The company you keep: mobile malware infection rates and inexpensive risk indicators
Hien Thi Thu Truong,Eemil Lagerspetz,Petteri Nurmi,Adam J. Oliner,Sasu Tarkoma,Nadarajah Asokan,Sourav Bhattacharya +6 more
- pp 39-50
Reads0
Chats0
TLDR
In this article, the authors present the first independent study of malware infection rates and associated risk factors using data collected directly from over 55,000 Android devices and find that the malware infection rate in Android devices estimated using two malware datasets (0.28% and 0.26%), though small, are significantly higher than the previous independent estimate.Abstract:
There is little information from independent sources in the public domain about mobile malware infection rates. The only previous independent estimate (0.0009%) [11], was based on indirect measurements obtained from domain-name resolution traces. In this paper, we present the first independent study of malware infection rates and associated risk factors using data collected directly from over 55,000 Android devices. We find that the malware infection rates in Android devices estimated using two malware datasets (0.28% and 0.26%), though small, are significantly higher than the previous independent estimate. Based on the hypothesis that some application stores have a greater density of malicious applications and that advertising within applications and cross-promotional deals may act as infection vectors, we investigate whether the set of applications used on a device can serve as an indicator for infection of that device. Our analysis indicates that, while not an accurate indicator of infection by itself, the application set does serve as an inexpensive method for identifying the pool of devices on which more expensive monitoring and analysis mechanisms should be deployed. Using our two malware datasets we show that this indicator performs up to about five times better at identifying infected devices than the baseline of random checks. Such indicators can be used, for example, in the search for new or previously undetected malware. It is therefore a technique that can complement standard malware scanning. Our analysis also demonstrates a marginally significant difference in battery use between infected and clean devices.read more
Citations
More filters
Journal ArticleDOI
Android Security: A Survey of Issues, Malware Penetration, and Defenses
Parvez Faruki,Ammar Bharmal,Vijay Laxmi,Vijay Ganmoor,Manoj Singh Gaur,Mauro Conti,Muttukrishnan Rajarajan +6 more
TL;DR: This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.
Proceedings ArticleDOI
ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors
Martina Lindorfer,Matthias Neugschwandtner,Lukas Weichselbaum,Yanick Fratantonio,Victor van der Veen,Christian Platzer +5 more
TL;DR: This paper presents ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps that combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage.
Journal ArticleDOI
The Evolution of Android Malware and Android Analysis Techniques
TL;DR: A comprehensive survey on leading Android malware analysis and detection techniques, and their effectiveness against evolving malware, is presented and categorizes systems by methodology and date to evaluate progression and weaknesses.
Proceedings ArticleDOI
MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis
TL;DR: MARVIN is presented, a system that combines static with dynamic analysis and which leverages machine learning techniques to assess the risk associated with unknown Android apps in the form of a malice score and which correctly classifies 98.24% of malicious apps with less than 0.04% false positives.
Journal ArticleDOI
EC2: Ensemble Clustering and Classification for Predicting Android Malware Families
TL;DR: EC2 presents an early warning system for emerging new malware families, as well as a robust predictor of the family to which a new malware sample belongs, and the design of novel strategies for data-driven understanding of malware behaviors.
References
More filters
Journal ArticleDOI
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
Proceedings ArticleDOI
Dissecting Android Malware: Characterization and Evolution
Yajin Zhou,Xuxian Jiang +1 more
TL;DR: Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.
Proceedings ArticleDOI
Crowdroid: behavior-based malware detection system for Android
TL;DR: The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware, showing the potential for avoiding the spreading of a detected malware to a larger community.
Proceedings ArticleDOI
A survey of mobile malware in the wild
TL;DR: The incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011 are analyzed and the effectiveness of techniques for preventing and identifying mobile malware is evaluated.
Proceedings Article
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TL;DR: A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed.