The silence of the phishers: Early-stage voice phishing detection with runtime permission requests

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-14 DOI:10.1016/j.cose.2025.104364

Chanjong Lee , Bedeuro Kim , Hyoungshick Kim

{"title":"The silence of the phishers: Early-stage voice phishing detection with runtime permission requests","authors":"Chanjong Lee , Bedeuro Kim , Hyoungshick Kim","doi":"10.1016/j.cose.2025.104364","DOIUrl":null,"url":null,"abstract":"<div><div>Voice phishing (vishing) is a sophisticated phone scam that causes significant financial harm to victims. Recently, vishing attacks have become more effective due to the use of vishing malware installed on victims’ devices. Conventional anti-malware solutions, which rely on static analysis of app code and permissions at install time, are circumvented by vishing malware that requests additional code and permissions after installation. We introduce <span>VishielDroid</span>, a novel system for real-time detection of vishing malware on Android devices. By dynamically tracking apps’ <em>runtime permission</em> requests, a critical indicator of malicious behavior specific to vishing malware, <span>VishielDroid</span> outperforms state-of-the-art systems in detection accuracy. Using only 98 features, <span>VishielDroid</span> achieved an F1-score of 99.78% with systematic testing, surpassing other solutions that achieve lower F1-scores (69.27% to 80.25%). The system demonstrated superior robustness across various scenarios: maintaining high performance with reduced training data and imbalanced datasets, achieving a 99.57% F1-score with a reduced feature set despite evasion attempts, and operating effectively across Android versions 8.1 to 12 with minimal modifications. We validated <span>VishielDroid</span>’s practicality through deployment on real devices, confirming marginal memory and battery consumption overheads.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104364"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000537","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Voice phishing (vishing) is a sophisticated phone scam that causes significant financial harm to victims. Recently, vishing attacks have become more effective due to the use of vishing malware installed on victims’ devices. Conventional anti-malware solutions, which rely on static analysis of app code and permissions at install time, are circumvented by vishing malware that requests additional code and permissions after installation. We introduce VishielDroid, a novel system for real-time detection of vishing malware on Android devices. By dynamically tracking apps’ runtime permission requests, a critical indicator of malicious behavior specific to vishing malware, VishielDroid outperforms state-of-the-art systems in detection accuracy. Using only 98 features, VishielDroid achieved an F1-score of 99.78% with systematic testing, surpassing other solutions that achieve lower F1-scores (69.27% to 80.25%). The system demonstrated superior robustness across various scenarios: maintaining high performance with reduced training data and imbalanced datasets, achieving a 99.57% F1-score with a reduced feature set despite evasion attempts, and operating effectively across Android versions 8.1 to 12 with minimal modifications. We validated VishielDroid’s practicality through deployment on real devices, confirming marginal memory and battery consumption overheads.

查看原文本刊更多论文

网络钓鱼者的沉默：带有运行时权限请求的早期语音网络钓鱼检测

语音网络钓鱼是一种复杂的电话诈骗，会给受害者造成重大的经济损失。最近，由于使用安装在受害者设备上的钓鱼恶意软件，钓鱼攻击变得更加有效。传统的反恶意软件解决方案依赖于在安装时对应用程序代码和权限的静态分析，而在安装后请求额外代码和权限的钓鱼恶意软件可以绕过这些解决方案。我们介绍了VishielDroid，一个实时检测Android设备上钓鱼恶意软件的新系统。通过动态跟踪应用程序的运行时权限请求，VishielDroid在检测准确性方面优于最先进的系统，这是针对钓鱼恶意软件的恶意行为的关键指标。仅使用98个功能，VishielDroid在系统测试中获得了99.78%的f1分数，超过了其他获得较低f1分数的解决方案（69.27%至80.25%）。系统在各种场景中表现出卓越的鲁棒性：在减少训练数据和不平衡数据集的情况下保持高性能，在减少功能集的情况下获得99.57%的f1分数，尽管有逃避尝试，并且在Android版本8.1到12中以最小的修改有效运行。我们通过在实际设备上的部署验证了VishielDroid的实用性，确认了边际内存和电池消耗开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.