DroidExec: Root exploit malware recognition against wide variability via folding redundant function-relation graph

Wei, Te-En; Tyan, Hsiao-Rong; Jeng, Albert B.; Lee, Hahn-Ming; Liao, Hong-Yuan Mark; Wang, Jiunn-Chin

doi:10.1109/icact.2015.7224777

Cited by 13 publications

(11 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Except using Permission and API calls as features for malware detection, some researchers also used function-call relationships in static malware analysis. Wei et al [12] used function-relation graphs to measure the structural similarity of Apps and used DroidExec to recognize malwares. Gascon et al [13] generated the embedded function call graph and proved the effectiveness of this method in malware detection.…”

Section: Relative Workmentioning

confidence: 99%

“…A new Android malware-detecting scheme is proposed by this paper. Compared with some existing traditional methods which only apply unified processing for each App (e.g., [8] only can be used for Apps without obfuscation strategy and [12,13] only use complex call graph data for analysis), our scheme could provide more comprehensive analysis for any Android Apps. Besides, as our scheme provide some new detecting techniques and different processing methods are chosen according to the properties of each App, the analyzing efficiency is also enhanced.…”

Section: Relative Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods

Liu

Guo

Huang

et al. 2018

Mobile Information Systems

View full text Add to dashboard Cite

In order to tackle the security issues caused by malwares of Android OS, we proposed a high-efficient hybrid-detecting scheme for Android malwares. Our scheme employed different analyzing methods (static and dynamic methods) to construct a flexible detecting scheme. In this paper, we proposed some detecting techniques such as Com+ feature based on traditional Permission and API call features to improve the performance of static detection. The collapsing issue of traditional function call graph-based malware detection was also avoided, as we adopted feature selection and clustering method to unify function call graph features of various dimensions into same dimension. In order to verify the performance of our scheme, we built an open-access malware dataset in our experiments. The experimental results showed that the suggested scheme achieved high malware-detecting accuracy, and the scheme could be used to establish Android malware-detecting cloud services, which can automatically adopt high-efficiency analyzing methods according to the properties of the Android applications.

show abstract

Section: Relative Workmentioning

confidence: 99%

Section: Relative Workmentioning

confidence: 99%

Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods

Liu

Guo

Huang

et al. 2018

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…Nowadays, smartphones are playing an important role in our lives by providing rich functionalities that allow users to perform different activities such as playing games, browsing the Internet, using navigation services, doing online shopping, and checking the bank balance [1][2][3][4]. A smartphone is equipped with an operating system such as Android, BlackBerry, iOS, and Windows Mobile, while among these operating systems, Android is the fastest growing one [3,[5][6][7][8]. Due to the popularity of Android smartphones, Android applications (in short, apps) are also rapidly growing in the number and variety distributed via app stores such as the official Google Play Store (http://play.google.com/apps), Amazon App Store (https://www.amazon.com), and APKPure (https://apkpure.com) [4,[9][10][11].…”

Section: Introductionmentioning

confidence: 99%

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

Hamedani

Shin

Lee

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Android application (app) stores contain a huge number of apps, which are manually classified based on the apps’ descriptions into various categories. However, the predefined categories or apps descriptions are usually not very accurate to reflect the real functionalities of apps, thereby leading to misclassify the apps, which may cause serious security issues and unreliability problem in the app store. Therefore, the automatic app classification is an important demand to construct a secure, reliable, integrated, and easy to navigate app store. In this paper, we propose an effective method called AndroClass to automatically classify apps based on their real functionalities by using rich and comprehensive features representing the actual functionalities of the apps. AndroClass performs three steps of feature extraction, feature refinement, and classification. In the feature extraction step, we extract 14 various features for each app by utilizing a unified tool suite. In the feature refinement step, we apply Random Forest algorithm to refine the features. In the classification step, we combine refined features into a single one and AndroClass is equipped with K-Nearest Neighbor, Naive Bayes, Support Vector Machine, and Deep Neural Network to classify apps. On the contrary to the existing methods, all the utilized features in AndroClass are stable and clearly represent the actual functionalities of the app, AndroClass does not pose any issues to the user privacy, and our method can be applied to classify unreleased or newly released apps. The results of extensive experiments with two real-world datasets and a dataset constructed by human experts demonstrate the effectiveness of AndroClass where the classification accuracy of AndroClass with the latter dataset is 83.5%.

show abstract

“…However, this mechanism may produce false alarm, as the rooting attack features it identified is too broad. DroidExec is a root exploit malware recognition by feature matching based on similarity calculation [11]. The recognition rate relies on decompile technology and the predefined features.…”

Section: Related Workmentioning

confidence: 99%

“…Return-Oriented Programming (ROP) [4][5][6][7][8][9]. Some researchers suggested static detection methods to recognize privilege escalation attack [10,11], but they all rely on the source code and predefined features. There are some other dynamical approaches to defeat privilege escalation attack, such as PREC, RGBDroid and Security Identifier Randomization [12][13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

PtmxGuard: An Improved Method for Android Kernel to Prevent Privilege Escalation Attack

Kong

Liu

2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract-Vulnerabilities in Android kernel give opportunity for attacker to damage the system. Privilege escalation is one of the most dangerous attacks, as it helps attacker to gain root privilege by exploiting kernel vulnerabilities. Mitigation technologies, static detection methods and dynamic defense methods have been suggested to prevent privilege escalation attack, but they still have some disadvantages. In this paper, we propose an improved method named PtmxGuard to enhance Android kernel and defeat privilege escalation attack. We focus on a typical attack pattern that attacker hijacks the control flow of Android kernel to modify process credentials by corrupting critical global function pointers. PtmxGuard enforces Code Pointer Integrity to Android kernel, checks the accuracy and reliability of those pointers when they're triggered by related system calls, and intercepts the system calls when attack activities are detected. Experiment result demonstrates that PtmxGuard can defense privilege escalation attack effectively.

show abstract

DroidExec: Root exploit malware recognition against wide variability via folding redundant function-relation graph

Cited by 13 publications

References 23 publications

Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods

Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

PtmxGuard: An Improved Method for Android Kernel to Prevent Privilege Escalation Attack

Contact Info

Product

Resources

About