A3: Automatic Analysis of Android Malware

Zhang, Luoshi; Yan, Ning; Xiao, Wu; Wang, Zhaoguo; Yibo, Xue

doi:10.2991/ccis-13.2013.22

Cited by 10 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It used machine-learning methods on feature sets to detect malicious applications. A3 [20] is another system that mentioned Intent as one of three extracted features. It utilized heuristic algorithm for detection.…”

Section: Related Workmentioning

confidence: 99%

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

203

View full text Add to dashboard Cite

The wide popularity of Android systems has been accompanied by increase in the number of malware targeting these systems. This is largely due to the open nature of the Android framework that facilitates the incorporation of third-party applications running on top of any Android device. Inter-process communication is one of the most notable features of the Android framework as it allows the reuse of components across process boundaries. This mechanism is used as gateway to access different sensitive services in the Android framework. In the Android platform, this communication system is usually driven by a late runtime binding messaging object known as Intent. In this paper, we evaluate the effectiveness of Android Intents (explicit and implicit) as a distinguishing feature for identifying malicious applications. We show that Intents are semantically rich features that are able to encode the intentions of malware when compared to other well-studied features such as permissions. We also argue that this type of feature is not the ultimate solution. It should be used in conjunction with other known features. We conducted experiments using a dataset containing 7,406 applications that comprise of 1,846 clean and 5,560 infected applications. The results show detection rate of 91% using Android Intent against 83% using Android permission. Additionally, experiment on combination of both features results in detection rate of 95.5%.

show abstract

Section: Related Workmentioning

confidence: 99%

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

203

View full text Add to dashboard Cite

show abstract

“…Advertisement libraries. Provided that most Android applications are available for free download, Android developers need to include advertisement libraries (ad libraries) in Deshotels, Notani & Lakhotia (2014b); Wu et al (2012); Faruki et al (2013); Luoshi et al (2013) aapt Android ( 2013); Sanz et al (2013) androguard Desnos (2012a); Suarez-Tangil et al (2014); Sahs & Khan (2012);Aafer, Du & Yin (2013); Junaid, Liu & Kung (2016a) baksmali Anonymous (2019b); Apvrille & Strazzere (2012); Huang, Tsai & Hsu (2012); Grace et al (2012b); Zhou et al (2013); Zhou et al (2012); Grace et al (2012a) dex2jar Anonymous (2019d); Huang et al (2014a); Sheen, Anitha & Natarajan (2015); Lee & Jin (2013); Luoshi et al (2013) jadx Skylot (2015); Firdaus & Anuar (2015) dedexer Anonymous (0000b)…”

Section: Featuresmentioning

confidence: 99%

“…The examples of sensitive URLs include the Android Market on Google Play, Gmail, Google calendar, Google documents, and XML schemas. These features were used in Luoshi et al (2013) Code-based. Code-based or code structure comprises a line or set of programming language codes in an application.…”

Section: (D) Hardware Componentmentioning

confidence: 99%

“…Copes (Bartel et al, 2012), Leakminer (Yang & Yang, 2012), Riskranker (Grace et al, 2011), A3 (Luoshi et al, 2013) and (Gascon et al, 2013) Inter-component call graph (ICCG) et al (2014) Control flow graph (CFG) Woodpecker (Grace et al, 2012b), Flowdroid (Steven Arzt et al, 2014), Dendroid (Suarez-Tangil et al, 2014Sahs & Khan, 2012), Asdroid (Huang et al, 2014a), Anadroid (Shuying Liang et al, 2013, Adrisk (Grace et al, 2012a), and Dexteroid (Junaid, Liu & Kung, 2016a) Dependency graph CHEX (Lu et al, 2012), Dnadroid (Crussell, Gibler & Chen, 2012), Droidlegacy (Deshotels, Notani & Lakhotia, 2014b) and (Zhou et al, 2013) Others. Besides machine learning and graph, several security practitioners adopted different methods, such as Normalized Compression Distance (NCD).…”

Section: Call Graphmentioning

confidence: 99%

See 1 more Smart Citation

Malware detection using static analysis in Android: a review of FeCO (features, classification, and obfuscation)

Jusoh

Firdaus

Anwar³

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Android is a free open-source operating system (OS), which allows an in-depth understanding of its architecture. Therefore, many manufacturers are utilizing this OS to produce mobile devices (smartphones, smartwatch, and smart glasses) in different brands, including Google Pixel, Motorola, Samsung, and Sony. Notably, the employment of OS leads to a rapid increase in the number of Android users. However, unethical authors tend to develop malware in the devices for wealth, fame, or private purposes. Although practitioners conduct intrusion detection analyses, such as static analysis, there is an inadequate number of review articles discussing the research efforts on this type of analysis. Therefore, this study discusses the articles published from 2009 until 2019 and analyses the steps in the static analysis (reverse engineer, features, and classification) with taxonomy. Following that, the research issue in static analysis is also highlighted. Overall, this study serves as the guidance for novice security practitioners and expert researchers in the proposal of novel research to detect malware through static analysis.

show abstract

“…Malware authors make use of network addresses to build communication with command and control (C&C) worker to send the client's classified information. Analysts discovered IP addresses as one of the key static components for investigation [91][92][93].…”

Section: Complexitymentioning

confidence: 99%

Identifying Major Research Areas and Minor Research Themes of Android Malware Analysis and Detection Field Using LSA

et al. 2021

View full text Add to dashboard Cite

Contemporary technologies have ensured the availability of high-quality research data shared over the Internet. This has resulted in a tremendous availability of research literature, which keeps evolving itself. Thus, identification of core research areas and trends in such ever-evolving literature is not only challenging but interesting too. An empirical overview of contemporary machine learning methods, which have the potential to expedite evidence synthesis within research literature, has been explained. This manuscript proposes Simulating Expert comprehension for Analyzing Research trends (SEAR) framework, which can perform subjective and quantitative investigation over enormous literature. TRENDMINER is the use case designed exclusively for the SEAR framework. TRENDMINER uncovered the intellectual structure of a corpus of 444 abstracts of research articles (published during 2010–2019) on Android malware analysis and detection. The study concludes with the identification of three core research areas, twenty-seven research trends. The study also suggests the potential future research directions.

show abstract

A3: Automatic Analysis of Android Malware

Abstract: Abstract

Cited by 10 publications

References 6 publications

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Malware detection using static analysis in Android: a review of FeCO (features, classification, and obfuscation)

Identifying Major Research Areas and Minor Research Themes of Android Malware Analysis and Detection Field Using LSA

Contact Info

Product

Resources

About