ICMLA). pp. 166–169. IEEE, Miami.
Settouti, N., Bechar, M. E. A., & Chikh, M. A. (2016). Statistical comparisons of the top 10 algorithms in data mining for classification task. International Journal of Interactive Multimedia & Artificial Intelligence (IJIMAI), 4, 46–51.
Sheen, S., Anitha, R., & Natarajan, V. (2015). Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing, 151, 905–912.
Shen, T., Zhongyang, Y., Xin, Z., Mao, B., Huang, H. (2014a). Detect Android malware variants using component based topology graph. In: 2014 I.E. 13th International conference on trust, security and privacy in computing and communications (TrustCom). pp. 406–413. IEEE, Beijing.
Shen, Y., Yan, Z., & Kantola, R. (2014b). Analysis on the acceptance of global trust management for unwanted traffic control based on game theory. Computers & Security, 47, 3–25.
Su, X., Zhang, D., Li, W., Zhao, K. (2016). A deep learning approach to android malware feature learning and detection. In: 2016 I.E. TrustCom/BigDataSE/ISPA. pp. 244–251.
Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Ribagorda, A. (2014). Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials, 16, 961–987.
Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Pastrana, S. (2015). Power-aware anomaly detection in smartphones: an analysis of on-platform versus externalized operation. Pervasive & Mobile Computing., 18, 137–151.
Sufatrio, Tan, D., Chua, T., & Thing, V. (2015). Securing Android: a survey, taxonomy, and challenges. ACM Computing Survey, 47, 1–45.
Sun, M., Li, X., Lui, J., Ma, R., & Liang, Z. (2017). Monet: a user-oriented behavior-based malware variants detection system for android. IEEE Transactions on Informantion Forensics and Security., 12, 1103–1113.
Tam, K., Feizollah, A., Anuar, N., Salleh, R., & Cavallaro, L. (2016). The evolution of android malware and android analysis techniques. ACM Computing Surveys., 49, 1–41.
Technology Industry Analysts. http://www.gartner.com/technology/analysts.jsp.
Threat Insight/Threat Reports | Proofpoint. https://www.proofpoint.com/us/threat-insight/threat-reports.
Threat Operations Center | Proofpoint. http://www.proofpoint.com/us/threat-operations-center.
Tong, F., Yan, Z. (2016). A hybrid approach of mobile malware detection in android. Journal of Parallel and Distributed Computing. Elsevier. doi:10.1016/j.jpdc.2016.10.012.
Wei, T., Mao, C., Jeng, A., Lee, H., Wang, H., Wu, D. (2012). Android malware detection via a latent network behavior analysis. In: 2012 I.E. 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 1251–1258. IEEE, Lanzhou.
Wuchner, T., Pretschner, A. (2017). Leveraging compression-based graph mining for behavior-based malware detection. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2017.2675881.
Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X. (2014). Upgrading your android, elevating my malware: privilege escalation through mobile OS updating. In: 2014 I.E. Symposium on Security and Privacy (S&P). pp. 393–408. IEEE, Berkeley.
Xu, M., Song, C., Ji, Y., Shih, M., Lu, K., Zheng, C., Duan, R., Jang, Y., Lee, B., Qian, C., Lee, S., & Kim, T. (2016). Toward engineering a secure android ecosystem: a survey of existing techniques. ACM Computing Surveys., 49, 1–47.
Yan, Z., Kantola, R., & Shen, Y. (2014). A generic solution for unwanted traffic control through trust management. New Review of Hypermedia and Multimedia., 20, 25–51.
Zhang, L.F., Yan, Z., Kantola, R. (2016). Privacy-preserving trust management for unwanted traffic control. Future Generation Computer Systems. doi:10.1016/j.future.2016.06.036.
Zhou, Y., Jiang, X. (2012). Dissecting android malware: characterization and evolution. In: 2012 I.E. Symposium in Security and Privacy (IEEE S&P). vol. 59, pp. 95–109. IEEE, San Francisco.
Zonouz, S., Houmansadr, A., Berthier, R., Borisov, N., & Sanders, W. (2013). Secloud: a cloud-based comprehensive and lightweight security solution for smartphones. Computers & Security, 37, 215–227.
Acknowledgment
This work is sponsored by the National Key Research and Development Program of China (grant 2016YFB0800704), the NSFC (grants 61672410 and U1536202), the Project Supported by Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016ZDJC-06), the 111 project (grants B16037 and B08038), the PhD grant of the Chinese Educational Ministry (grant JY0300130104), and Aalto University.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yan, P., Yan, Z. A survey on dynamic mobile malware detection. Software Qual J 26, 891–919 (2018). https://doi.org/10.1007/s11219-017-9368-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-017-9368-4