Runtime Detection Framework for Android Malware
As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: st...
Saved in:
| Published in | Mobile information systems Vol. 2018; no. 2018; pp. 1 - 15 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
Cairo, Egypt
Hindawi Publishing Corporation
01.01.2018
Hindawi Hindawi Limited |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework. |
|---|---|
| AbstractList | As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework. |
| Author | Im, Eul Gyu Kim, TaeGuen Kang, BooJoong |
| Author_xml | – sequence: 1 fullname: Kim, TaeGuen – sequence: 2 fullname: Im, Eul Gyu – sequence: 3 fullname: Kang, BooJoong |
| BookMark | eNqF0EFLwzAUwPEgE9ymN89S8Kh1SfPSNMcxnQoTQRR2C2nzgp1bMtOO4be3owOPnt47_HgP_iMy8MEjIZeM3jEmxCSjrJgUVAFncEKGrJAiVVQsB90uJKSUyeUZGTXNitKcciGHZPK28229weQeW6zaOvhkHs0G9yF-JS7EZOptDLVNXsx6byKek1Nn1g1eHOeYfMwf3mdP6eL18Xk2XaQVz2mbSskBrWCqKksHDhAKm2GuUJbOWJsV3PK8zEAB42VeVjk6x6W0BoRCQMbH5Lq_u43he4dNq1dhF333Umc040CBg-zUba-qGJomotPbWG9M_NGM6kMSfUiij0k6ftPzz9pbs6__01e9xs6gM386o6AKxX8BWMNrWA |
| CitedBy_id | crossref_primary_10_1155_2021_8933681 crossref_primary_10_3233_JIFS_222612 crossref_primary_10_1109_ACCESS_2021_3131713 crossref_primary_10_1155_2020_3407437 crossref_primary_10_1109_ACCESS_2023_3260977 crossref_primary_10_1016_j_eswa_2020_113581 |
| Cites_doi | 10.1145/2544173.2509549 10.1007/s10844-010-0148-x 10.1145/2619091 10.1109/mprv.2014.74 10.1049/iet-ifs.2013.0095 10.1007/bf01206331 10.1109/massp.1986.1165342 10.1007/s11036-008-0113-x |
| ContentType | Journal Article |
| Copyright | Copyright © 2018 TaeGuen Kim et al. Copyright © 2018 TaeGuen Kim et al.; This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| Copyright_xml | – notice: Copyright © 2018 TaeGuen Kim et al. – notice: Copyright © 2018 TaeGuen Kim et al.; This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| DBID | ADJCN RHU RHW RHX AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1155/2018/8094314 |
| DatabaseName | الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals Hindawi Publishing Complete Hindawi Publishing Subscription Journals Open Access Journals (Hindawi Publishing) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database CrossRef |
| Database_xml | – sequence: 1 dbid: RHX name: Open Access Journals (Hindawi Publishing) url: http://www.hindawi.com/journals/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1875-905X |
| Editor | Masciari, Elio |
| Editor_xml | – sequence: 1 givenname: Elio surname: Masciari fullname: Masciari, Elio – fullname: Elio Masciari |
| EndPage | 15 |
| ExternalDocumentID | 10_1155_2018_8094314 1204989 |
| GrantInformation_xml | – fundername: Korea Institute of Energy Technology Evaluation and Planning grantid: 20174010201170 – fundername: Institute for Information & Communications Technology Promotion (IITP) grantid: 2017-0-00388 – fundername: Ministry of Trade, Industry and Energy – fundername: Ministry of Science, ICT and Future Planning grantid: 2016R1A2B4015254 |
| GroupedDBID | -CS -CY .4S .DC 0R~ 24P 4.4 5VS AAFNC AAFWJ AAJEY ABHFT ABJNI ABUBZ ACGFO ACGFS ACPQW ADBBV ADJCN ADZMO AEGXH AENEX AFRHK AGIAB AIAGR ALMA_UNASSIGNED_HOLDINGS ARCSS ASPBG AVWKF BCNDV CAG COF EBS EDO EJD FEDTE GROUPED_DOAJ H13 HZ~ I-F IAO IHR IL9 IOS IPNFZ KQ8 KZ1 LMP MET MIO MV1 NGNOM O9- OK1 P2P RHX RIG TUS RHU RHW AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c360t-7734ed519cbbf4f4e48d2e69e7bfadd283d36b249413b6bc6eff377da459e4e13 |
| IEDL.DBID | RHX |
| ISSN | 1574-017X |
| IngestDate | Fri Sep 13 01:28:37 EDT 2024 Fri Aug 23 01:59:15 EDT 2024 Sun Jun 02 18:54:56 EDT 2024 Thu Sep 12 21:23:44 EDT 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2018 |
| Language | English |
| License | This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c360t-7734ed519cbbf4f4e48d2e69e7bfadd283d36b249413b6bc6eff377da459e4e13 |
| ORCID | 0000-0002-4130-513X 0000-0001-5984-9867 |
| OpenAccessLink | https://dx.doi.org/10.1155/2018/8094314 |
| PQID | 2023404347 |
| PQPubID | 2048814 |
| PageCount | 15 |
| ParticipantIDs | proquest_journals_2023404347 crossref_primary_10_1155_2018_8094314 hindawi_primary_10_1155_2018_8094314 emarefa_primary_1204989 |
| PublicationCentury | 2000 |
| PublicationDate | 2018-01-01 |
| PublicationDateYYYYMMDD | 2018-01-01 |
| PublicationDate_xml | – month: 01 year: 2018 text: 2018-01-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Cairo, Egypt |
| PublicationPlace_xml | – name: Cairo, Egypt – name: Amsterdam |
| PublicationTitle | Mobile information systems |
| PublicationYear | 2018 |
| Publisher | Hindawi Publishing Corporation Hindawi Hindawi Limited |
| Publisher_xml | – name: Hindawi Publishing Corporation – name: Hindawi – name: Hindawi Limited |
| References | 1 (2) 2017 14 (33) 2003; 53 39 7 8 9 31 (21) 2012; 2012 32 |
| References_xml | – ident: 39 doi: 10.1145/2544173.2509549 – ident: 8 doi: 10.1007/s10844-010-0148-x – volume: 2012 start-page: 1 issue: 2 year: 2012 ident: 21 publication-title: Mobile Security Technologies – ident: 7 doi: 10.1145/2619091 – ident: 1 doi: 10.1109/mprv.2014.74 – year: 2017 ident: 2 – ident: 14 doi: 10.1049/iet-ifs.2013.0095 – volume: 53 start-page: 10 issue: 4 year: 2003 ident: 33 publication-title: IEEE Information Theory Society Newsletter – ident: 31 doi: 10.1007/bf01206331 – ident: 32 doi: 10.1109/massp.1986.1165342 – ident: 9 doi: 10.1007/s11036-008-0113-x |
| SSID | ssj0060357 ssib050733852 |
| Score | 2.1868322 |
| Snippet | As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can... |
| SourceID | proquest crossref hindawi emarefa |
| SourceType | Aggregation Database Publisher |
| StartPage | 1 |
| SubjectTerms | Anti-virus software Application programming interface Computer architecture Computer viruses Electronic devices Feature extraction Malware Markov chains Teaching methods |
| Title | Runtime Detection Framework for Android Malware |
| URI | https://search.emarefa.net/detail/BIM-1204989 https://dx.doi.org/10.1155/2018/8094314 https://www.proquest.com/docview/2023404347/abstract/ |
| Volume | 2018 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1bS8MwGA06Gfji_TKdIw_zsaxpLk0fh26MwXwYDupTaW44cJ24yv6-SZsiugd9a6EkcJp85_vak-8A0OciIpREKkCMk4AIJG0cZChQSAuCcilC6c4Oz57YZEGmKU19k6TN7i98y3a2PEd8wJ0CzhlW73PuWuTPJ2mzbKjzHayOANcBmIW4avCJaOwEFnHa6N1_jfWDidp6ldsLS0_tV1cMb5c7wblinPEJOPKpIhzW7_YU7OniDBw3NgzQ78pzMJg7u4eVho-6rIRVBRw3kitoc1LoRIvrpYKz_G1rp78Ai_Ho-WESeB-EQGIWljYBxkQrm2pJIQwxRBOuIs0SHQtjw5NNEBRmFvPEEpJgQjJtDI5jlROaaKIRvgStYl3oawBVEiZGytDkxpDYEhWKpApVgmmoKNa0A-4bTLL3ut1FVpUJlGYOu8xj1wFXHrDvxyJbbPCkA_oewD8G6DboZn7XbDJn5e66_ZD45n-j3IJDd1t_EumCVvnxqe9sklCKHjgYDqejl161VL4Ak8qx9g |
| link.rule.ids | 315,786,790,869,884,27957,27958 |
| linkProvider | Hindawi Publishing |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Runtime+Detection+Framework+for+Android+Malware&rft.jtitle=Mobile+information+systems&rft.au=Kim%2C+TaeGuen&rft.au=Kang%2C+BooJoong&rft.au=Im%2C+Eul+Gyu&rft.date=2018-01-01&rft.issn=1574-017X&rft.eissn=1875-905X&rft.volume=2018&rft.spage=1&rft.epage=15&rft_id=info:doi/10.1155%2F2018%2F8094314&rft.externalDBID=n%2Fa&rft.externalDocID=10_1155_2018_8094314 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1574-017X&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1574-017X&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1574-017X&client=summon |