Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Android Malware Detection Mechanisms


Published on

Published in: Technology
  • what is the font used in this presentation..thanks in anticipation
    Are you sure you want to  Yes  No
    Your message goes here

Android Malware Detection Mechanisms

  1. 1. Android Malware Detection Mechanisms Talha KABAKUŞ
  2. 2. Agenda ● Android Market Share ● Malware Types ● Android Security Mechanism ● User Profiles ● Static Analysis ● Signature Based Analysis & Protection ● Encrypted Data Communication
  3. 3. Android Users more than 1 billion users Surdar Pichai Q4 2013
  4. 4. Applications more than 1 million applications Hugo Barra Temmuz 2013
  5. 5. Android Market Share Source: Strategy Analytics 81.3% Q3 2013
  6. 6. Why Android is so popular? ● Open source ● Google support ● Free ● Linux based ● Java ● Rich SDK ● Strong third party community ve support ○ Sony, Motorola, HTC, Samsung
  7. 7. Malware Market 99%Source: CISCO 2014 Security Report
  8. 8. Malware Stats Source: Sophos Labs 1 million
  9. 9. Malware Types ● Backdoor ○ Access to a computer system that bypasses security mechanisms ● Exploit ○ Modifications on operating system ○ User interface modifications ● Spyware ○ Unauthorized advertising ○ Private data collection, transmission ○ Unauthorized operations (SMS, calls)
  10. 10. Android Security Mechanism ● Permission based ○ Accept / Reject ● Public, indefensible market ○ Everyone can upload any application ● Passive protection - feedback based ○ Applications are removed through negative feedbacks
  11. 11. User Profiles 42% Unaware about permissions 83% do not interest in permissions Source: Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012).
  12. 12. Static Analysis Approach ● Inspection of APK files using reverse engineering ● Manifest file ○ Permissions ○ Activities ○ Services ○ Receives ● API calls ● Source code inspection
  13. 13. Static Analysis Tools ● apktool ○ Extracts .apk archives ● aapt ○ Lists .apk archive contents ● dex2jar ○ Converts .dex files into .jar ● jd-gui ○ Converts .class files into Java sources
  14. 14. ● Equality checks ● Type conversion controls ● Static updates ● Dead code detection ● Inconsistent hashCode and equals definitions ● null pointer controls ● Termination controls Source Code Inspection
  15. 15. Type Conversion Sample <EditText android:layout_width="fill_parent" android:layout_height="wrap_content" android: id="@+id/username"/> EditText editText = (EditText) findViewById(R. id.username); XML Java
  16. 16. null pointer control sample Java Activity Class Layout definition
  17. 17. Dead Code Detection Sample Never be executed Unreachable code
  18. 18. Signature Based Analysis & Control ● Signature database ● Smartphone client ● Central server ● Learning based ● Classification Bening Malware
  19. 19. Encrypted Data Communication ● All valuable data is encrypted and stored in SQLite database; decrypted when it is required. ● SMS ● Email ● Sensitive files ● Password ● Personal information Pocatilu, 2011
  20. 20. System Comparisons Ability MADAM DroidMat Julia Manifest inspection Var Var Var API call trace Var Var Var Signature database Var Var Yok Encrypted communication Yok Yok Yok Machine learning Var Var Yok
  21. 21. References I ● Bicheno, S.: Android Captures Record 81 Percent Share of Global Smartphone Shipments in Q3 2013, Record-81-Percent-Share-of-Global-Smartphone-Shipments-in-Q3-2013.aspx. ● Rowinski, D.: Google Play Hits One Million Android Apps, http://readwrite. com/2013/07/24/google-play-hits-one-million-android-apps. ● Cisco 2014 Annual Security Report, com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. ● Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. SPSM ’11 Proceedings ● Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS) (2012). ● Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012). ● Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. Proceeding of the WebApps’11 Proceedings of the 2nd USENIX conference on Web application development. p. 7. USENIX Association, Berkeley, CA, USA (2011). ● Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification. ACM conference on Computer and communications security. pp. 235–245 (2009).
  22. 22. References II ● Android Architecture, http://www.tutorialspoint. com/android/android_architecture.htm. ● Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security. pp. 62–69 (2012). ● Payet, É., Spoto, F.: Static analysis of Android programs, (2012). ● Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., Hunt, A.: Automated identification of installed malicious Android applications. Digital Investigation (2013). ● Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-level Anomaly Detector for Android Malware. In: Kotenko, I. and Skormin, V. (eds.) Computer Network Security. pp. 240–253. Springer Berlin Heidelberg, Berlin, Heidelberg (2012). ● Pocatilu, P.: Android applications security. Inform. Econ. 15, 163–171. Retrieved from (2011).
  23. 23. Thanks... /talhakabakus