2 Tsinghua Science and Technology, April 2013, 18(2): 000-000
• Jianlin Xu is with Department of Computer Science
and Technologies and Tsinghua National Laboratory for
Information Science and Technology (TNList), Tsinghua
University, Beijing 100084, China.
E-mail:xjl11@mails.tsinghua.edu.cn
• Yifan Yu is with Department of Electronic Engineering and
Tsinghua National Laboratory for Information Science and
Technology (TNList), Tsinghua University, Beijing 100084,
China.
E-mail:yuyf10@gmail.com
• Zhen Chen and Junwei Cao are with Research Institute of
Information Technology and Tsinghua National Laboratory
for Information Science and Technology (TNList), Tsinghua
University, Beijing 100084, China.
E-mail:zhenchen, jcao@tsinghua.edu.cn
• Bin Cao, Wen-Yu Dong and Yu Guo are with Department
of Computer Science & Technologies, Research Institute of
Information Technology and Tsinghua National Laboratory
for Information Science and Technology (TNList), Tsinghua
University, Beijing 100084, P. R. China.
E-Mail: jiangxin thu@sina.cn
∗ To whom correspondence should be addressed.
Manuscript received: 2013-1-15; revised: 2013-7-15;
accepted: 2013-7-15
utility and revocation policy for malware detection.
(3) It is easy to port an existing Windows-based
botnet client to android platform.
(4) Android application developers can upload their
applications without any check of trustworthiness. The
applications are self-signed by developers themselves
without the intervention of any certification authority.
(5) A number of applications have been modified, and
the malware have been packed in and spread through
unofficial repositories.
Some sophisticated malware detect the presence of an
emulated environment and change their behavior, create
hidden background processes, scrub logs, and restart on
reboot.
1.3 Some known malware in Android platform
There are a lot of already discovered malwares
which include: Drad.A, Fake Player, Geinimi, PJApps,
HongToutou, DroidDream trojan, DroidKungFu,
SteamyScr, Bgyoulu.A, Cabir, HippoSMS, Fake
Netflix, Walk & Text, Dog Wars, DroidDreamLight,
BaseBridge, Zsone, jSMSHider, Rageagainstthecage,
Zimperlich, Exploid, Plankton, DougaLeaker.A,
Rufraud, Gone in 60s etc.
1.4 Some malicious behaviors of Android malware
Malware is usually motived by controlling mobile
device without user intervention, such as:
1) Privilege escalation to root,
2) Leak private data or exfiltrate sensitive data,
3) Dial premium numbers,
4) Botnet activity,
5) Backdoor triggered via SMS.
1.5 Our Work
In this paper, based on home-brewed Cloud
Computing platform and data mining, we propose a
methodology to evaluate mobile apps for improving
current security status of mobile apps, MobSafe, a
demo and prototype system, is also proposed to identify
the mobile app’s virulence or benignancy. MobSafe
combines the dynamic and static analysis method to
comprehensively evaluate a android app, and reduce
the total analyse time to a acceptable level. In
the implementation, we adopt the two representative
dynamic and static analysis method, i.e. ASEF and
SAAF framework, to evaluate the android apps and
estimate the total time needed to evaluate all the apps
stored in one mobile app market, which provide useful
reference for a mobile app market owner to filter out the
mobile malwares.
This paper is organized as follows: Section 2
provides an overview of related works of static
analysis and dynamic analysis methods, Section 3
introduces infrastructure Cloud Computing platform,
MobSafe frontend and backend’s design, ASEF and
SAAF framework respectively. Section 4 presents
the performance evaluation based on real trace data,
including the experiments’ result and analysis, and
Section 5 makes a brief conclusion of this paper, and
Section 6 discusses the future work using Machine
Learning to further evaluate the android apps.
2 Related work
Security analysis of Android apps is a hot topic. More
and more researchers use static analysis and dynamic
behavior analysis, and even integrate it with machine
learning techniques to identify malware.
2.1 Static analysis methods
David Barrera et al.
[6]
make an analysis on
permission-based security models and its applications
to android through a novel methodology which applies