“Andromaly”: a behavioral malware detection framework for android devices

@article{Shabtai2010AndromalyAB,
  title={“Andromaly”: a behavioral malware detection framework for android devices},
  author={Asaf Shabtai and Uri Kanonov and Yuval Elovici and Chanan Glezer and Yael Weiss},
  journal={Journal of Intelligent Information Systems},
  year={2010},
  volume={38},
  pages={161-190}
}
This article presents Andromaly—a framework for detecting malware on Android mobile devices. The proposed framework realizes a Host-based Malware Detection System that continuously monitors various features and events obtained from the mobile device and then applies Machine Learning anomaly detectors to classify the collected data as normal (benign) or abnormal (malicious). Since no malicious applications are yet available for Android, we developed four malicious applications, and evaluated… 

Figures and Tables from this paper

Android malware detection: state of the art
TLDR
An analysis of various Android malware detection systems and compares them based on various parameters such as detection technique, analysis method, and features extracted highlights the fact that machine learning algorithms are used frequently in this area for detecting Android malware in the wild.
On behavior-based detection of malware on Android platform
TLDR
A malware detection system, which uses a behavior-based detection approach to deal with the detection of a large number of unknown malware, and demonstrates the effectiveness of the proposed detection system to detect malware.
PNSDroid: A Hybrid Approach for Detection of Android Malware
TLDR
A hybrid model to detect the android malware by analyzing permission bit vector, network traffic, and system call invocations is proposed and shown to be highly efficient by achieving 97.5% of detection accuracy.
NeSeDroid—Android Malware Detection Based on Network Traffic and Sensitive Resource Accessing
TLDR
This paper proposed a hybrid analysis method, named NeSeDroid, which used static analysis to detect the sensitive resource accessing and dynamic analysis to detects sensitive resource leakage, through Internet connection.
Permission-Based Android Malware Detection
TLDR
The proposed framework intends to develop a machine learning-based malware detection system on Android to detect malware applications and to enhance security and privacy of smartphone users.
MADAM: A Multi-level Anomaly Detector for Android Malware
TLDR
MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones.
An Android Malware Detection Method Based on Feature Codes
TLDR
ANDect is proven that it can effectively find out the undiscovered malicious Applications of android by utilizing the feature vectors of codes from the android applications, with high accuracy and low false positive rate.
SpyDroid: A Framework for Employing Multiple Real-Time Malware Detectors on Android
TLDR
SpyDroid is proposed, a real-time malware detection framework that can accommodate multiple detectors from third-parties (e.g., researchers and antivirus vendors) and allows efficient and controlled real- time monitoring and decisions from multiple sub-detectors can increase the malware detection rate significantly on a real device.
A machine learning approach to anomaly-based detection on Android platforms
TLDR
A machine learning approach for the detection of malware on Android platforms is presented that monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier.
SmartMal: A Service-Oriented Behavioral Malware Detection Framework for Mobile Devices
TLDR
The highlight of SmartMal is to introduce service-oriented architecture concepts and behavior analysis into the malware detection paradigms and suggest that the proposed framework and novel anomaly detection algorithm are highly effective in detecting malware on Android devices.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 70 REFERENCES
Behavioral detection of malware on mobile handsets
TLDR
A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices and indicates that behavioral detection can identify current mobile viruses and worms with more than 96% accuracy.
Monitoring Smartphones for Anomaly Detection
TLDR
This paper demonstrates how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection and introduces the top ten applications used by mobile phone users based on a study in 2005.
Detecting energy-greedy anomalies and mobile malware variants
TLDR
A power-aware malware-detection framework that monitors, detects, and analyzes previously unknown energy-depletion threats and achieves significant storage-savings without losing the detection accuracy, and a 99% true-positive rate in classifying mobile malware.
Panorama: capturing system-wide information flow for malware detection and analysis
TLDR
This work proposes a system, Panorama, to detect and analyze malware by capturing malicious information access and processing behavior, which separates these malicious applications from benign software.
Learning and Classification of Malware Behavior
TLDR
The effectiveness of the proposed method for learning and discrimination of malware behavior is demonstrated, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software.
Mobile Malware: Mobile malware - new avenues
A Mobile Phone Malicious Software Detection Model with Behavior Checker
TLDR
The possible attacking model on mobile phone adapted from malicious attack on computer is discussed and the types of attack and appropriate solution model for mobile phone are presented.
Google Android: A State-of-the-Art Review of Security Mechanisms
TLDR
A comprehensive security assessment of the Android framework and the security mechanisms incorporated into it is provided and a list of applied and recommended defense mechanisms for hardening mobile devices in general and the Android in particular are proposed.
Limits of Static Analysis for Malware Detection
TLDR
A binary obfuscation scheme that relies on opaque constants, which are primitives that allow us to load a constant into a register such that an analysis tool cannot determine its value, demonstrates that static analysis techniques alone might no longer be sufficient to identify malware.
Behavioral detection of malware: from a survey towards an established taxonomy
TLDR
A survey of the different reasoning techniques deployed among the behavioral detectors has been drawn up, classified according to a new taxonomy introduced inside the paper.
...
1
2
3
4
5
...