手机恶意软件暴露

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA) Pub Date : 2014-11-01 DOI:10.1109/AICCSA.2014.7073206

Alaa Salman, I. Elhajj, A. Chehab, A. Kayssi

{"title":"手机恶意软件暴露","authors":"Alaa Salman, I. Elhajj, A. Chehab, A. Kayssi","doi":"10.1109/AICCSA.2014.7073206","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a new method to detect malicious activities on mobile devices by examining an application's runtime behavior. To this end, we use the Xposed framework to build a monitoring module that generates behavior profiles for applications. The module integrates with our intrusion detection system which then analyzes and reports on the profiles. We use this tool to detect malicious behavior patterns using both a custom-written malware and a real one. We also detect behavior patterns for some popular applications from the Google Play Store to expose their functionality. The results show that standard techniques that are used to evade static analysis are not effective against our monitoring approach. This approach can also be generalized to detect unknown malware or expose exact application behavior to the user.","PeriodicalId":412749,"journal":{"name":"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Mobile malware exposed\",\"authors\":\"Alaa Salman, I. Elhajj, A. Chehab, A. Kayssi\",\"doi\":\"10.1109/AICCSA.2014.7073206\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we propose a new method to detect malicious activities on mobile devices by examining an application's runtime behavior. To this end, we use the Xposed framework to build a monitoring module that generates behavior profiles for applications. The module integrates with our intrusion detection system which then analyzes and reports on the profiles. We use this tool to detect malicious behavior patterns using both a custom-written malware and a real one. We also detect behavior patterns for some popular applications from the Google Play Store to expose their functionality. The results show that standard techniques that are used to evade static analysis are not effective against our monitoring approach. This approach can also be generalized to detect unknown malware or expose exact application behavior to the user.\",\"PeriodicalId\":412749,\"journal\":{\"name\":\"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AICCSA.2014.7073206\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AICCSA.2014.7073206","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

在本文中，我们提出了一种通过检查应用程序的运行时行为来检测移动设备上恶意活动的新方法。为此，我们使用Xposed框架构建一个监视模块，该模块为应用程序生成行为配置文件。该模块与我们的入侵检测系统集成，然后对配置文件进行分析和报告。我们使用此工具来检测恶意行为模式，同时使用自定义编写的恶意软件和真实的恶意软件。我们还检测Google Play商店中一些流行应用程序的行为模式，以暴露其功能。结果表明，用于逃避静态分析的标准技术对我们的监测方法无效。这种方法还可以推广到检测未知恶意软件或向用户公开确切的应用程序行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Mobile malware exposed

In this paper, we propose a new method to detect malicious activities on mobile devices by examining an application's runtime behavior. To this end, we use the Xposed framework to build a monitoring module that generates behavior profiles for applications. The module integrates with our intrusion detection system which then analyzes and reports on the profiles. We use this tool to detect malicious behavior patterns using both a custom-written malware and a real one. We also detect behavior patterns for some popular applications from the Google Play Store to expose their functionality. The results show that standard techniques that are used to evade static analysis are not effective against our monitoring approach. This approach can also be generalized to detect unknown malware or expose exact application behavior to the user.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)

自引率

0.00%

发文量