Für diesen Artikel ist leider kein Bild verfügbar.

Malware Detection in Android Phones

(Autor)

Buch | Softcover
48 Seiten
2017
Anchor Academic Publishing (Verlag)
978-3-96067-204-3 (ISBN)
39,99 inkl. MwSt
The smartphone has rapidly become an extremely prevalent computing platform, with just over 115 million devices sold in the third quarter of 2011, a 15% increase over the 100 million devices sold in the first quarter of 2011, and a 111% increase over the 54 million devices sold in the first quarter of 2010. Android in particular has seen even more impressive growth, with the devices sold in the third quarter of 2011 (60.5 million) almost triple the devices sold in the third quarter of 2010 (20.5 million), and an associated doubling of market share. This popularity has not gone unnoticed by malware authors. Despite the rapid growth of the Android platform, there are already well-documented cases of Android malware, such as DroidDream, which was discovered in over 50 applications on the official Android market in March 2011. Furthermore, it is found that Android's built-in security features are largely insufficient, and that even non malicious programs can (unintentionally) expose confidential information. A study of 204,040 Android applications conducted in 2011 found 211 malicious applications on the official Android market and alternative marketplaces.
The problem of using a machine learning-based classifier to detect malware presents the challenge: Given an application, we must extract some sort of feature representation of the application. To address this problem, we extract a heterogeneous feature set, and process each feature independently using multiple kernels.We train a One-Class Support Vector Machine using the feature set we get to classify the application as a benign or malware accordingly.

Text Sample:
CHAPTER 2: METHODOLOGY
Our method for the detection of Android malware is based on two key observations. First, malicious functionality of an Android application often concentrates on only a small number of its functions and second, similar malicious code is often found throughout the malware landscape as attackers reuse existing code to infect different applications.
Here, we are describing our approach of malware detection in android system. Following are the steps involved:
Step 1: Upload an android application file of .apk extension.
Step 2: Decompilation of the android application.
Step 3: The function call graph for the application is extracted, which contains a node for each function of the application. Nodes are labelled according to the instructions contained in their corresponding functions.
Step 4: Neighbourhood Hash Graph Kernel converts the function call graph input into a feature set which can be classified by the SVM (Support vector Machine).
Step 5: Support Vector Machine matches the function call graphs of the application with other malware applications to identify whether the application is malicious or not.
The project is divided into following three modules:-
REVERSE ENGINEERING OF THE ANDROID APPLICATION
In reverse engineering of the android application, we decompile the application into .java files so that methods along with their class names can be extracted. We used the decompiled code to draw a flow graph of any given android application. Following are the steps involved:
1. Conversion of .apk file to jar file
Here, we use one application programming interface namely dex2jar. There is no direct method for getting java source code from the .apk file.
2. Conversion of jar file to java files
Here, we use one application programming interface namely jd-clid. This is a command line tool used for decompiling jar files into java files.
[...]
CHAPTER 4: DEVELOPMENT PHASES
We are provided with a dataset of 91 android applications out of which roughly 70% are We are provided with a dataset of 91 android applications out of which roughly 70% are malware while 30% are benign. Our project was mainly divided into 3 main phases.
Preprocessing of dataset
In this phase we pre-process the data by following the following steps
- Decompiling of the application to get its source code
- Creation of function call graph
- Labelling of each node with a 15 bit number
- After pre-processing of the application we store the pre-processed data in a text file.
Analysis of dataset
After pre-processing we create a default vector corresponding to our malwares. This vector corresponds to the centroid of our dataset.
This default vector is used to compare the application under scrutiny to the degree of the malware in them. Our entire concept is based on the fact that each type of malware has similar structure.
After analysing the dataset we come to the conclusion that max hash value is 998 and the maximum frequency of the hash function is 775. These two facts help us reducing the size of the feature vector to a constant size of 775 998.
Classification
After creating the labels of the function of all the applications in the dataset. The dataset has been used for the training of the SVM. To train the SVM we have used NHGK kernel to map the data in the linearly separable dimensions. The advantage of NHGK kernel is that it reduces the graph isomorphism complexity to O (n). We store the processed hashed data of all the applications in a text file.
Result
We have successfully classified the android applications for fake installer malware. Our project can classify with an accuracy of 69%.

Erscheinungsdatum
Sprache englisch
Maße 155 x 220 mm
Gewicht 91 g
Themenwelt Informatik Betriebssysteme / Server Android
Mathematik / Informatik Informatik Netzwerke
Schlagworte Android application • Android malware • android security • DroidDream • Information Security • Kernel • Machine learning-based classifier • One-Class Support Vector Machine • operating system • Smart phone application
ISBN-10 3-96067-204-7 / 3960672047
ISBN-13 978-3-96067-204-3 / 9783960672043
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
S24, S24+ und S24 Ultra

von Christian Immler

Buch | Softcover (2024)
Markt + Technik Verlag
19,95
einfach alles können

von Christian Immler

Buch | Softcover (2024)
Markt + Technik Verlag
19,95