Abstract
Android is the platform most targeted by attackers. While security solutions have improved against such attacks on one side, attackers introduce new variants of existing malware by employing new strategies to evade them on another side. One of the most effective evasion techniques widely used is updating malicious code at runtime. In this study, an up-to-date dataset of such update attacks called UpDroid is introduced and then analyzed. This dataset consists of 2,479 samples belonging to 21 malware families, of which most have been discovered in just the last few years. While this dataset gives an overview of recent malware, it will also be useful for researchers working on dynamic analysis. Furthermore, in this study, a new classification algorithm based on both static and dynamic features is introduced in order to group such malware into families.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
blcheck: Test a mail servers against black lists, March 2018. https://github.com/darko-poljak/blcheck
Droidbox: Dynamic analysis of android apps, March 2018. https://github.com/pjlantz/droidbox
Apkpure: Android market place, March 2018. https://apkpure.com/
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the Network and Distributed System Security (NDSS) Symposium (2014)
Ashishb: android-malware, March 2018. https://github.com/ashishb/android-malware
Avdiienko, V., et al.: Mining apps for abnormal usage of sensitive data. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 426–436. IEEE Press (2015)
AVTEST: Security report 2016/2017 (2017). https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Aysan, A.I., Sen, S.: Do you want to install an update of this application? A rigorous analysis of updated android applications. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 181–186. IEEE (2015)
Chakraborty, T., Pierazzi, F., Subrahmanian, V.: EC2: ensemble clustering and classification for predicting android malware families. IEEE Trans. Dependable Secur. Comput. (1), 1 (2017)
Choudhary, S.R., Gorla, A., Orso, A.: Automated test input generation for android: are we there yet?(e). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 429–440. IEEE (2015)
Comodo: Comodo threat research labs warns android users of tordow v2.0 outbreak, March 2018. https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-outbreak/
Contagio: contagio, March 2016. http://contagiodump.blogspot.com.tr/
Dash, S.K., et al.: DroidScribe: classifying android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016)
Deshotels, L., Notani, V., Lakhotia, A.: DroidLegacy: automated familial classification of android malware. In: Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, p. 3. ACM (2014)
Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. (2018)
Garcia, J., Hammad, M., Malek, S.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Methodol. (TOSEM) 26(3), 11 (2018)
Hall, M., et al.: The WEKA data mining software: an update. SIGKDD Explor. 11, 10–18 (2009)
Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36(2), 646–656 (2013)
Koodous: Online malware analysis platform, March 2018. https://koodous.com/
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: A view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)
Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput. Secur. 51, 16–31 (2015)
Marastoni, N., Continella, A., Quarta, D., Zanero, S., Preda, M.D.: GroupDroid: automatically grouping mobile malware by extracting code similarities. In: Proceedings of the 7th Software Security, Protection, and Reverse Engineering/Software Security and Protection Workshop, p. 1. ACM (2017)
Ping, M., Alsulami, B., Mancoridis, S.: On the effectiveness of application characteristics in the automatic classification of malware on smartphones. In: 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–8. IEEE (2016)
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS, vol. 14, pp. 23–26 (2014)
Qu, Z., Alam, S., Chen, Y., Zhou, X., Hong, W., Riley, R.: DyDroid: measuring dynamic code loading and its security implications in android applications. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 415–426. IEEE (2017)
Spreitzenbarth: Current android malware, March 2018. https://forensics.spreitzenbarth.de/android-malware/
Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 309–320. ACM (2017)
Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J.: DenDroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert. Syst. Appl. 41(4), 1104–1117 (2014)
Symantec: Internet security threat report, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
Symantec: Internet security threat report, vol. 22, April 2017. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf
Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)
VirusTotal: Virustotal, March 2018. https://www.virustotal.com
Website, A.: Android malware behaviors, March 2018. http://amd.arguslab.org/behaviors
Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10
Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1105–1116. ACM (2014)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP) pp. 95–109. IEEE (2012)
Acknowledgment
This study is supported by the Scientific and Technological Research Council of Turkey (TUBITAK-115E150). We would like to thank TUBITAK for its support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Aktas, K., Sen, S. (2018). UpDroid: Updated Android Malware and Its Familial Classification. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-03638-6_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03637-9
Online ISBN: 978-3-030-03638-6
eBook Packages: Computer ScienceComputer Science (R0)