Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
Experts have been predicting the coming “post PC” era for a few
years. So the question has been, “when will we know that it’s
really here?” A simple answer is, we’ll know it’s really here when
cybercriminals move beyond the PC. By that measure, 2012 is truly
the year we entered the post-PC era as cybercriminals moved to
embrace Android, social media platforms, and even Macs with their
attacks.
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
Experts have been predicting the coming “post PC” era for a few
years. So the question has been, “when will we know that it’s
really here?” A simple answer is, we’ll know it’s really here when
cybercriminals move beyond the PC. By that measure, 2012 is truly
the year we entered the post-PC era as cybercriminals moved to
embrace Android, social media platforms, and even Macs with their
attacks.
Feds: You have a BYOD program whether you like it or notLookout
In an effort to better understand mobile threats in federal systems, Lookout surveyed over 1,000 federal government employees to identify their behaviors on mobile and suss out whether that behavior puts sensitive government data at risk.
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
Android smart phone is one of the fast growing mobile phones and because of these it the one of the most preferred target of malware developer. Malware apps can penetrate the device and gain privileges in which it can perform malicious activities such reading user contact, misusing of private information such as sending SMS and can harm user by exploiting the users private data which is stored in the device. The study is about implementation of detecting untrusted on android applications, which would be the basis of all future development regarding malware detection.
The smartphone users worldwide are not aware of the permissions as the basis of all malicious activities that could possibly operate in an android system and may steal personal and private information. Android operating system is an open system in which users are allowed to install application from any unsafe sites. However permission mechanism of and android system is not enough to guarantee the invulnerability of the application that can harm the user. In this paper, the permission scoring-based analysis that will scrutinized the installed permission and allows user to increase the efficiency of Android permission to inform user about the risk of the installed Android application, in this paper, the framework that would classify the level of sensitivity of the permission access by the application. The framework uses a formula that will calculate the sensitivity level of the permission and determine if the installed application is untrusted or not. Our result show that, in a collection of 26 untrusted application, the framework is able to correct and determine the application's behavior consistently and efficiently.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
A Systematic Review of Android Malware Detection TechniquesCSCJournals
Malware detection is a significant key to Android application security. Malwares threat to Android users is increasing day by day. End users need security because they use mobile device to communicate information. Therefore, developing malware detection and control technology should be a priority. This research has extensively explored various state of the art techniques and mechanisms to detect malwares in Android applications by systematic literature review. It categorized the current researches into static, dynamic and hybrid approaches. This research work identifies the limitation and strength current research work. According to the restrictions of current malware detection technologies, it can conclude that detection technologies that use statistical analysis consume more time, energy and resources as compare to machine learning techniques. The results obtained from this research work reinforce the assertion that detection approaches designed for Android malware do not produce 100% efficient detection accuracy.
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
Today, the mobile phones can maintain lots of sensitive information. With the increasing capabilities of such phones, more and more malicious software malware targeting these devices have emerged. However there are many mobile malware detection techniques, they used specified classifiers on selected features to get their best accuracy. Thus, an adaptive malware detection approach is required to effectively detect the concept drift of mobile malware and maintain the accuracy. An adaptive malware detection approach is proposed based on case based reasoning technique in this paper to handle the concept drift issue in mobile malware detection. To demonstrate the design decision of our approach, several experiments are conducted. Large features set with 1,065 features from 10 different categories are used in evaluation. The evaluation includes both accuracy and efficiency of the model. The experimental results prove that our approach achieves acceptable performance and accuracy for the malware detection. Kyaw Soe Moe | Mya Mya Thwe "Adaptive Mobile Malware Detection Model Based on CBR" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28088.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/28088/adaptive-mobile-malware-detection-model-based-on-cbr/kyaw-soe-moe
Feds: You have a BYOD program whether you like it or notLookout
In an effort to better understand mobile threats in federal systems, Lookout surveyed over 1,000 federal government employees to identify their behaviors on mobile and suss out whether that behavior puts sensitive government data at risk.
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
Android smart phone is one of the fast growing mobile phones and because of these it the one of the most preferred target of malware developer. Malware apps can penetrate the device and gain privileges in which it can perform malicious activities such reading user contact, misusing of private information such as sending SMS and can harm user by exploiting the users private data which is stored in the device. The study is about implementation of detecting untrusted on android applications, which would be the basis of all future development regarding malware detection.
The smartphone users worldwide are not aware of the permissions as the basis of all malicious activities that could possibly operate in an android system and may steal personal and private information. Android operating system is an open system in which users are allowed to install application from any unsafe sites. However permission mechanism of and android system is not enough to guarantee the invulnerability of the application that can harm the user. In this paper, the permission scoring-based analysis that will scrutinized the installed permission and allows user to increase the efficiency of Android permission to inform user about the risk of the installed Android application, in this paper, the framework that would classify the level of sensitivity of the permission access by the application. The framework uses a formula that will calculate the sensitivity level of the permission and determine if the installed application is untrusted or not. Our result show that, in a collection of 26 untrusted application, the framework is able to correct and determine the application's behavior consistently and efficiently.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
A Systematic Review of Android Malware Detection TechniquesCSCJournals
Malware detection is a significant key to Android application security. Malwares threat to Android users is increasing day by day. End users need security because they use mobile device to communicate information. Therefore, developing malware detection and control technology should be a priority. This research has extensively explored various state of the art techniques and mechanisms to detect malwares in Android applications by systematic literature review. It categorized the current researches into static, dynamic and hybrid approaches. This research work identifies the limitation and strength current research work. According to the restrictions of current malware detection technologies, it can conclude that detection technologies that use statistical analysis consume more time, energy and resources as compare to machine learning techniques. The results obtained from this research work reinforce the assertion that detection approaches designed for Android malware do not produce 100% efficient detection accuracy.
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
Today, the mobile phones can maintain lots of sensitive information. With the increasing capabilities of such phones, more and more malicious software malware targeting these devices have emerged. However there are many mobile malware detection techniques, they used specified classifiers on selected features to get their best accuracy. Thus, an adaptive malware detection approach is required to effectively detect the concept drift of mobile malware and maintain the accuracy. An adaptive malware detection approach is proposed based on case based reasoning technique in this paper to handle the concept drift issue in mobile malware detection. To demonstrate the design decision of our approach, several experiments are conducted. Large features set with 1,065 features from 10 different categories are used in evaluation. The evaluation includes both accuracy and efficiency of the model. The experimental results prove that our approach achieves acceptable performance and accuracy for the malware detection. Kyaw Soe Moe | Mya Mya Thwe "Adaptive Mobile Malware Detection Model Based on CBR" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28088.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/28088/adaptive-mobile-malware-detection-model-based-on-cbr/kyaw-soe-moe
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...AM Publications
Due to tremendous development and growth in mobile phone software and hardware technologies now Security issues is a very big challenge to all concerned persons such as scientists, manufacturers, designers, industrialists and so on. Usually, such technology takes time to be absorbed into the market and this gives time to the security teams to develop effective security controls. The rapid growth of the smart-phone market and the use of these devices for email, online banking, and accessing other forms of sensitive content has led to the emergence of a new and ever-changing threat landscape [1]. Along with this, the fact that anyone can be a user has led to the smart-phone appearing in the hands of almost every person before the proper security controls can be developed. Currently, android has the biggest share in the market among all the smart-phone operating systems. As the powers and features of such phones increase, their vulnerability also increases and makes them prone towards security threats. In the present paper, the authors have made a systematic study on why android security is important, what some of the potential vulnerabilities are and what security measures have been adopted currently to ensure security.
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
Malware is a nuisance for smartphone users. The impact is detrimental to smartphone users if the smartphone is infected by malware. Malware identification is not an easy process for ordinary users due to its deeply concealed dangers in application package kit (APK) files available in the Android Play Store. In this paper, the challenges of creating malware datasets are discussed. Long before a malware classification process and model can be built, the need for datasets with representative features for most types of malwares has to be addressed systematically. Only after a quality data set is available can a quality classification model be obtained using machine learning (ML) or deep learning (DL) algorithms. The entire malware classification process is a full pipeline process and sub processes. The authors purposefully focus on the process of building quality malware datasets, not on ML itself, because implementing ML requires another effort after the reliable dataset is fully built. The overall step in creating the malware dataset starts with the extraction of the Android Manifest from the APK file set and ends with the labeling method for all the extracted APK files. The key contribution of this paper is on how to generate datasets systematically from any APK file.
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...ijmnct
International Journal of Mobile Network Communications & Telematics (IJMNCT) is an open access peer-reviewed journal that addresses the impacts and challenges of mobile communications and telematics. The journal also aims to focus on various areas such as ecommerce, e-governance, Telematics, Telelearning nomadic computing, data management, related software and hardware technologies, and mobile user services. The journal documents practical and theoretical results which make a fundamental contribution for the development of mobile communication technologies.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
Smartphone's usage and their applications become
popular in our society, nowadays. One of the most influential
applications in our social life is the instant messaging application.
LINE messenger is one of the popular instant messaging
applications around Asian country. LINE has about 60 – 70
percent active users per month from 144 million accounts in
Japan, Taiwan, Thailand, and Indonesia. Like most other instant
messengers, LINE services are able to keep their user's personal
files such as text chats, pictures or photos, and video. These files
have the valuables and specific information about the user. In the
law enforcement, this kind of information can be an authentic
evidence to solve crime cases. In this paper will show the ability
of a forensic tool in acquisition digital evidence on Android
device. The work is separated into two tests, the application
analysis acquisition, and full content acquisition. The digital
evidence also has been identified, such as text chats, pictures, the
name of the sender and the recipient, and the chat time
(timestamp).
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
Application development has come a long way in last two decades, but it is puzzling to see that despite major security breaches, security testing takes a back seat as compared to other forms of quality testing measures such as usability or functional testing.
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
PhD Writing Assistance has recruited their experts after rigorous assessments and as such they possess high credentials from the to UAE, Saudi, the UK, and the Indian Universities. Quite obviously it is recommended to the PhD students that they should follow all these criteria and get the services from PhD Writing Assistance to attain their desired results.
For More: https://www.phdwritingassistance.com/
Similar to MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES (20)
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
1. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
DOI : 10.5121/ijmnct.2017.7601 1
MALWARE DETECTION TECHNIQUES FOR MOBILE
DEVICES
Belal Amro, College of Information Technology, Hebron University
ABSTRACT
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
KEYWORDS
Malware, malware detection, mobile device, mobile application, security, privacy
1. INTRODUCTION
During the last 10 years, mobile devices technologies have grown rapidly due to the daily
increase in the number of users and facilities, according to [ 1], the number of mobile users has
become 4.92 billion global users in 2017. Current mobile devices can be used for many
applications as camera, tablet, web browser, … etc. According to Gartner figures about
smartphones, Android and iOS are the two dominant operating systems with 99.6% market share
and 81.7 for Android and 17.9 for iOS [2].
A general comparison between Android and iOS mobile operating systems in provided by Aijaz
sheikh et. al. [3]. Table 1 below shows some specifications of both android and iOS.
Table 1: Specifications of Android and iOS
Android operating system is divided into four layers as shown in Figure 1, the Linux kernel is the
bottom layer responsible for abstraction of device hardware. The libraries layer contains a set of
libraries including WebKit, Libc, and SSl. Android libraries includes Java-based libraries such as
2. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
2
android view and android widget. Application framework layer provides higher level services to
applications in terms of Java classes. The top layer is called application layer where applications
are written to be installed.
Figure1: Android architecture
The iOS architecture is shown in Figure 2. The Cocoa Touch layer contains frameworks for iOS
apps. Media layer contains the graphics, video, and audio technologies for iOS apps. The core
services layer contains the fundamental system services for iOS apps. At bottom, the core OS
layer contains the low-level features that most other technologies are built upon [4]
Figure 2: iOS architecture
In terms of application distribution, Android applications are mostly distributed through google
play where more than half of the applications are free. Apple applications are distributed through
App store, almost quarter of the applications are for free. An important issue is that all iOS
applications at App store are scrutinized before they are released. The later step made App store
applications more reliable than those at google play [5].
The rest of the paper is organized as follows, a summary of mobile malware is provided in
Section 2. Section 3 describes malware spreading techniques. Malware evasion techniques are
provided in Section 4. The detection techniques used by antimalware programs are describes in
Section 5. At last, Section 6 summarizes the work done in this paper.
MOBILE MALWARE ANALYSIS:
In this section, we provide a summary of mobile malwares including Trojans, Back doors,
Ransomwares, Botnets, and Spyware. Besides, a statistical data about malwares and their
distribution is provided as well.
3. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
3
MOBILE MALWARES:
As reported by Skycure [31], one third of mobile devices has a medium to high risk of data
disclosure, Android devices are nearly twice likely to have a malware compared to iOS devices.
in this subsection, we will explain some of the most important mobile malwares.
TROJANS:
Trojan is a software that appears to the user to be benign application however, it performs
malicious acts in the back ground[6]. Trojan are used to help attacking a system by performing
acts that might compromise security of the system and hence enables hacking it easily. Examples
of Trojans are FakeNetflix [7], which collects users credentials for Netflix account in Android
environments. KeyRaider is a Trojan that was used to steal Apple IDs and passwords[17].
BACK DOORS – ROOT EXPLOITS
Backdoors exploits root privileges to hide a malware from antiviruses. Rage against the cage
(RATC) is one of the most popular Android root exploits which gain full- control of device [8]. If
the root exploit gains root privilege, the malware become able to perform any operation on the
device even the installation of applications keeping the user unaware of this act [9]. In iOS,
Xagent is a Trojan that opens a back door and steals information from the compromised device
[16]
RANSOMWARE
Ransomware prevents the users from accessing their data by locking the device or encrypting the
data files, until ransom amount is paid. FakeDefender.B [10] is a malware pretending to be Avast
antivirus. It locks the victim’s device for the sake of money. An iOS ransomware was reported in
2017, scammers exploited Safari bug used for pop-up [35].
BOTNETS
A "bot" is a type of malware that enables an attacker to take control over an affected Mobile
device, it is also known as “Web robots”, they are part of a network of infected machines, known
as a “botnet”, which is typically made up of all victim mobile devices across the globe. Geinimi
[11] is one of the Android botnets.
SPYWARE
A spyware is simply a spying software. It runs unnoticed in the background while it collects
information, or gives remote access to its author. Nickspy [12] and GPSSpy [13] are examples of
Android spyware that monitors the user’s confidential information and sends them to the owner.
An example of an iOS Spyware is Passrobber[16] , which is capable of intercepting outgoing SSL
communications, it then checks for Apple IDs and passwords, and can send these stolen
credentials to a C&C sever.
MOBILE MALWARE STATISTICS:
In this section, we provide some statistics about mobile malware attacks. The number of mobile
malwares is increasing dramatically last two years. According to MacAfee LABs [28], the
number of malwares exceeded 16,000,000 in first quarter of 2017 as shown in Figure 3.
4. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
By looking at the global mobile malware infection rate reported by
4 shows a significant increase in the infection rate for the first quarter of the year 2017.
Figure
Kaspersky Labs [32] reported the distribution of new mobile malware in the years 2015 and
as shown in Figure 5:
Figure
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
Figure 3: Total mobile malware
By looking at the global mobile malware infection rate reported by MacAfee LABs 2017, Figure
4 shows a significant increase in the infection rate for the first quarter of the year 2017.
Figure 4: global mobile malware infection rates
] reported the distribution of new mobile malware in the years 2015 and
Figure 5: distribution of mobile malware
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
4
LABs 2017, Figure
4 shows a significant increase in the infection rate for the first quarter of the year 2017.
] reported the distribution of new mobile malware in the years 2015 and 2016
5. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
5
As reported by LookingGlass [33], “in 2015, the threat actors shift their tactics to smaller targets
with mobile-ransomware focusing more on individuals and less on corporations. The bring your
own Device (BYOD) environment became more pervasive with organizations realizing the
importance of establishing concrete BYOD policies”.
A survey conducted by Dimensional research [34] on security professional reported that security
professionals are unprepared and not confident about arising security issues, it also reported that
mobile devices are to come under increasing attacks.From this section, we realize that mobile
threats are increasing rapidly and are more focused on targets. This made us to predict a huge
damage in the near future unless efficient tools are developed and used.
MALWARE SPREADING TECHNIQUES
To mitigate malware attacks, we should be aware of malware spreading techniques. In this
section, we categorize malware spreading techniques including repackaging, drive by download,
dynamic payloads, and stealth techniques.
REPACKAGING
Malware authors repackage popular mobile applications in official market, and distribute them on
other less monitored third party markets. Repackaging includes the disassembling of the popular
benign apps, then appending the malicious content and finally reassembling. This is done by
reverse-engineering tools. TrendMicro report have shown that 77% of the top 50 free apps
available in Google Play are repackaged [14].
DRIVE BY DOWNLOAD
Drive by Download refers to an unintentional download of malware in the background. It Occurs
when a user visits a website that contains malicious content and downloads malware into the
device. Android/NotCompatible [15] is the most popular mobile malware of this category.
DYNAMIC PAYLOADS
Uses dynamic payload to download an embedded encrypted source in an application. After
installation, the application decrypts the encrypted malicious payload and executes the malicious
code [16].
STEALTH MALWARE TECHNIQUES
Stealth Malware Technique refers to an exploit of hardware vulnerabilities to obfuscate the
malicious code to easily bypass the anti-malware. Different stealth techniques such as key
permutation, dynamic loading, native code execution, code encryption, and java reflection are
used to attack the victim’s device[16].
MALWARE EVASION TECHNIQUES
Kaspersky LABs reported in their 2016 year findings [1] that malware creators have used new
ways to bypass Android protection mechanisms. Malware creators need to constantly monitor
mobile security techniques and develop new techniques to avoid detection. These techniques are
called evasion techniques and are listed below [29]:
6. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
Anti-security techniques: these techniques are used to avoid detection by security dev
programs as anti-malwares, firewalls, and any other tools that protect the environment.
Anti-sandbox techniques: sandboxing is a technique used to separate running programs and
hence to avoid any harm from unverified programs to the computer system. Anti
technique is used to detect automatic analysis and
This can be done by detecting registry keys,
Anti-analyst techniques: in these techniques, a monitoring tool is used to avoid reverse
engineering. The tools might be process explorer or
detect malware analyst.
Malware creators might use tw
difficult. Figure 6 shows the popularity of evasion
Figure
MALWARE DETECTION TECHNIQUES
In this section, we analyze the state
We categorized them in two categories according to
malwares. The categories are statics and dynamic techniques
STATIC TECHNIQUES:
Static techniques rely on the source code of an application to classify it accordingly without
having the application being executed.
classes according to the basis they rely on
SIGNATURE BASED APPROACH
This method extracts the semantic patterns and creates a unique signature [
classified as a malware if its signature matches with existing signatures. It is a very fast
for detecting malware, however, it can be easily circumvented by code obfuscation. IT can only
identify the existing malwares and fails against the unseen variant
immediate update of malware signatures.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
these techniques are used to avoid detection by security dev
malwares, firewalls, and any other tools that protect the environment.
sandboxing is a technique used to separate running programs and
hence to avoid any harm from unverified programs to the computer system. Anti
sed to detect automatic analysis and to avoid report on the behavior of malware.
etecting registry keys, files, or processes related to virtual environments
in these techniques, a monitoring tool is used to avoid reverse
The tools might be process explorer or Wireshark to perform monito
wo or three of the above techniques to make detection more
the popularity of evasion techniques used by malware creators:
Figure 6: Evasion techniques used by malwares
ECHNIQUES:
In this section, we analyze the state-of-the-art malware detection techniques for mobile phones.
We categorized them in two categories according to the basis they rely on when detecting for
The categories are statics and dynamic techniques
on the source code of an application to classify it accordingly without
executed. These techniques are classified into one of the following
es according to the basis they rely on for analyzing the source code:
PPROACH
This method extracts the semantic patterns and creates a unique signature [18]. A program is
ied as a malware if its signature matches with existing signatures. It is a very fast
owever, it can be easily circumvented by code obfuscation. IT can only
identify the existing malwares and fails against the unseen variants of malwares. It also needs
immediate update of malware signatures.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
6
these techniques are used to avoid detection by security devices and
malwares, firewalls, and any other tools that protect the environment.
sandboxing is a technique used to separate running programs and
hence to avoid any harm from unverified programs to the computer system. Anti-sandbox
ort on the behavior of malware.
les, or processes related to virtual environments.
in these techniques, a monitoring tool is used to avoid reverse
to perform monitoring and to
o or three of the above techniques to make detection more
techniques used by malware creators:
art malware detection techniques for mobile phones.
the basis they rely on when detecting for
on the source code of an application to classify it accordingly without
techniques are classified into one of the following
]. A program is
ied as a malware if its signature matches with existing signatures. It is a very fast method
owever, it can be easily circumvented by code obfuscation. IT can only
s of malwares. It also needs
7. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
7
PERMISSION BASED ANALYSIS:
Permissions requested by the application plays a vital role in governing the access rights. By
default, apps have no permission to access the user’s data and effect the system security. User
must allow the app to access all the required resources during installation process. It is worth
mentioning that developers must mention the permissions requested for the resources. But not all
declared permissions are necessarily required permissions as shown in [19].
Permission based detection is fast in application scanning and identifying malware but do not
analyze other files which contain the malicious code. Also a very small difference in permissions
exists between malicious and benign applications, hence, permission based methods require
second pass to provide efficient malware detection.
VIRTUAL MACHINE ANALYSIS:
In mobile application, a virtual machine is used to test the byte code of a particular application.
Bytecode analysis tests the app behavior and analyses control and data flow which might be
helpful in detecting dangerous functionalities performed by malicious applications. Plenty of
virtual machine application have been implemented for mobile devices, specially for android
systems. DroidAPIMiner [20], identifies the malware by tracking the sensitive API calls.
Limitations of virtual machine analysis is that analysis is performed at instruction level and
consumes more power and storage space.
DYNAMIC TECHNIQUES:
In dynamic analysis, an application is examined during execution and then classified according to
one of the following techniques. The classification is done according to the behavior of the
detection mechanism.
ANOMALY BASED
Anomaly based analysis is based on watching the behavior of the device by keeping track of
different parameters and the status of the components of the device. Andromly is a behavior
based malware detection technique [21]. To detect a malware, Andromly continuously monitors
the different features of the device state such as battery level, CPU usage, network traffic, etc.
Measurements are taken during running and are then supplied to an algorithm that classifies them
accordingly. CrowDroid [22] and AntiMalDroid [23], are two different anomalies based tools
used for malware detection in Android devices. The first depends on analyzing system calls’ logs
while the latter analyzes the behavior of an application and then generates signatures for malware
behavior. SMS Profiler and iDMA are two tools used to detect illegitimate use of system services
in iOS[24].
TAINT ANALYSIS
Taintdroid [25] is a tool that tracks multiple sources of sensitive data and identifies the data
leakage in mobile applications. The tool labels sensitive data and follows the data moving from
the device. Taintdroid provides efficient tracking of sensitive data, unfortunately, it does not
perform control flow tracking.
8. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
8
EMULATION BASED
DroidScope [26] is an emulation based tool used to dynamically analyze applications based on
Virtual Machine Introspection. It monitors the whole system by being out of execution
environment, hence malwares will not be able to detect existence of anti-malware installed on the
device.
Another emulation based tool provided by Blaising et al. [27] and called Android Application
Sandbox (AASandbox). AASandbox detects the malicious applications by using static and
dynamic analysis. The effect of the tool is limited to sandbox for security reasons. The tool
dynamically analyzes the user behavior such as touches, clicks and gestures etc. Unfortunately,
the tool cannot detect new malwares.
2. SUMMARY
Malware attacks have been growing rapidly last 10 years, these attacks targeted all technology
device including mobile phones. Due to the personality of the mobile usage and the sensitive data
they might contain, safeguards against malwares must be implemented. In this paper, we
introduced different types of attacks on the top two competing mobile operating systems –
Android and iOS. We also introduced the techniques used to deliver mobile malwares, and
provided up-to-date statistics for malware attacks in the last 3 years. We then introduced the most
common malware detection techniques used for mobile applications. We also pinpointed and
discussed the weakness in each malware detection technique. We will be working on developing
a new malware detection tool for mobile devices that can be used efficiently based on mobile user
profiling.
BIBLIOGRAPHY:
[1] Web site https://wearesocial.com/special-reports/digital-in-2017-global-overview accessed
29/9/2017
[2] web site http://www.gartner.com/newsroom/id/3609817 accessed 29/9/2017
[3] Aijaz Ahmad Sheikh et. al. , Smartphone: Android Vs IOS , The SIJ Transactions on Computer
Science Engineering & its Applications (CSEA), September-October 2013
[4] Website
https://developer.apple.com/library/content/documentation/Miscellaneous/Conceptual/iPhoneOSTech
Overview/CoreOSLayer/CoreOSLayer.html#//apple_ref/doc/uid/TP40007898-CH11-SW1 last
accessed 29/9/2017
[5] Thomas L. Rakestraw et. al., The mobile apps industry: A case study , Journal of Business Cases and
Applications, 2013.
[6] “Android and Security - Official Google Mobile Blog.” [Online]. Available:
https://www.blog.google/topics/safety-security/shielding-you-potentially-harmful-applications/ html.
[Accessed: 28-sep-2017].
[7] R. Raveendranath, V. Rajamani, A. J. Babu, and S. K. Datta, “Android malware attacks and
countermeasures: Current and future directions,” 2014 Int. Conf. Control. Instrumentation, Commun.
Comput. Technol., pp. 137–143, 2014.
[8] “root exploits.” [Online]. Available:
http://www.selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid. pdf. [Accessed: 15-Dec-
2015].
9. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
9
[9] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My Market: Detecting Malicious
Apps in Official and Alternative Android Markets,” Proc. 19th Annu. Netw. Distrib. Syst. Secur.
Symp., no. 2, pp. 5–8, 2012.
[10] “Android.Fakedefender.B | Symantec.” [Online]. Available:
https://www.symantec.com/security_response/writeup.jsp?docid=2013- 091013-3953-99. [Accessed:
15-Dec-2015].
[11] Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” 2012 IEEE
Symp. Secur. Priv., no. 4, pp. 95–109, 2012
[12] Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” 2012 IEEE
Symp. Secur. Priv., no. 4, pp. 95–109, 2012.
[13] C. a Castillo, “Android Malware Past , Present , and Future,” McAfee White Pap. Mob. Secur. Work.
Gr., pp. 1–28, 2011
[14] “A Look at Repackaged Apps and their Effect on the Mobile Threat Landscape.” [Online]. Available:
http://blog.trendmicro.com/trendlabs- security-intelligence/a-look-into-repackaged-apps-and-its-role-
in-the- mobile-threat-landscape/. [Accessed: 15-Dec-2015].
[15] “NotCompatible Android Trojan: What You Need to Know | PCWorld.” [Online]. Available:
http://www.pcworld.com/article/254918/notcompatible_android_trojan_
what_you_need_to_know.html. [Accessed: 15-Dec-2015].
[16] New Threats and Countermeasures in Digital Crime and Cyber Terrorism. IGI Global, 2015.
[17] “the apple threat landscape”Symantec, [online]. Available:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/apple-
threat-landscape.pdf. [accessed: 29-sep -2017]
[18] A. Aiken, “Apposcopy : Semantics-Based Detection of Android Malware Through Static Analysis,”
Fse 2014, pp. 576–587, 2014.
[19] Android Permissions Demystified.” [Online]. Available: https://www.truststc.org/pubs/848.html.
[Accessed: 06-Nov-2015].
[20] Y. Aafer, W. Du, and H. Yin, “DroidAPIMiner: Mining API-Level Features for Robust Malware
Detection in Android,” Secur. Priv. Commun. Networks, vol. 127, pp. 86–103, 2013.
[21] A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, “„Andromaly‟: a behavioral malware
detection framework for android devices,” J. Intell. Inf. Syst., vol. 38, no. 1, pp. 161–190, 2012
[22] “strace download | SourceForge.net.” [Online]. Available: http://sourceforge.net/projects/strace/.
[Accessed: 22-Dec-2015].
[23] M. Zhao, F. Ge, T. Zhang, and Z. Yuan, “AntiMalDroid: An efficient SVM-based malware detection
framework for android,” Commun. Comput. Inf. Sci., vol. 243 CCIS, pp. 158–166, 2011.
[24] Dimitrios Damopoulos et.al. , The Best of Both Worlds. A Framework for the Synergistic Operation
of Host and Cloud Anomaly-based IDS for Smartphones, EuroSec’14, April 13 - 16, 2014
[25] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An
Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Osdi ‟10, vol.
49, pp. 1– 6, 2010.
[26] L. Yan and H. Yin, “Droidscope: seamlessly reconstructing the os and dalvik semantic views for
dynamic android malware analysis,” Proc. 21st USENIX Secur. Symp., p. 29, 2012.
[27] T. Bläsing, L. Batyuk, A. D. Schmidt, S. A. Camtepe, and S. Albayrak, “An android application
sandbox system for suspicious software detection,” Proc. 5th IEEE Int. Conf. Malicious Unwanted
Software, Malware 2010, pp. 55–62, 2010.
[28] McAfee Labs Threats Report, June 2017
[29] McAfee Labs Threats Report, June 2016
10. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol.7, No.4/5/6, December 2017
10
[30] Mobile Threat Report: What lies ahead for 2017, intel security 2017
[31] Skycure, Mobile Threat Intelligence Report, Q1 2016
[32] Kaspersky, Mobile Malware evolution report, 2016
[33] LookingGlass report, Mobile Security Threat Landscape: Recent Trends and 2016 Outlook, 2015
[34] Dimensional Research, THE GROWING THREAT OF MOBILE DEVICE SECURITY
BREACHES A GLOBAL SURVEY OF SECURITY PROFESSIONALS, April 2017.
[35] Ransomware scammers exploited Safari bug to extort porn-viewing iOS users". Available at :
https://arstechnica.com/information technology/2017/03/ransomware -scammers-exploited-safari-
bug-to-extort-porn-viewing-ios-users/ . [last viewed: 20 November 2017]