Behavior Analysis of Android malware detection for Smart phone
Abstract
Smartphones are becoming more popular these days. Android operating system is dominating the smartphone market with 85% market share. The growth in Android based smartphones is encouraging malware authors to move various mobile app stores with malicious applications. This is done for unauthorized access of useful/private information stored in a smartphone by utilizing vulnerabilities in applications. This paper is intended to yield exhaustive literature survey and analysis of malware detection techniques on Android. To have effective detection techniques we have focused on the specific family i.e. AnserverBot family of Android malware, which is one of the largest Android malware family. We designed a tool based on specific features of AnserverBot family. These perticular features are collected via static and manual analysis of AnserverBot family. Our tool is capable of capturing all the malwares of AnserverBot family from a large collection of the applications. This detection scheme effectively detects the AnserverBot malware with high accuracy.
Keywords
Download Options
Introduction
Android yields access to a wide range of useful libraries and tools that can be used to build rich applications. For example, Android enables developers to grab the location of the device, and allows devices to communicate with one another sanctioning rich peer–to–peer social applications. In addition, Android contain a full set of tools that have been built from the ground up aboard the platform providing developers with high productivity and deep understanding into their applications.
Android is a mobile operating system based on the Linux kernel developed by Google and designed primarily for touch screen mobile devices such as tablets and smartphones. Android's user interface is mainly based on direct manipulation,, such as tapping, swiping and pinching, to manipulate on-screen objects, using touch gestures that loosely correspond to real-world actions along with a virtual keyboard for text input. In addition to touch screen devices, Google has further developed Android Auto for cars, Android TV for televisions and Android Wear for wrist watches, each with a specialized user interface. Variants of Android are also used on game consoles, digital cameras, notebooks, and other electronics. The goals and contributions of this paper are threefold. First and second folds are included in static analysis. And third fold are in dynamic analysis.
Static analysis relies on features extracted without executing code, while dynamic analysis extracts features based on code execution (or emulation). In general, static analysis is more efficient, while static analysis is frequently more informative, particularly in cases of highly obfuscated code. Static analysis of an Android application can rely on features extracted from the manifest file or the Java bytecode, while dynamic analysis of Android applications can deal with features involving dynamic code loading and system calls that are gathered while the application is running. In this research, we analyzed the effectiveness of combining static and dynamic features for detecting Android malware.
Conclusion
As Android based smartphones are very popular these days, malwares targeting Android will increase. This dissertation is considered on a particular family of Android malware i.e. AnserverBot family, which is one of the largest Android family. We analyze particular and unique behaviors of AnserverBot family. We proposed a dynamic analysis technique that will found all the system calls with their parameters requested by the apps and analyze if it may be a AnserverBot malware or not. This technique has been applied on a data set of approximate700 apps which has 183 AnserverBot malware. We are able to catch all the AnserverBot malwares. Detection correctness of AnserverBot malware is 100%. An overall detection rate of 82.89% has been achieved. There are some false positives due to some similar behavior of other malware family. All the particular families can be detected with higher success rate by designing family specific solutions. So in future other families can be considered.