Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina, Fahad; Elleithy, Khaled

doi:10.3390/electronics9060942

Cited by 35 publications

(33 citation statements)

References 71 publications

(181 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For Android, the kill switch was used by Google, but the challenge remains that the kill switch will not be effective if an earlier download has an infection on the device. iPhone/FindAndCall [35] and Android/ DroidKungFu [36] malware snip individual data and forward this personal information to remote network servers. Other malicious software such as FinSpy, Android/Nickispy, and Android/Spybubble have been developed to record mobile phone calls, send SMS, and monitor mobile location as spy instruments.…”

Section: A History Of Mobile Malwarementioning

confidence: 99%

“…Secure communications and transactions on malicious applications as software packages became a business of interest on forums and vendor online shops [62], [63], [64]. Different Android malware families include Rumms, Krep, Triada, Descarga, Mazar_Bot, Rootnik, AndroidOS.Fusob, and DroidJack emerged in 2016 [65][66][67]. According to the mobile security report by Mead et al [68], AndroidOS.Fusob Trojan ransomware was the most popular and persistent android malicious program in 2016 that infected users in different geographical locations including the UK, US, China, and Germany.…”

Section: Dark Web Advancement and New Malware Variantmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies

Ashawa

Morris

2021

JISCR

View full text Add to dashboard Cite

The open-source and popularity of Android attracts hackers and has multiplied security concerns targeting devices. As such, malware attacks on Android are one of the security challenges facing society. This paper presents an analysis of mobile malware evolution between 2000-2020. The paper presents mobile malware types and in-depth infection strategies malware deploys to infect mobile devices. Accordingly, factors that restricted the fast spread of early malware and those that enhance the fast propagation of recent malware are identified. Moreover, the paper discusses and classifies mobile malware based on privilege escalation and attack goals. Based on the reviewed survey papers, our research presents recommendations in the form of measures to cope with emerging security threats posed by malware and thus decrease threats and malware infection rates. Finally, we identify the need for a critical analysis of mobile malware frameworks to identify their weaknesses and strengths to develop a more robust, accurate, and scalable tool from an Android detection standpoint. The survey results facilitate the understanding of mobile malware evolution and the infection trend. They also help mobile malware analysts to understand the current evasion techniques mobile malware deploys

show abstract

Section: A History Of Mobile Malwarementioning

confidence: 99%

Section: Dark Web Advancement and New Malware Variantmentioning

confidence: 99%

Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies

Ashawa

Morris

2021

JISCR

View full text Add to dashboard Cite

show abstract

“…To determine the risks, an analysis of the attack vectors and existing attacks that can be produced on the Android ecosystem is carried out in different studies [57], [58]. In the analysis, malicious attacks as well as not-fully malicious attacks (e.g., collecting sensitive user' information) were considered [59].…”

Section: Aranac: Application Risk Assessment Based Network Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

In this paper, we introduce a new methodology for network access control for Android devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an aggregate of permissions declared in the manifests of installed applications on users' devices. The access control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus, it does not require detailed information about installed applications but only an aggregate of permissions. Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time, allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities allow for giving recommendations to final users so that they are capable of mitigating their risks when accessing networks. We evaluated the approach with more than 80 Android devices at a university campus network and obtained interesting results regarding security risks in the usual deployment of device apps.INDEX TERMS Android permissions, bring-your-own-device, mobile security, network access control, risk assessment.

show abstract

“…Due to the increasing number of mobile malware instances and the emergence of new malware families, malware has become a serious threat to Android ecosystem security. To defeat this threat and protect mobile users and systems, many studies have investigated the detection and classification of Android malware samples [2]- [17]. Malware detection is a binary classification problem that involves attempting to determine whether a suspicious app is malicious or benign.…”

Section: Introductionmentioning

confidence: 99%

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

et al. 2022

View full text Add to dashboard Cite

It is important to effectively detect, mitigate, and defend against Android malware attacks, because Android malware has long represented a major threat to Android app security. Characterizing and classifying similar malicious apps into groups plays a particularly crucial role in building a secure Android app ecosystem. The classification of malware families can efficiently enhance the malware detection process and systematically elucidate malware patterns. In this paper, we propose a novel efficient deep learning network with multi-streams for Android malware family classification. We first obtain the input data for a convolutional neural network (CNN) in string format from some main files or sections contained in each Android malicious app. We then classify malware families by applying a 1-dimensional convolution filter-based network for the files or sections. Further, by using gradient analysis to visualize the important files and sections in malicious apps, we attempt to intuitively grasp which files or sections are the most significant for malware family classification. To validate the effectiveness of our approach, we conduct extensive experiments with the well-known DREBIN and AMD malware datasets, and we compare our approach with existing methods. Our experimental results show that the 1D CNN model is more accurate than the 2D CNN model, and that the code_item part in the classes.dex is the most relevant feature for malware classification, as it is more relevant than other parts such as AndroidManifest.xml and certificate. The proposed method achieves the best accuracy of 93.2% by using 1D convolution filters with multistreams for the main files and sections of the malware samples.

show abstract

Android Malware Family Classification and Analysis: Current Status and Future Directions

Cited by 35 publications

References 71 publications

Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies

Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

Contact Info

Product

Resources

About