Detection and Identification of Android Malware Based on Information Flow Monitoring

Radoniaina Andriatsimandefitra 1 Valérie Viet Triem Tong 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
Abstract : Information flow monitoring has been mostly used to detect privacy leaks. In a previous work, we showed that they can also be used to characterize Android malware behaviours and in the current one we show that these flows can also be used to detect and identify Android malware. The characterization consists in computing automatically System Flow Graphs that describe how a malware disseminates its data in the system. In the current work, we propose a method that uses these SFG- based malware profile to detect the execution of Android malware by monitoring the information flows they cause in the system. We evaluated our method by monitoring the execution of 39 malware samples and 70 non malicious applications. Our results show that our approach detected the execution of all the malware samples and did not raise any false alerts for the 70 non malicious applications.
Document type :
Conference papers
Complete list of metadatas

Cited literature [13 references]  Display  Hide  Download

https://hal.inria.fr/hal-01191595
Contributor : Radoniaina Andriatsimandefitra <>
Submitted on : Wednesday, November 25, 2015 - 3:26:45 AM
Last modification on : Thursday, February 7, 2019 - 4:52:48 PM
Long-term archiving on : Saturday, April 29, 2017 - 12:56:11 AM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01191595, version 1

Citation

Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong. Detection and Identification of Android Malware Based on Information Flow Monitoring. The 2nd IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2015), Nov 2015, New York, United States. ⟨hal-01191595⟩

Share

Metrics

Record views

813

Files downloads

540