Static Analysis of Executables for Collaborative Malware Detection on Android

Abstract

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

@INPROCEEDINGS{Schmidt2009a,
AUTHOR="Aubrey-Derrick Schmidt and Rainer Bye and Hans-Gunther Schmidt and Jan
Clausen and Osman Kiraz and Kamer {Yüksel} and Seyit Camtepe and Albayrak
Sahin",
TITLE="Static Analysis of Executables for Collaborative Malware Detection on
Android",
BOOKTITLE="ICC 2009 Communication and Information Systems Security Symposium",
ADDRESS="Dresden, Germany, Germany",
DAYS=14,
MONTH=6,
YEAR=2009,
KEYWORDS="Security; Smartphones; Collaboration; Malware Detection; Android; Function
Calls; Intrusion Detection;",
ABSTRACT="Smartphones are getting increasingly popular and several malwares appeared
targeting these devices. General countermeasures to smartphone malwares are
currently limited to signature-based antivirus scanners which efficiently
detect known malwares, but they have serious shortcomings with new and
unknown malwares creating a window of opportunity for attackers. As
smartphones become host for sensitive data and applications, extended
malware detection mechanisms are necessary complying with the resource
constraints. 

The contribution of this paper is twofold. First, we perform static
analysis on the executables to extract their function calls in Android
environment using the command readelf. Function call lists are compared
with malware executables for classifying them with PART, Prism, and Nearest
Neighbor Algorithms. Second, we present a collaborative malware detection
approach to extend these results. Corresponding simulation results are
presented."
}
Authors:
Aubrey-Derrick Schmidt, Rainer Bye, Hans-Gunther Schmidt, Jan Hendrik Clausen, Osman Kiraz, Kamer Ali Yüksel, Seyit Ahmet Camtepe, Sahin Albayrak
Category:
Conference Paper
Year:
2009
Location:
IEEE International Conference on Communications (ICC) 2009, Dresden, Germany