DRACO: DRoid Analyst COmboAn Android Malware Analysis Framework

Autor: Bhandari, Shweta, Gupta, Rishabh, Laxmi, Vijay, Gaur, Manoj S., Zemmari, Akka, Anikeev, Maxim
Přispěvatelé: Zemmari, Akka, ACM, Laboratoire Bordelais de Recherche en Informatique (LaBRI), Université de Bordeaux (UB)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Électronique, Informatique et Radiocommunications de Bordeaux (ENSEIRB), Cluster CPU, IdEX Bordeaux
Jazyk: angličtina
Rok vydání: 2015
Předmět:
Zdroj: International Conference on Security of Information and Networks, 2015 (SIN 2015). Proceeding @ACM DL.
International Conference on Security of Information and Networks, 2015 (SIN 2015).
International Conference on Security of Information and Networks, 2015 (SIN 2015)., Sep 2015, Sotchi, Russia
Popis: International audience; Android being the most popular open source mobile operating system, attracts a plethora of app developers. Millions of applications are developed for Android platform with a great extent of behavioral diversities and are available on Play Store as well as on many third party app stores. Due to its open nature, in the past Android Platform has been targeted by many malware writers. The conventional way of signature-based detection methods for detecting malware on a device are no longer promising due to an exponential in- crease in the number of variants of the same application with different signatures. Moreover, they lack in dynamic analysis too. In this paper, we propose DRACO, which employs a two-phase detection technique that blends the synergy of both static and dynamic analysis. It has two modules, client module that is in the form an Android app and gets installed on mobile devices and a server module that runs on a server. DRACO also explains user about the features contributing to the maliciousness of analyzed app and generates scoring for that maliciousness. In an evaluation of 18,000 benign applications and 10,000 malware samples, DRACO outperforms several related existing approaches and detects 98.4% of the malware with few false alarms. On ten popular smart- phones, the method requires an average of 6 seconds for on device analysis and 90 seconds on server analysis.
Databáze: OpenAIRE