SlideShare a Scribd company logo

Droid swan

P
Phani Reddy

Detecting malicious android applications based on static feature analysis

Mobile
1 of 32
Download to read offline
Presentation Structure 01 Why DroidSwan? 02 Android and Malware 03 Building DroidSwan 05 Extracting Features 06 Deriving Feature set 07 DroidSwan Working 04 Identifying Features 08 DroidSwan Performance
Why DroidSwan? Of all mobile malware applications target Android platform 98%
Why DroidSwan? Of all mobile malware applications target Android platform Decrease in Number of Malware samples removed from PlayStore 98% 60%
Why DroidSwan? 338% Of all mobile malware applications target Android platform Decrease in Number of Malware samples removed from PlayStore Increase in Number of Malware samples on Google’s PlayStore 98% 60%
Malware and Android
Malware and Android Surveillance
Malware and Android Surveillance Data Theft
Malware and Android Surveillance Data Theft Privacy Invasion
Malware and Android Surveillance Data Theft Botnet Activity Privacy Invasion
Malware and Android Surveillance Impersonation Data Theft Botnet Activity Privacy Invasion
Building DroidSwan Collecting Malware and Benign data set Updating classifier with new data Feature set efficiency analysis Building classifier model Deriving feature set Identifying crucial features
Identifying Features Features Suspicious Permissions
Identifying Features Features Suspicious Permissions Suspicious Permission Combinations
Permissions Usage Trends in Malware Samples
Identifying Features Features Suspicious Permissions Suspicious Permission Combinations Suspicious API Combinations
Identifying Features Features Suspicious Permissions Suspicious Permission Combinations Suspicious API Combinations Presence of Executables
Identifying Features Features Suspicious Permissions Suspicious Permission Combinations Suspicious API Combinations Manifest Violation Presence of Executables
Features Suspicious Permissions Suspicious Permission Combinations Suspicious API Combinations Suspicious Content URI Manifest Violation Presence of Executables Identifying Features
80.57% Content URI Usage Trends in Malware Samples 40% 78.8% 18%
Extracting Features APK APK Parser Suspicious Permissions Suspicious permission Combinations
Extracting Features APK APK Parser Dexdump Suspicious Permissions Suspicious permission Combinations Suspicious API Combinations Suspicious Content URI Manifest Violation
Extracting Features APK APK Parser Dexdump Jar Disassembler Executables in resources Suspicious Permissions Suspicious permission Combinations Suspicious API Combinations Suspicious Content URI Manifest Violation
Deriving Feature Set Three variations of feature set considered : •Weighted feature set with ED as a feature •Weighted feature set without ED as a feature •Non-Weighted feature set
Deriving Feature Set
Deriving Feature Set
DroidSwan Working
DroidSwan Performance ROC curve
DroidSwan Performance Recall Rate
DroidSwan Performance Detection Rate
Babu Rajesh V has been working for three years in the field of mobile security and malware analysis. His areas of interests include mobile security and embedded security Himanshu Pareek has around six years of experience in developing and design of security solutions related to small sized networks. He has research papers published on topics like malware detection based on behaviour and application modelling Mahesh U Patil received master degree in electronics and communication. Presently he is working as Principal Technical Officer at CDAC. His research interests include Mobile Security and Embedded Systems Phaninder Reddy has been working for two years in the field of mobile security and malware analysis. His areas of interests include machine learning and data analytics Our Team
Droid swan

Recommended

Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection
SumanthKommineni
 
Fraud and Malware Detection in Google Play by using Search Rank
Fraud and Malware Detection in Google Play by using Search RankFraud and Malware Detection in Google Play by using Search Rank
Fraud and Malware Detection in Google Play by using Search Rank
ijtsrd
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutions
Anatoliy Tkachev
 
Top 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorTop 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human Error
Cyware
 
Android App Security: What (not) to do!
Android App Security: What (not) to do!Android App Security: What (not) to do!
Android App Security: What (not) to do!
Thomas Methlie
 
VirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesVirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use Cases
DNIF
 
Google android security_2018_report
Google android security_2018_reportGoogle android security_2018_report
Google android security_2018_report
malvvv
 
Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity
DefCamp
 

Recommended

Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection
SumanthKommineni
 
Fraud and Malware Detection in Google Play by using Search Rank
Fraud and Malware Detection in Google Play by using Search RankFraud and Malware Detection in Google Play by using Search Rank
Fraud and Malware Detection in Google Play by using Search Rank
ijtsrd
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutions
Anatoliy Tkachev
 
Top 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorTop 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human Error
Cyware
 
Android App Security: What (not) to do!
Android App Security: What (not) to do!Android App Security: What (not) to do!
Android App Security: What (not) to do!
Thomas Methlie
 
VirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesVirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use Cases
DNIF
 
Google android security_2018_report
Google android security_2018_reportGoogle android security_2018_report
Google android security_2018_report
malvvv
 
Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity
DefCamp
 
Grand Vietnam (20 days)
Grand Vietnam (20 days) Grand Vietnam (20 days)
Grand Vietnam (20 days)
vietnamsmile
 
Glassware
GlasswareGlassware
Glassware
thecocktailcamp
 
Dod matrimony ppt 2
Dod matrimony ppt 2Dod matrimony ppt 2
Dod matrimony ppt 2
dodmatrimonialscript
 
Q_SOL Online Point System.Web
Q_SOL Online Point System.WebQ_SOL Online Point System.Web
Q_SOL Online Point System.Web
qsol001
 
AnkitBirla
AnkitBirlaAnkitBirla
AnkitBirla
Ankit Kumar
 
AR-2013-14
AR-2013-14AR-2013-14
AR-2013-14
Jotirmoy Mazumdar
 
Pc ilipp+retirement magic_ilipp_richx
Pc ilipp+retirement magic_ilipp_richxPc ilipp+retirement magic_ilipp_richx
Pc ilipp+retirement magic_ilipp_richx
Paul Bullock CLU ChFC GBA RPA FLMI CEBS
 
Ml ilpp+2nd halfofstoryx
Ml ilpp+2nd halfofstoryxMl ilpp+2nd halfofstoryx
Ml ilpp+2nd halfofstoryx
Paul Bullock CLU ChFC GBA RPA FLMI CEBS
 
Sherwin Resume 2
Sherwin Resume 2Sherwin Resume 2
Sherwin Resume 2
Sherwin Anastacio
 
AnkitBirla
AnkitBirlaAnkitBirla
AnkitBirla
Ankit Kumar
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
IJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system for
IJNSA Journal
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
csandit
 
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDA FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
IJNSA Journal
 
18-mobile-malware.pptx
18-mobile-malware.pptx18-mobile-malware.pptx
18-mobile-malware.pptx
sundar110567
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for android
Kazi Sarwar Hossain
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
Eficode
 
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
SEAA 2022
 
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Shakas Technologies
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTIEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
tsysglobalsolutions
 
Icsm2011 syer
Icsm2011 syerIcsm2011 syer
Icsm2011 syer
SAIL_QU
 
Android security
Android security Android security
Android security
Hassan Abutair
 

More Related Content

Viewers also liked

Viewers also liked (10)

Grand Vietnam (20 days)
Grand Vietnam (20 days) Grand Vietnam (20 days)
Grand Vietnam (20 days)
 
Glassware
GlasswareGlassware
Glassware
 
Dod matrimony ppt 2
Dod matrimony ppt 2Dod matrimony ppt 2
Dod matrimony ppt 2
 
Q_SOL Online Point System.Web
Q_SOL Online Point System.WebQ_SOL Online Point System.Web
Q_SOL Online Point System.Web
 
AnkitBirla
AnkitBirlaAnkitBirla
AnkitBirla
 
AR-2013-14
AR-2013-14AR-2013-14
AR-2013-14
 
Pc ilipp+retirement magic_ilipp_richx
Pc ilipp+retirement magic_ilipp_richxPc ilipp+retirement magic_ilipp_richx
Pc ilipp+retirement magic_ilipp_richx
 
Ml ilpp+2nd halfofstoryx
Ml ilpp+2nd halfofstoryxMl ilpp+2nd halfofstoryx
Ml ilpp+2nd halfofstoryx
 
Sherwin Resume 2
Sherwin Resume 2Sherwin Resume 2
Sherwin Resume 2
 
AnkitBirla
AnkitBirlaAnkitBirla
AnkitBirla
 

Similar to Droid swan

ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
IJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system for
IJNSA Journal
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
csandit
 
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDA FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
IJNSA Journal
 
Icsm2011 syer
Icsm2011 syerIcsm2011 syer
Icsm2011 syer
SAIL_QU
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applications
ijtsrd
 

Similar to Droid swan (20)

ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system for
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
 
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDA FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
 
18-mobile-malware.pptx
18-mobile-malware.pptx18-mobile-malware.pptx
18-mobile-malware.pptx
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for android
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
 
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
A Preliminary Conceptualization and Analysis on Automated Static Analysis Too...
 
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTIEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
 
Icsm2011 syer
Icsm2011 syerIcsm2011 syer
Icsm2011 syer
 
Android security
Android security Android security
Android security
 
MOTODEV App Validator
MOTODEV App ValidatorMOTODEV App Validator
MOTODEV App Validator
 
Cyber Code Intelligence for Android Malware Detection.pdf
Cyber Code Intelligence for Android Malware Detection.pdfCyber Code Intelligence for Android Malware Detection.pdf
Cyber Code Intelligence for Android Malware Detection.pdf
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applications
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for android
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Android stats v6 for threat report - Sophos
Android stats v6 for threat report - SophosAndroid stats v6 for threat report - Sophos
Android stats v6 for threat report - Sophos
 

Recently uploaded

原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
AS
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Cara Menggugurkan Kandungan 087776558899
 

Recently uploaded (9)

Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312
 
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
 
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pureBromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
 
Mobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android InstallationMobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android Installation
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and Layouts
 
Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & Examples
 
Abortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddahAbortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddah
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s Tools
 

Droid swan