Smartphone dual defense protection framework: Detecting malicious applications in android markets

X. Su, M. Chuah, G. Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

33 Scopus citations

Abstract

In this paper, we present a smart phone dual defense protection framework that allows Official and Alternative Android Markets to detect malicious applications among those new applications that are submitted for public release. Our framework consists of servers running on clouds where developers who wish to release their new applications can upload their software for verification purpose. The verification server first uses system call statistics to identify potential malicious applications. After verification, if the software is clean, the application will then be released to the relevant markets. To mitigate against false negative cases, users who run new applications can invoke our network traffic monitoring (NTM)tool which triggers network traffic capture upon detecting some suspicious behaviors e.g. detecting sensitive data being sent to output stream of an open socket. The network traffic will be analyzed to see if it matches network characteristics observed from malware applications. If suspicious network traffic is observed, the relevant Android markets will be notified tore move the application from the repository. We trained our system call and network traffic classifiers using 32 families of known Android malware families and some typical normal applications. Later, we evaluated our framework using other malware and normal applications that used in the training set. Our experimental results using 120 test applications (which consist of 50 malware and 70 normal applications) indicate that we can achieve a 94.2% and 99.2% accuracy with J.48 and Random forest classifier respectively using our framework.

Original languageEnglish (US)
Title of host publicationProceedings - 2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012
Pages153-160
Number of pages8
DOIs
StatePublished - Dec 1 2012
Event2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012 - Chengdu, Sichuan, China
Duration: Dec 14 2012Dec 16 2012

Publication series

NameProceedings - 2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012

Other

Other2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012
CountryChina
CityChengdu, Sichuan
Period12/14/1212/16/12

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Smartphone dual defense protection framework: Detecting malicious applications in android markets'. Together they form a unique fingerprint.

  • Cite this

    Su, X., Chuah, M., & Tan, G. (2012). Smartphone dual defense protection framework: Detecting malicious applications in android markets. In Proceedings - 2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012 (pp. 153-160). [6516479] (Proceedings - 2012 8th International Conference on Mobile Ad Hoc and Sensor Networks, MSN 2012). https://doi.org/10.1109/MSN.2012.43