Screening Smartphone Applications Using Behavioral Signatures

Abstract : The sharp increase of smartphone malwares has become one of the most serious security problems. The most significant part of the growth is the variants of existing malwares. A legacy approach for malware, the signature matching, is efficient in temporal dimension, but it is not practical because of its lack of robustness against the variants. A counter approach, the behavior analysis to handle the variant issue, takes too much time and resources. We propose a variant detection mechanism using runtime semantic signature. Our key idea is to reduce the control and data flow analysis overhead by using binary patterns for the control and data flow of critical actions as a signature. The flow information is a significant part of behavior analysis but takes high analysis overhead. In contrast to the previous behavioral signatures, the runtime semantic signature has higher family classification accuracy without the flow analysis overhead, because the binary patterns of flow parts is hardly shared by the out of family members. Using the proposed signature, we detect the new variants of known malwares by static matching efficiently and accurately. We evaluated our mechanism with 1,759 randomly collected real-world Android applications including 79 variants of 4 malware families. As the experimental result, our mechanism showed 99.89% of accuracy on variant detection. We also showed that the mechanism has a linear time complexity as the number of target applications. It is fully practical and advanced performance than the previous works in both of accuracy and efficiency.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.14-27, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_2〉
Liste complète des métadonnées

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463841
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:24:19 PM
Last modification on : Thursday, February 9, 2017 - 5:37:19 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:43:13 PM

File

978-3-642-39218-4_2_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Suyeon Lee, Jehyun Lee, Heejo Lee. Screening Smartphone Applications Using Behavioral Signatures. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.14-27, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_2〉. 〈hal-01463841〉

Share

Metrics

Record views

164

Files downloads

17