research-article

The company you keep: mobile malware infection rates and inexpensive risk indicators

Authors:

Hien Thi Thu Truong,

Eemil Lagerspetz,

Adam J. Oliner,

Sourav BhattacharyaAuthors Info & Claims

WWW '14: Proceedings of the 23rd international conference on World wide web

Pages 39 - 50

https://doi.org/10.1145/2566486.2568046

Published: 07 April 2014 Publication History

Abstract

There is little information from independent sources in the public domain about mobile malware infection rates. The only previous independent estimate (0.0009%) [11], was based on indirect measurements obtained from domain-name resolution traces. In this paper, we present the first independent study of malware infection rates and associated risk factors using data collected directly from over 55,000 Android devices. We find that the malware infection rates in Android devices estimated using two malware datasets (0.28% and 0.26%), though small, are significantly higher than the previous independent estimate. Based on the hypothesis that some application stores have a greater density of malicious applications and that advertising within applications and cross-promotional deals may act as infection vectors, we investigate whether the set of applications used on a device can serve as an indicator for infection of that device. Our analysis indicates that, while not an accurate indicator of infection by itself, the application set does serve as an inexpensive method for identifying the pool of devices on which more expensive monitoring and analysis mechanisms should be deployed. Using our two malware datasets we show that this indicator performs up to about five times better at identifying infected devices than the baseline of random checks. Such indicators can be used, for example, in the search for new or previously undetected malware. It is therefore a technique that can complement standard malware scanning. Our analysis also demonstrates a marginally significant difference in battery use between infected and clean devices.

References

[1]

D. Barrera, J. Clark, D. McCarney, and P. C. van Oorschot. Understanding and improving app installation security mechanisms through empirical analysis of android. In Proc. the second ACM workshop on Security and privacy in smartphones and mobile devices, SPSM'12, pages 81--92. ACM, 2012.

Digital Library

[2]

I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proc. the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 15--26. ACM, 2011.

Digital Library

[3]

M. Chandramohan and H. B. K. Tan. Detection of mobile malware in the wild. Computer, 45(9):65--71, 2012.

Digital Library

[4]

P. H. Chia, Y. Yamamoto, and N. Asokan. Is this app safe?: a large scale study on application permissions and risk signals. In Proc. the 21st international conference on World Wide Web, WWW '12, pages 311--320. ACM, 2012.

Digital Library

[5]

Damballa Labs. Damballa threat report -- first half 2011. Technical report, 2011. https://www.damballa.com/downloads/r_pubs/Damballa_Threat_Report-First_Half_2011.pdf.

[6]

A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proc. the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM'11, pages 3--14. ACM, 2011.

Digital Library

[7]

J. Hoffmann, S. Neumann, and T. Holz. Mobile malware detection based on energy fingerprints - a dead end? In RAID, 2013.

Digital Library

[8]

H. Kim, J. Smith, and K. G. Shin. Detecting energy-greedy anomalies and mobile malware variants. In Proc. the 6th international conference on Mobile systems, applications, and services, MobiSys '08, pages 239--252. ACM, 2008.

Digital Library

[9]

K. Kostiainen, E. Reshetova, J.-E. Ekberg, and N. Asokan. Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures. In First ACM Conference on Data and Application Security and Privacy, pages 13--24. ACM, 2011.

Digital Library

[10]

B. Krebs. Mobile Malcoders Pay to Google Play, Mar. 2013. http://krebsonsecurity.com/2013/03/mobile-malcoders-pay-to-google-play/.

[11]

C. Lever, M. Antonakakis, B. Reeves, P. Traynor, and W. Lee. The core of the matter: Analyzing malicious traffic in cellular carriers. In Proc. the 2013 Network and Distributed Systems Security Conference (NDSS 2013). Internet Society, 2013.

[12]

Lookout Mobile. 2013 mobile threat predictions, Dec 2012. https://blog.lookout.com/blog/2012/12/13/2013-mobile-threat-predictions/.

[13]

Lookout Mobile. Lookout tours the current world of mobile threats. Lookout blog, June 2013. https://blog.lookout.com/blog/2013/06/05/world-current-of-mobile-threats/.

[14]

R. McGarvey. Threat of the week: Mobile malware, menace or myth? CreditUnion Times, Apr. 2013.

[15]

NQMobile. Mobile malware up 163% in 2012, getting even smarter in 2013. PRNEwsWire, 2013. http://ir.nq.com/phoenix.zhtml?c=243152&p=irol-newsArticle&id=1806588.

[16]

A. J. Oliner, A. P. Iyer, I. Stoica, E. Lagerspetz, and S. Tarkoma. Carat: Collaborative energy diagnosis for mobile devices. In Proc. 11th ACM Conference on Embedded Networked Sensor Systems, Nov 2013.

Digital Library

[17]

L. Page. Update from the CEO, Mar. 2013. http://googleblog.blogspot.fi/2013/03/update-from-ceo.html.

[18]

A. Pathak, A. Jindal, Y. C. Hu, and S. Midkiff. What is keeping my phone awake? Characterizing and detecting no-sleep energy bugs in smartphone apps. In Mobisys, 2012.

Digital Library

[19]

S. M. Patterson. Contrary to what you've heard, Android is almost impenetrable to malware, Oct 2013. http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/.

[20]

V. Paxson. Bro:\ a system for detecting network intruders in real-time. In Computer Networks, volume 31, 1999.

Digital Library

[21]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In Proc. the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, New York, NY, USA, 2010. ACM.

Digital Library

[22]

M. M. Sebring and R. A. Whitehurst. Expert systems in intrusion detection:\ a case study. In National Computer Security Conference, 1988.

[23]

M. Spreitzenbarth, F. Echtler, T. Schrek, F. C. Freiling, and J. Hoffman. MobileSandbox: looking deeper into android applications. In Proc. the 28th ACM Symposium on Applied Computing (SAC), 2013.

Digital Library

[24]

C. Sumner and R. Wald. Predicting susceptibility to social bots on twitter. BlackHat US presentation. https://media.blackhat.com/us-13/US-13-Sumner-Predicting-Susceptibility-to-Social-Bots-on-Twitter-Slides.pdf.

[25]

Trend Labs. Trojanized security tool serves as backdoor app, Mar 2011. http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-security-tool-serves-as-backdoor-app/.

[26]

H. T. T. Truong, E. Lagerspetz, P. Nurmi, A. J. Oliner, S. Tarkoma, N. Asokan, and S. Bhattacharya. The Company You Keep: Mobile Malware Infection Rates and Inexpensive Risk Indicators. CoRR, abs/1312.3245, 2013. http://arxiv.org/abs/1312.3245.

[27]

C. Wagner, S. Mitter, C. Körner, and M. Strohmaier. When social bots attack: Modeling susceptibility of users in online social networks. In 2nd workshop on Making Sense of Microposts at WWW2012, 2012.

[28]

L. Yang, V. Ganapathy, and L. Iftode. Enhancing mobile malware detection with social collaboration. In Privacy, Security, Risk and Trust (PASSAT), IEEE Third International Conference on Social Computing (SocialCom), pages 572--576, 2011.

[29]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), pages 95--109, 2012.

Digital Library

[30]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proc. the 2012 Network and Distributed Systems Security Conference (NDSS 2012), Feb. 2012.

Cited By

Alazzam HAl-Adwan AAbualghanam OAlhenawi EAlsmady A(2022)An Improved Binary Owl Feature Selection in the Context of Android Malware DetectionComputers10.3390/computers1112017311:12(173)Online publication date: 30-Nov-2022
https://doi.org/10.3390/computers11120173
Pierazzi FMezzour GHan QColajanni MSubrahmanian V(2020)A Data-driven Characterization of Modern Android SpywareACM Transactions on Management Information Systems10.1145/338215811:1(1-38)Online publication date: 10-Apr-2020
https://dl.acm.org/doi/10.1145/3382158
Chakraborty TPierazzi FSubrahmanian V(2020)EC2: Ensemble Clustering and Classification for Predicting Android Malware FamiliesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2017.273914517:2(262-277)Online publication date: 1-Mar-2020
https://doi.org/10.1109/TDSC.2017.2739145
Show More Cited By

Index Terms

The company you keep: mobile malware infection rates and inexpensive risk indicators
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

A comprehensive survey on deep learning based malware detection techniques
Abstract
Recent theoretical and practical studies have revealed that malware is one of the most harmful threats to the digital world. Malware mitigation techniques have evolved over the years to ensure security. Earlier, several classical ...
On mobile malware infections
WiSec '14: Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks
Andro-Dumpsys

Our system (Andro-Dumpsys) leverages volatile memory acquisition.Andro-Dumpsys leverages malware creator information and malware information.Andro-Dumpsys is anti-malware system based on similarity matching of footprints.Andro-Dumpsys is capable of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '14: Proceedings of the 23rd international conference on World wide web

April 2014

926 pages

ISBN:9781450327442

DOI:10.1145/2566486

General Chair:
Chin-Wan Chung
Korea Advanced Institute of Science and Technology, Korea
,
Program Chairs:
Andrei Broder
Google Inc., USA
,
Kyuseok Shim
Seoul National University, Korea
,
Torsten Suel
New York University, USA

Copyright © 2014 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 April 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Intel Corporation

Conference

WWW '14

Sponsor:

IW3C2

WWW '14: 23rd International World Wide Web Conference

April 7 - 11, 2014

Seoul, Korea

Acceptance Rates

WWW '14 Paper Acceptance Rate 84 of 645 submissions, 13%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
749
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alazzam HAl-Adwan AAbualghanam OAlhenawi EAlsmady A(2022)An Improved Binary Owl Feature Selection in the Context of Android Malware DetectionComputers10.3390/computers1112017311:12(173)Online publication date: 30-Nov-2022
https://doi.org/10.3390/computers11120173
Pierazzi FMezzour GHan QColajanni MSubrahmanian V(2020)A Data-driven Characterization of Modern Android SpywareACM Transactions on Management Information Systems10.1145/338215811:1(1-38)Online publication date: 10-Apr-2020
https://dl.acm.org/doi/10.1145/3382158
Chakraborty TPierazzi FSubrahmanian V(2020)EC2: Ensemble Clustering and Classification for Predicting Android Malware FamiliesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2017.273914517:2(262-277)Online publication date: 1-Mar-2020
https://doi.org/10.1109/TDSC.2017.2739145
Sigg SLagerspetz EPeltonen ENurmi PTarkoma S(2019)Exploiting Usage to Predict Instantaneous App PopularityACM Transactions on the Web10.1145/319967713:2(1-25)Online publication date: 2-Apr-2019
https://dl.acm.org/doi/10.1145/3199677
Sharif MUrakawa JChristin NKubota AYamada ALie DMannan MBackes MWang X(2018)Predicting Impending Exposure to Malicious Content from User BehaviorProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243779(1487-1501)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243779
Bao LLe TLo D(2018)Mining sandboxes: Are we there yet?2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER.2018.8330231(445-455)Online publication date: Mar-2018
https://doi.org/10.1109/SANER.2018.8330231
Le TBao LLo DGao DLi L(2018)Towards Mining Comprehensive Android Sandboxes2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS2018.2018.00014(51-60)Online publication date: Dec-2018
https://doi.org/10.1109/ICECCS2018.2018.00014
Ali TKhan YAli TFaizullah SAlghamdi TAnwar S(2018)An Automated Permission Selection Framework for Android PlatformJournal of Grid Computing10.1007/s10723-018-9455-1Online publication date: 4-Aug-2018
https://doi.org/10.1007/s10723-018-9455-1
Mitropoulos D(2017)How 1 million app calls can tell you a bit about malwareXRDS: Crossroads, The ACM Magazine for Students10.1145/312377824:1(17-19)Online publication date: 14-Sep-2017
https://dl.acm.org/doi/10.1145/3123778
Tam KFeizollah AAnuar NSalleh RCavallaro L(2017)The Evolution of Android Malware and Android Analysis TechniquesACM Computing Surveys10.1145/301742749:4(1-41)Online publication date: 13-Jan-2017
https://dl.acm.org/doi/10.1145/3017427
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten