Monitoring real android malware

Jan Christoph Küster*, Andreas Bauer

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    5 Citations (Scopus)

    Abstract

    In the most comprehensive study on Android attacks so far (undertaken by the Android Malware Genome Project), the behaviour of more than 1, 200 malwares was analysed and categorised into common, recurring groups of attacks. Based on this work (and the corresponding actual malware files), we present an approach for specifying and identifying these (and similar) attacks using runtime verification. While formally, our approach is based on a first-order logic abstraction of malware behaviour, it practically relies on our Android event interception tool, MonitorMe, which lets us capture almost any system event that can be triggered by apps on a user’s Android device. This paper details on MonitorMe, our formal specification of malware behaviour and practical experiments, undertaken with various different Android devices and versions on a wide range of actual malware incarnations from the above study. In a nutshell, we were able to detect real malwares from 46 out of 49 different malware families, which strengthen the idea that runtime verification may, indeed, be a good choice for mobile security in the future.

    Original languageEnglish
    Title of host publicationRuntime Verification - 6th International Conference, RV 2015, Proceedings
    EditorsEzio Bartocci, Rupak Majumdar
    PublisherSpringer Verlag
    Pages136-152
    Number of pages17
    ISBN (Print)9783319238197
    DOIs
    Publication statusPublished - 2015
    Event6th International Conference on Runtime Verification, RV 2015 - Vienna, Austria
    Duration: 22 Sept 201525 Sept 2015

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume9333
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference6th International Conference on Runtime Verification, RV 2015
    Country/TerritoryAustria
    CityVienna
    Period22/09/1525/09/15

    Fingerprint

    Dive into the research topics of 'Monitoring real android malware'. Together they form a unique fingerprint.

    Cite this