Information flows at OS level unmask sophisticated Android malware

Abstract : The detection of new Android malware is far from being a relaxing job. Indeed, each day new Android malware appear in the market and it remains difficult to quickly identify them. Unfortunately users still pay the lack of real efficient tools able to detect zero day malware that have no known signature. The difficulty is that most of the existing approaches rely on static analysis coupled with the ability of malware to hide their malicious code. Thus, we believe that it should be easier to study what malware do instead of what they contain. In this article, we propose to unmask Android malware hidden among benign applications using the observed information flows at the OS level. For achieving such a goal, we introduce a simple characterization of all the accountable information flows of a standard benign application. With such a model for benign apps, we lead some experiments evidencing that malware present some deviations from the expected normal behavior. Experiments show that our model recognizes most of the 3206 tested benign applications and spots most of the tested sophisticated malware (ransomware, rootkits, bootkit).
Type de document :
Communication dans un congrès
14th International Conference on Security and Cryptography, Jul 2017, Madrid, Spain. SciTePress, 6, pp.578-585, 2017, 〈http://www.secrypt.icete.org/〉. 〈10.5220/0006476705780585〉
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal-centralesupelec.archives-ouvertes.fr/hal-01535678
Contributeur : Jean-François Lalande <>
Soumis le : vendredi 9 juin 2017 - 12:15:56
Dernière modification le : vendredi 15 juin 2018 - 16:18:01
Document(s) archivé(s) le : dimanche 10 septembre 2017 - 13:01:52

Fichiers

camera.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Valérie Viet Triem Tong, Aurélien Trulla, Mourad Leslous, Jean-François Lalande. Information flows at OS level unmask sophisticated Android malware. 14th International Conference on Security and Cryptography, Jul 2017, Madrid, Spain. SciTePress, 6, pp.578-585, 2017, 〈http://www.secrypt.icete.org/〉. 〈10.5220/0006476705780585〉. 〈hal-01535678〉

Partager

Métriques

Consultations de la notice

601

Téléchargements de fichiers

189