• Corpus ID: 2726752

DroidNative: Semantic-Based Detection of Android Native Code Malware

  title={DroidNative: Semantic-Based Detection of Android Native Code Malware},
  author={Shahid Alam and Zhengyang Qu and Ryan D. Riley and Yan Chen and Vaibhav Rastogi},
According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively ~99% on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature based detectors. In addition, the plethora of more sophisticated detectors making use of static analysis techniques to detect such variants operate only at the bytecode level, meaning that malware… 

Figures and Tables from this paper

DroidClone: Detecting android malware variants by exposing code clones

DroidClone is proposed that exposes code clones (segments of code that are similar) in Android applications to help detect malware variants and is able to detect both bytecode and native code Android malware variants.

Automated Deobfuscation of Android Native Binary Code

DiANa is an automated system to facilitate the deobfuscation of native binary code in Android apps that is capable of recovering the original Control Flow Graph given a binary obfuscated by Obfuscator-LLVM.

Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART

Malton is a novel on-device non-invasive analysis platform for the new Android runtime (i.e., the ART runtime) that provides a comprehensive view of malware’s behaviors by conducting multi-layer monitoring and information flow tracking, as well as efficient path exploration.

Record and replay of android native code execution

This project aims to develop a deterministic record and replay system to analyze native code execution of Android applications containing native code.

Using Static Analysis and Dalvik ByteCode on Android Compass Applications to detect Operational Anomalies

The intention of this research is analyzing applications without running them and detecting how application behavior might correlate with method call patterns and will focus on simple free compass applications because their ostensible simplicity will make high variation in methods calls an interesting phenomenon.

Classification of Android apps and malware using deep neural networks

    R. NixJian Zhang
    Computer Science
    2017 International Joint Conference on Neural Networks (IJCNN)
  • 2017
This work designs a Convolutional Neural Network for sequence classification and conducts a set of experiments on malware detection and categorization of software into functionality groups to test and compare it with classifications by recurrent neural network (LSTM), and significantly outperformed n-gram based methods.

Exposing Android Ransomware using Machine Learning

    Oneil B. Victoriano
    Computer Science
    Proceedings of the 2019 International Conference on Information System and System Management
  • 2019
The Ransomware detection reports from cyber-security companies trigger high threat in Android devices vulnerability. The study used machine learning approaches, particularly classifiers: Decision

Intrusion Detection System for Android : Linux Kernel System Salls Analysis

Smartphones provide access to a plethora of private information potentially leading to financial and personal hardship, hence they need to be well protected. With new Android malware obfuscation an

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis

DroidScope is presented, an Android analysis platform that continues the tradition of virtualization-based malware analysis and reconstructs both the OS-level and Java-level semantics simultaneously and seamlessly.

Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications

This paper developed a static analysis tool to automatically detect attempts to load external code using static analysis techniques, and performed a large-scale study of popular applications from the Google Play store, showing that loading external code in an insecure way is a problem in as much as 9.25% of those applications and even 16% of the top 50 free applications.

DroidLegacy: Automated Familial Classification of Android Malware

We present an automated method for extracting familial signatures for Android malware, i.e., signatures that identify malware produced by piggybacking potentially different benign applications with

Semantics-aware malware detection

Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.

Detecting metamorphic malwares using code graphs

It is shown that the proposed mechanism provides a high possibility of detecting malwares even when they attempt self-protection, and has an 91% detection ratio of real-worldmalwares and detects 300 metamorphic malware that can evade AV scanners.

DroidChameleon: evaluating Android anti-malware against transformation attacks

This paper evaluates the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques and proposes possible remedies for improving the current state of malware detection on mobile devices.

Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs

A novel semantic-based approach that classifies Android malware via dependency graphs that is capable of detecting zero-day malware with a low false negative rate and an acceptable false positive rate while tolerating minor implementation differences is proposed.

Android Security: A Survey of Issues, Malware Penetration, and Defenses

This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.

Malware detection using assembly code and control flow graph optimization

An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, derived from the idea that the key to malware identification lies in their syntactic as well as semantic features.