scispace - formally typeset
Topic

Malware

About: Malware is a(n) research topic. Over the lifetime, 14486 publication(s) have been published within this topic receiving 268076 citation(s). The topic is also known as: badware & malicious software.

...read more

Papers
  More

Open accessProceedings ArticleDOI: 10.1109/SP.2012.16
Yajin Zhou1, Xuxian Jiang1Institutions (1)
20 May 2012-
Abstract: The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

...read more

  • Figure 2. An Update Attack from BaseBridge
    Figure 2. An Update Attack from BaseBridge
  • Table III THE (ABBREVIATED) ANDROID EVENTS/ACTIONS OF INTEREST TO EXISTING MALWARE
    Table III THE (ABBREVIATED) ANDROID EVENTS/ACTIONS OF INTEREST TO EXISTING MALWARE
  • Table I THE TIMELINE OF 49 ANDROID MALWARE IN OUR COLLECTION (O† : OFFICAL ANDROID MARKET; A‡ : ALTERNATIVE ANDROID MARKETS)
    Table I THE TIMELINE OF 49 ANDROID MALWARE IN OUR COLLECTION (O† : OFFICAL ANDROID MARKET; A‡ : ALTERNATIVE ANDROID MARKETS)
  • Table IV THE LIST OF PLATFORM-LEVEL ROOT EXPLOITS AND THEIR USES IN EXISTING ANDROID MALWARE
    Table IV THE LIST OF PLATFORM-LEVEL ROOT EXPLOITS AND THEIR USES IN EXISTING ANDROID MALWARE
  • Figure 1. The Android Malware Growth in 2010-2011
    Figure 1. The Android Malware Growth in 2010-2011
  • + 6

Topics: Mobile malware (70%), Malware (59%), Android (operating system) (58%) ...read more

1,953 Citations


Open accessProceedings ArticleDOI: 10.14722/NDSS.2014.23247
Daniel Arp1, Michael Spreitzenbarth2, Malte Hubner, Hugo Gascon1  +1 moreInstitutions (2)
01 Jan 2014-
Abstract: Malicious applications pose a threat to the security of the Android platform. The growing amount and diversity of these applications render conventional defenses largely ineffective and thus Android smartphones often remain unprotected from novel malware. In this paper, we propose DREBIN, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone. As the limited resources impede monitoring applications at run-time, DREBIN performs a broad static analysis, gathering as many features of an application as possible. These features are embedded in a joint vector space, such that typical patterns indicative for malware can be automatically identified and used for explaining the decisions of our method. In an evaluation with 123,453 applications and 5,560 malware samples DREBIN outperforms several related approaches and detects 94% of the malware with few false alarms, where the explanations provided for each detection reveal relevant properties of the detected malware. On five popular smartphones, the method requires 10 seconds for an analysis on average, rendering it suitable for checking downloaded applications directly on the device.

...read more

  • Figure 3. Result for a member of the GoldDream family.
    Figure 3. Result for a member of the GoldDream family.
  • Figure 6. Run-time performance of Drebin.
    Figure 6. Run-time performance of Drebin.
  • Figure 7. Detailed run-time analysis of Drebin.
    Figure 7. Detailed run-time analysis of Drebin.
  • Figure 1. Schematic depiction of the analysis steps performed by Drebin.
    Figure 1. Schematic depiction of the analysis steps performed by Drebin.
  • Table 2. Detection rates of Drebin and anti-virus scanners.
    Table 2. Detection rates of Drebin and anti-virus scanners.
  • + 4

Topics: Mobile malware (68%), Malware (61%), Android (operating system) (55%)

1,517 Citations


Proceedings ArticleDOI: 10.1145/2594291.2594299
Steven Arzt1, Siegfried Rasthofer1, Christian Fritz1, Eric Bodden1  +5 moreInstitutions (3)
09 Jun 2014-
Abstract: Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by carelessly programmed apps that leak important data by accident, and by malicious apps that exploit their given privileges to copy such data intentionally. While existing static taint-analysis approaches have the potential of detecting such data leaks ahead of time, all approaches for Android use a number of coarse-grain approximations that can yield high numbers of missed leaks and false alarms. In this work we thus present FlowDroid, a novel and highly precise static taint analysis for Android applications. A precise model of Android's lifecycle allows the analysis to properly handle callbacks invoked by the Android framework, while context, flow, field and object-sensitivity allows the analysis to reduce the number of false alarms. Novel on-demand algorithms help FlowDroid maintain high efficiency and precision at the same time. We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench, and a set of well-known Android test applications, FlowDroid finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, FlowDroid achieves 93% recall and 86% precision, greatly outperforming the commercial tools IBM AppScan Source and Fortify SCA. FlowDroid successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.

...read more

Topics: Android (operating system) (60%), Taint checking (53%), Malware (50%)

1,491 Citations


Open accessBook ChapterDOI: 10.1007/978-3-642-40994-3_25
Battista Biggio1, Igino Corona1, Davide Maiorca1, Blaine Nelson2  +4 moreInstitutions (3)
23 Sep 2013-
Abstract: In security-sensitive applications, the success of machine learning depends on a thorough vetting of their resistance to adversarial data. In one pertinent, well-motivated attack scenario, an adversary may attempt to evade a deployed system at test time by carefully manipulating attack samples. In this work, we present a simple but effective gradient-based approach that can be exploited to systematically assess the security of several, widely-used classification algorithms against evasion attacks. Following a recently proposed framework for security evaluation, we simulate attack scenarios that exhibit different risk levels for the classifier by increasing the attacker's knowledge of the system and her ability to manipulate attack samples. This gives the classifier designer a better picture of the classifier performance under evasion attacks, and allows him to perform a more informed model selection (or parameter setting). We evaluate our approach on the relevant security task of malware detection in PDF files, and show that such systems can be easily evaded. We also sketch some countermeasures suggested by our analysis.

...read more

Topics: Pre-play attack (63%), Adversarial machine learning (59%), Malware (51%)

1,153 Citations


Proceedings ArticleDOI: 10.1145/2046614.2046619
17 Oct 2011-
Abstract: The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware analysis on this platform an urgent issue.In this paper we capitalize on earlier approaches for dynamic analysis of application behavior as a means for detecting malware in the Android platform. The detector is embedded in a overall framework for collection of traces from an unlimited number of real users based on crowdsourcing. Our framework has been demonstrated by analyzing the data collected in the central server using two types of data sets: those from artificial malware created for test purposes, and those from real malware found in the wild. The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware. This shows the potential for avoiding the spreading of a detected malware to a larger community.

...read more

Topics: Malware analysis (86%), Mobile malware (71%), Malware (61%) ...read more

977 Citations


Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202241
20211,212
20201,524
20191,455
20181,410
20171,224

Top Attributes

Show by:

Topic's top 5 most impactful authors

Francesco Mercaldo

73 papers, 1.4K citations

Christopher Kruegel

39 papers, 4.9K citations

Sakir Sezer

30 papers, 1.5K citations

Fabio Martinelli

28 papers, 601 citations

Mamoun Alazab

24 papers, 1.1K citations

Network Information
Related Topics (5)
Cryptographic protocol

11.7K papers, 268.8K citations

92% related
Intrusion detection system

28.4K papers, 509.5K citations

91% related
Access control

32.6K papers, 475K citations

91% related
Authentication

74.7K papers, 867.1K citations

91% related
Information security

25.2K papers, 327.7K citations

91% related