Nothing Special   »   [go: up one dir, main page]

Skip to main content
Log in

A survey on dynamic mobile malware detection

  • Published:
Software Quality Journal Aims and scope Submit manuscript

Abstract

The outstanding advances of mobile devices stimulate their wide usage. Since mobile devices are coupled with third-party applications, lots of security and privacy problems are induced. However, current mobile malware detection and analysis technologies are still imperfect, ineffective, and incomprehensive. Due to the specific characteristics of mobile devices such as limited resources, constant network connectivity, user activities and location sensing, and local communication capability, mobile malware detection faces new challenges, especially on dynamic runtime malware detection. Many intrusions or attacks could happen after a mobile app is installed or executed. The literature still expects practical and effective dynamic malware detection approaches. In this paper, we give a thorough survey on dynamic mobile malware detection. We first introduce the definition, evolution, classification, and security threats of mobile malware. Then, we summarize a number of criteria and performance evaluation measures of mobile malware detection. Furthermore, we compare, analyze, and comment on existing mobile malware detection methods proposed in recent years based on evaluation criteria and measures. Finally, we figure out open issues in this research field and motivate future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1

Similar content being viewed by others

References

  • Abawajy, J., & Kelarev, A. (2017). Iterative classifier fusion system for the detection of Android malware. IEEE Transaction on Big Data., 5, 1–12.

    Google Scholar 

  • Alam, M.S., Vuong, S.T. (2013). Random forest classification for detecting Android malware. In: 2013 I.E. International Conference on Green Computing and Communications & IEEE Internet of Things & IEEE Cyber, Physical and Social Computing. pp. 663–669. IEEE, Beijing.

  • Ali, A., Rida, K., Marc, L. (2014). A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications. In: 2014 Global Information Infrastructure and Networking Symposium (GIIS). pp.1–6. IEEE, Montreal.

  • Almin, S. B., & Chatterjee, M. (2015). A novel approach to detect Android malware. Procedia Computer Science., 45, 407–417.

    Article  Google Scholar 

  • Amos, B., Turner, H., White, J. (2013). Applying machine learning classifiers to dynamic Android malware detection at scale. In: Wireless Communication and Mobile Computing Conference (IWCME). vol. 14, pp. 1666–1671. IEEE, Nicosia. doi:10.1109/IWCMC.2013.6583806.

  • Andriatsimandefitra, R., Tong, V. (2015). Detection and identification of Android malware based on information flow monitoring. In: 2015 I.E. 2nd International Conference on Cyber Security and Cloud Computing. pp. 200–203. IEEE, New York.

  • Bai, X., Xing, L., Zhang, N., Wang, X., Liao, X., Li, T., Hu, S. (2016). Staying secure and unprepared: understanding and mitigating the security risks of Apple ZeroConf. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 655–674. IEEE, San Jose.

  • Bazrafshan, Z., Hashemi, H., Fard, S., Hamzeh, A. (2013). A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology(IKT). pp. 113–120. IEEE, Shiraz.

  • Blasing, T., Batyuk, L., Schmidt, A., Camtepe, S.A., Albayrak S. (2010). An Android application sandbox system for suspicious software detection. In: 2010 5th International Coference on Malicous and Unwanted Software (MALWARE). pp. 55–62. IEEE, Nancy.

  • Calderon, C., Mohan, E., & Ng, B. (2015). Development of a hospital mobile platform for logistics tasks. Digital Communication and Networks, 1, 102–111.

    Article  Google Scholar 

  • Caviglione, L., Gaggero, M., Lalande, J., Mazurczyk, W., & Urbanski, M. (2016). Seeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans. Inform. Forensic Secur., 11, 799–810.

    Article  Google Scholar 

  • Chen, P., Lin, S., & Sun, C. (2015a). Simple and effective method for detecting abnormal Internet behaviors of mobile devices. Information Sciences., 321, 193–204.

    Article  Google Scholar 

  • Chen, L., Yan, Z., Zhang, W., & Kantole, R. (2015b). TruSMS: a trustworthy SMS spam control system based on trust management. Future Generation Computer Systems, 49, 77–93.

    Article  Google Scholar 

  • Chen, K., Wang, X., Chen, Y., Wang, P., Lee, Y., Wang, X., Ma, B., Wang, A., Zhang, Y., Zou, W. (2016). Following devil’s footprints: cross-platform analysis of potentially harmful libraries on Android and iOS. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 357–376. IEEE, San Jose.

  • Cui, B., Jin, H., Carullo, G., & Liu, Z. (2015). Service-oriented mobile malware detection system based on mining strategies. Pervasive and Mobile Computer., 24, 101–116.

    Article  Google Scholar 

  • Das, S., Liu, Y., Zhang, W., & Chandramohan, M. (2016). Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans.Inform.Forensic Secur., 11, 289–302.

    Article  Google Scholar 

  • Dixon, B., Mishra, S. (2013). Power based malicious code detection techniques for smartphone. In: 2013 12th IEEE international conference on trust, security and privacy in computing and communications. pp. 142–149. IEEE, Melbourne.

  • Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44, 1–42.

    Article  Google Scholar 

  • Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chen, B., Cox, L. P., Jung, J., Mcdaniel, P., & Sheth, A. N. (2014). TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones. Acm Transactions on Computer Systems., 32, 393–407.

    Article  Google Scholar 

  • Fan M., Liu, J., Luo, X., Chen, K., Chen, T., Tian, Z., Zhang, X., Zheng, Q., Liu, T. (2016). Frequent subgraph based familial classification of android malware. In: 2016 I.E. 27th International Symposium on Software Reliability Engineering. pp. 24–35. IEEE, Ottawa.

  • Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T. (2017). DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Transactions on Information Forensics & Security. doi:10.1109/TIFS.2017.2687880.

  • Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M., & Conti, M. (2015). Android security: a survey of issues, malware penetration, and defenses. IEEE Communication Surveys & Tutorials., 17, 998–1022.

    Article  Google Scholar 

  • Fung, C., Lam, D., Boutaba, R. (2014). RevMatch: an efficient and robust decision model for collaborative malware detection. In: 2014 I.E. Network Operations and Management Symposium (NOMS). pp. 1–9. IEEE, Krakow.

  • Guo, D., Sui, A., Shi, Y., Hu, J., Lin, G., & Guo, T. (2014). Behavior classification based self-learning mobile malware detection. Journal of Computer (JCP)., 9, 851–858.

    Google Scholar 

  • Hardware Attacks, Backdoors and Electronic Component Qualification | InfoSec Resources, http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/.

  • Holland, B., Deering, T., Kothari, S. (2015). Security toolbox for detecting novel and sophisticated android malware. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE). pp. 733–736. IEEE, Florence.

  • Hung, S., Tu, C., Yeh, C. (2016). A cloud-assisted malware detection framework for mobile devices. In: 2016 International Computer Symposium. pp. 537–542. Merida.

  • IT Threat Evolution in Q2 (2016). Statistics | Securelist, https://securelist.com/analysis/quarterly-malware-reports/75640/it-threat-evolution-in-q2-2016-statistics/.

  • Kaspersky Personal & Family Security Software. https://www.kaspersky.com/about/news/virus/2016/gugi-banking-trojan-outsmarts-new-android-6-security.

  • Khan, J., Abbas, H., & Al-Muhtadi, J. (2015). Survey on mobile user’s data privacy threats and defense mechanisms. Procedia Computer Science, 56, 376–383.

    Article  Google Scholar 

  • Li, J., Zhai, L., Zhang, X. (2014). Research of android malware detection based on network traffic monitoring. In: 2014 I.E. 9th International Conference on Industrial Electronics and Applications (ICIEA). pp. 1739–1744. IEEE, Hangzhou.

  • Liao, X., Yuan, K., Wang, X., Pei, Z., Yang, H., Chen, J., Duan, H., Du, K., Alowaisheq, E., Alrwais, S., Xing, L., Beyah, R. (2016). Seeking nonsense, looking for trouble: efficient promotional-infection detection through semantic inconsistency search. In: 2016 I.E. Symposium on Security and Privacy (S&P). pp. 707–723. IEEE, San Jose.

  • List of Machine Learning Concepts, https://en.wikipedia.org/wiki/List_of_machine_learning_concepts.

  • Liu, Y., Ganapathy, V., Iftode, L. (2011). Enhancing mobile malware detection with social collaboration. In: IEEE International Conference on Privacy, Security, Risk, & Trust (PASSAT), & 2011 I.E. 3rd International Conference on Social Computation (SocialCom). pp. 572–576. IEEE, Boston.

  • Ma, S. X., & Yan, Z. (2015). PSNController: an unwanted content control system in pervasive social networking based on trust management. ACM Transactions on Multimedia Computing Communications and Applications., 12, 1–23.

    Article  Google Scholar 

  • Martinelli, F., Mercaldo, F., Saracino, A. (2017). BIRDEMAID: a hybrid tool for accurate detection of Android malware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. pp. 899–901. ACM, Abu Dhabi.

  • Memon, A. M., & Anwar, A. (2015). Colluding apps: tomorrow’s mobile malware threat. IEEE Security & Privacy Magazine., 13, 77–81.

    Article  Google Scholar 

  • Mobile Malware Evolution 2015 | Securelist, https://securelist.com/analysis/kaspersky-security-bulletin/73839/mobile-malware-evolution-2015/.

  • Motive Security Labs Malware Reports | Nokia Networks. https://networks.nokia.com/solutions/malware-reports.

  • Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2014). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20, 343–357.

    Article  Google Scholar 

  • Ng, D., Hwang, J. (2014). Android malware detection using the dendritic cell algorithm. In: 2014 International Conference on Machine Learning and Cybernetics (ICMLC). pp. 257–262. IEEE, Lanzhou.

  • Quan, D., Zhai, L., Yang, F., Wang, P. (2014). Detection of android malicious apps based on the sensitive behaviors. In: 2014 I.E. 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 877–883. IEEE, Beijing.

  • Rahman, M. (2013). DroidMLN: a Markov logic network approach to detect Android malware. In: 2013 12th International Conference on Machining Learning and Applications (ICMLA). pp. 166–169. IEEE, Miami.

  • Settouti, N., Bechar, M. E. A., & Chikh, M. A. (2016). Statistical comparisons of the top 10 algorithms in data mining for classification task. International Journal of Interactive Multimedia & Artificial Intelligence (IJIMAI), 4, 46–51.

    Article  Google Scholar 

  • Sheen, S., Anitha, R., & Natarajan, V. (2015). Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing, 151, 905–912.

    Article  Google Scholar 

  • Shen, T., Zhongyang, Y., Xin, Z., Mao, B., Huang, H. (2014a). Detect Android malware variants using component based topology graph. In: 2014 I.E. 13th International conference on trust, security and privacy in computing and communications (TrustCom). pp. 406–413. IEEE, Beijing.

  • Shen, Y., Yan, Z., & Kantola, R. (2014b). Analysis on the acceptance of global trust management for unwanted traffic control based on game theory. Computers & Security, 47, 3–25.

    Article  Google Scholar 

  • Su, X., Zhang, D., Li, W., Zhao, K. (2016). A deep learning approach to android malware feature learning and detection. In: 2016 I.E. TrustCom/BigDataSE/ISPA. pp. 244–251.

  • Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Ribagorda, A. (2014). Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials, 16, 961–987.

    Article  Google Scholar 

  • Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Pastrana, S. (2015). Power-aware anomaly detection in smartphones: an analysis of on-platform versus externalized operation. Pervasive & Mobile Computing., 18, 137–151.

    Article  Google Scholar 

  • Sufatrio, Tan, D., Chua, T., & Thing, V. (2015). Securing Android: a survey, taxonomy, and challenges. ACM Computing Survey, 47, 1–45.

    Article  Google Scholar 

  • Sun, M., Li, X., Lui, J., Ma, R., & Liang, Z. (2017). Monet: a user-oriented behavior-based malware variants detection system for android. IEEE Transactions on Informantion Forensics and Security., 12, 1103–1113.

    Article  Google Scholar 

  • Tam, K., Feizollah, A., Anuar, N., Salleh, R., & Cavallaro, L. (2016). The evolution of android malware and android analysis techniques. ACM Computing Surveys., 49, 1–41.

    Article  Google Scholar 

  • Technology Industry Analysts. http://www.gartner.com/technology/analysts.jsp.

  • Threat Insight/Threat Reports | Proofpoint. https://www.proofpoint.com/us/threat-insight/threat-reports.

  • Threat Operations Center | Proofpoint. http://www.proofpoint.com/us/threat-operations-center.

  • Tong, F., Yan, Z. (2016). A hybrid approach of mobile malware detection in android. Journal of Parallel and Distributed Computing. Elsevier. doi:10.1016/j.jpdc.2016.10.012.

  • Wei, T., Mao, C., Jeng, A., Lee, H., Wang, H., Wu, D. (2012). Android malware detection via a latent network behavior analysis. In: 2012 I.E. 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 1251–1258. IEEE, Lanzhou.

  • Wuchner, T., Pretschner, A. (2017). Leveraging compression-based graph mining for behavior-based malware detection. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2017.2675881.

  • Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X. (2014). Upgrading your android, elevating my malware: privilege escalation through mobile OS updating. In: 2014 I.E. Symposium on Security and Privacy (S&P). pp. 393–408. IEEE, Berkeley.

  • Xu, M., Song, C., Ji, Y., Shih, M., Lu, K., Zheng, C., Duan, R., Jang, Y., Lee, B., Qian, C., Lee, S., & Kim, T. (2016). Toward engineering a secure android ecosystem: a survey of existing techniques. ACM Computing Surveys., 49, 1–47.

    Article  Google Scholar 

  • Yan, Z., Kantola, R., & Shen, Y. (2014). A generic solution for unwanted traffic control through trust management. New Review of Hypermedia and Multimedia., 20, 25–51.

    Article  Google Scholar 

  • Zhang, L.F., Yan, Z., Kantola, R. (2016). Privacy-preserving trust management for unwanted traffic control. Future Generation Computer Systems. doi:10.1016/j.future.2016.06.036.

  • Zhou, Y., Jiang, X. (2012). Dissecting android malware: characterization and evolution. In: 2012 I.E. Symposium in Security and Privacy (IEEE S&P). vol. 59, pp. 95–109. IEEE, San Francisco.

  • Zonouz, S., Houmansadr, A., Berthier, R., Borisov, N., & Sanders, W. (2013). Secloud: a cloud-based comprehensive and lightweight security solution for smartphones. Computers & Security, 37, 215–227.

    Article  Google Scholar 

Download references

Acknowledgment

This work is sponsored by the National Key Research and Development Program of China (grant 2016YFB0800704), the NSFC (grants 61672410 and U1536202), the Project Supported by Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016ZDJC-06), the 111 project (grants B16037 and B08038), the PhD grant of the Chinese Educational Ministry (grant JY0300130104), and Aalto University.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Zheng Yan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yan, P., Yan, Z. A survey on dynamic mobile malware detection. Software Qual J 26, 891–919 (2018). https://doi.org/10.1007/s11219-017-9368-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11219-017-9368-4

Keywords

Navigation