poster

Mobile malware detection in the real world

Authors:

Francesco Mercaldo,

Corrado Aaron Visaggio,

Gerardo Canfora,

Aniello CimitileAuthors Info & Claims

ICSE '16: Proceedings of the 38th International Conference on Software Engineering Companion

Pages 744 - 746

https://doi.org/10.1145/2889160.2892656

Published: 14 May 2016 Publication History

Abstract

Several works in literature address the mobile malware detection problem by classifying features obtained from real world application and using well-known machine-learning techniques. Several authors have published empirical studies aimed at assessing the quality of set of features. In this paper we propose BehaveYourself!, an Android application able to discriminate a trusted application by a malicious one extracting opcode-based features. Our application is open and flexible: it can be used as a starting point to define, and experiment with, additional features. We release BehaveYourself! to the research community at the following url: http://www.ing.unisannio.it/cimitile/BehaveYourself.apk

References

[1]

"The global adoption and diffusion of mobile phones." http://pirp.harvard.edu/pubs_pdf/kalba/kalba-p08-1.pdf, last visit 13 December 2015.

[2]

M. L. Bernardi and M. Cimitile, "Model driven development of cross-platform mobile applications," in The 11th IASTED International Conference on Software Engineering (SE 2012), 2012.

[3]

M. Cimitile, M. Risi, and G. Tortora, "Automatic generation of multi platform web map mobile applications.," in DMS, pp. 84--89, 2011.

[4]

H. Jaakkola, M. Gabbouj, and Y. Neuvo, "Fundamentals of technology diffusion and mobile phone case study," Circuits, Systems and Signal Processing, vol. 17, no. 3, pp. 421--448, 1998.

Digital Library

[5]

V. Rastogi, Y. Chen, and X. Jiang, "Droidchameleon: evaluating android anti-malware against transformation attacks," in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 329--334, ACM, 2013.

Digital Library

[6]

K. Sharma, T. Dand, T. Oh, and W. Stackpole, "Malware analysis for android operating," in 8th Annual Symposium on Information Assurance (ASIA-13), vol. 31, 2013.

[7]

G. Canfora, A. Di Sorbo, F. Mercaldo, and C. A. Visaggio, "Obfuscation techniques against signature-based detection: a case study," in Proceedings of 1st Workshop on Mobile System Technologies (MST), May 22, 2015, Milano, Italy, p. To appear, May 2015.

[8]

G. Canfora, F. Mercaldo, and C. A. Visaggio, "A classifier of malicious android applications," in Availability, Reliability and Security (ARES), 2013 Eighth International Conference on, pp. 607--614, IEEE, 2013.

Digital Library

[9]

G. Canfora, F. Mercaldo, and C. A. Visaggio, "Mobile malware detection using op-code frequency histograms," International Conference on Security, and Cryptography (SECRYPT), 2015.

[10]

M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. van der Veen, and C. Platzer, "Andrubis-1,000,000 apps later: A view on current android malware behaviors," in Proceedings of the the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014.

Digital Library

[11]

"Androguard." https://github.com/androguard/androguard, last visit 3 December 2015.

[12]

G. Canfora, F. Mercaldo, and C. A. Visaggio, "Evaluating op-code frequency histograms in malware and third-party mobile applications," Lecture Notes in Computer Science, Springer, 2015.

[13]

"Dalvik opcodes." http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html, last visit 3 December 2015.

[14]

"smali/baksmali." https://github.com/JesusFreke/smali, last visit 3 December 2015.

[15]

"Tools help android developers." http://developer.android.com/tools/help/index.html, last visit 3 December 2015.

[16]

"Installing the androidsdk." http://developer.android.com/sdk/installing/index.html, last visit 3 December 2015.

[17]

"Apache lucene." https://lucene.apache.org/core/, last visit 3 December 2015.

[18]

"Weka 3." http://www.cs.waikato.ac.nz/ml/weka/, last visit 3 December 2015.

[19]

"Google play." https://play.google.com/store, last visit 3 December 2015.

[20]

M. Spreitzenbarth, F. Echtler, T. Schrek, F. C. Freiling, and J. Hoffman, "Mobilesandbox: looking deeper into android applications," in Proc. the 28th ACM Symposium on Applied Computing (SAC), 2013.

Digital Library

[21]

D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck, "Drebin: Efficient and explainable detection of android malware in your pocket," in Proc. of 17th Network and Distributed System Security Symposium, NDSS, vol. 14.

[22]

F. Mercaldo, C. A. Visagggio, A. Oropallo, and P. Pirone, "Evaluating the commercial and research antimalware tools against malware in the wild and third-party markets: A technical report." https://www.researchgate.net/publication/275334543_Evaluating_the_commercial_and_research_antimalware_tools_against_malware_in_the_wild_and_third-party_markets_A_technical_report, last visit 9 January 2016.

Cited By

He SFu CHu HChen JLv JJiang SRoychoudhury APaiva AAbreu RStorey M(2024)MalwareTotal: Multi-Faceted and Sequence-Aware Bypass Tactics against Static Malware DetectionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639141(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639141
Tu TZhang HGong BDu DWen Q(2024)Intelligent analysis of android application privacy policy and permission consistencyArtificial Intelligence Review10.1007/s10462-024-10798-z57:7Online publication date: 13-Jun-2024
https://doi.org/10.1007/s10462-024-10798-z
Menaouer BIslem ANada M(2023)Android Malware Detection Approach Using Stacked AutoEncoder and Convolutional Neural NetworksInternational Journal of Intelligent Information Technologies10.4018/IJIIT.32995619:1(1-22)Online publication date: 19-Sep-2023
https://dl.acm.org/doi/10.4018/IJIIT.329956
Show More Cited By

Recommendations

Enhancing malware detection: clients deserve more protection

Sophisticated malware is designed to spread over the network and infect as many connected client machines as possible before being detected. Network security engineers have always been challenged to detect and track down such malware before infecting ...
Behavioral detection of malware on mobile handsets
MobiSys '08: Proceedings of the 6th international conference on Mobile systems, applications, and services

A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. First, we propose an efficient representation of malware behaviors ...
Semantics-Aware Malware Detection
SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '16: Proceedings of the 38th International Conference on Software Engineering Companion

May 2016

946 pages

ISBN:9781450342056

DOI:10.1145/2889160

General Chair:
Laura Dillon
Michigan State University
,
Program Chairs:
Willem Visser
Stellenbosch University, South Africa
,
Laurie Williams
North Carolina State University

Copyright © 2016 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS\TCSE: TC on Software Engineering
IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 May 2016

Check for updates

Qualifiers

Poster

Conference

ICSE '16

Sponsor:

ACM
SIGSOFT
IEEE-CS\TCSE
IEEE-CS\DATC

ICSE '16: 38th International Conference on Software Engineering

May 14 - 22, 2016

Texas, Austin

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
323
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

He SFu CHu HChen JLv JJiang SRoychoudhury APaiva AAbreu RStorey M(2024)MalwareTotal: Multi-Faceted and Sequence-Aware Bypass Tactics against Static Malware DetectionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639141(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639141
Tu TZhang HGong BDu DWen Q(2024)Intelligent analysis of android application privacy policy and permission consistencyArtificial Intelligence Review10.1007/s10462-024-10798-z57:7Online publication date: 13-Jun-2024
https://doi.org/10.1007/s10462-024-10798-z
Menaouer BIslem ANada M(2023)Android Malware Detection Approach Using Stacked AutoEncoder and Convolutional Neural NetworksInternational Journal of Intelligent Information Technologies10.4018/IJIIT.32995619:1(1-22)Online publication date: 19-Sep-2023
https://dl.acm.org/doi/10.4018/IJIIT.329956
Mercaldo FBrunese LMartinelli FSantone ACesarelli M(2023)Explainable Convolutional Neural Networks for Brain Cancer Detection and LocalisationSensors10.3390/s2317761423:17(7614)Online publication date: 2-Sep-2023
https://doi.org/10.3390/s23177614
Patel AKumar NHanda AK Shukla S(2023)AProctor - A practical on-device antidote for Android malwareProceedings of the 2023 Australasian Computer Science Week10.1145/3579375.3579386(82-91)Online publication date: 30-Jan-2023
https://dl.acm.org/doi/10.1145/3579375.3579386
Mercaldo FCasolare RSantone A(2023)Explainability of Model Checking for Mobile Malicious Behavior Between Collaborative Apps Detection and LocalisationCollaborative Approaches for Cyber Security in Cyber-Physical Systems10.1007/978-3-031-16088-2_5(99-122)Online publication date: 2-Jan-2023
https://doi.org/10.1007/978-3-031-16088-2_5
Mercaldo FSantone A(2022)Formal Equivalence Checking for Mobile Malware Detection and Family ClassificationIEEE Transactions on Software Engineering10.1109/TSE.2021.306706148:7(2643-2657)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TSE.2021.3067061
Chen XYu HYu DChen JSun X(2022)Predicting Android malware combining permissions and API call sequencesSoftware Quality Journal10.1007/s11219-022-09602-431:3(655-685)Online publication date: 18-Nov-2022
https://doi.org/10.1007/s11219-022-09602-4
Mercaldo FMartinelli FSantone A(2022)Timed Automata Networks for SCADA Attacks Real-Time MitigationIntelligent Decision Technologies10.1007/978-981-19-3444-5_47(549-559)Online publication date: 27-Jul-2022
https://doi.org/10.1007/978-981-19-3444-5_47
Prabhu TKaruppasamy KPrakash EKarthikeyan K(2022)Malicious Firmware Injection Detection on Wireless Networks Using Deep Learning TF-IDF Normalization (MFI-IDF)International Conference on Computing, Communication, Electrical and Biomedical Systems10.1007/978-3-030-86165-0_51(615-625)Online publication date: 28-Feb-2022
https://doi.org/10.1007/978-3-030-86165-0_51
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten