{"title":"移动恶意软件检测沙箱与实时事件馈送和日志模式分析","authors":"Wei-Ting Lin, Jen-Yi Pan","doi":"10.1109/APNOMS.2016.7737204","DOIUrl":null,"url":null,"abstract":"In recent years, the use of smart devices is becoming increasingly popular. All kinds of mobile applications are emerging. In addition to the official market, there are also many ways to allow users to download the mobile app. As unidentified instances of malware grow day by day, off-the-shelf malware detection methods identify malicious programs mainly with extracted signatures of codes, which only can effectively identify already known malwares, but not new malwares in initial spread. If no samples of these malwares are reported and the virus code library is not patched, users won't be alerted to the malwares. Therefore, this paper proposed a new detection method by live log analysis. A sandbox is conducted to mimic human operations and monitor responses from APPs. Feeding these manual events can excite deactivated malwares and improve the accuracy of log analysis, even though these malware are unknown yet. This study takes recent malwares and benign programs to conduct experiments, and then verifies the effectiveness of the proposed method comparing with those in other papers. The experimental results show that the proposed method outperforms in both hit rate and pass rate.","PeriodicalId":194123,"journal":{"name":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Mobile malware detection in sandbox with live event feeding and log pattern analysis\",\"authors\":\"Wei-Ting Lin, Jen-Yi Pan\",\"doi\":\"10.1109/APNOMS.2016.7737204\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, the use of smart devices is becoming increasingly popular. All kinds of mobile applications are emerging. In addition to the official market, there are also many ways to allow users to download the mobile app. As unidentified instances of malware grow day by day, off-the-shelf malware detection methods identify malicious programs mainly with extracted signatures of codes, which only can effectively identify already known malwares, but not new malwares in initial spread. If no samples of these malwares are reported and the virus code library is not patched, users won't be alerted to the malwares. Therefore, this paper proposed a new detection method by live log analysis. A sandbox is conducted to mimic human operations and monitor responses from APPs. Feeding these manual events can excite deactivated malwares and improve the accuracy of log analysis, even though these malware are unknown yet. This study takes recent malwares and benign programs to conduct experiments, and then verifies the effectiveness of the proposed method comparing with those in other papers. The experimental results show that the proposed method outperforms in both hit rate and pass rate.\",\"PeriodicalId\":194123,\"journal\":{\"name\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2016.7737204\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2016.7737204","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mobile malware detection in sandbox with live event feeding and log pattern analysis
In recent years, the use of smart devices is becoming increasingly popular. All kinds of mobile applications are emerging. In addition to the official market, there are also many ways to allow users to download the mobile app. As unidentified instances of malware grow day by day, off-the-shelf malware detection methods identify malicious programs mainly with extracted signatures of codes, which only can effectively identify already known malwares, but not new malwares in initial spread. If no samples of these malwares are reported and the virus code library is not patched, users won't be alerted to the malwares. Therefore, this paper proposed a new detection method by live log analysis. A sandbox is conducted to mimic human operations and monitor responses from APPs. Feeding these manual events can excite deactivated malwares and improve the accuracy of log analysis, even though these malware are unknown yet. This study takes recent malwares and benign programs to conduct experiments, and then verifies the effectiveness of the proposed method comparing with those in other papers. The experimental results show that the proposed method outperforms in both hit rate and pass rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
