Android Malware: Detection, Characterization, and Mitigation
Recent years, there is an explosive growth in smartphone sales and adoption. The popularity is partially due to the wide availability of a large number of feature-rich smartphone applications (or apps). Unfortunately, the popularity has drawn the attention of malware authors: there were reports abou...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Dissertation |
| Sprache: | Englisch |
| Veröffentlicht: |
ProQuest Dissertations & Theses
01.01.2015
|
| Schlagworte: | |
| ISBN: | 1339761998, 9781339761992 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Recent years, there is an explosive growth in smartphone sales and adoption. The popularity is partially due to the wide availability of a large number of feature-rich smartphone applications (or apps). Unfortunately, the popularity has drawn the attention of malware authors: there were reports about malicious apps on both official and alternative marketplaces. These malicious apps have posed serious threats to user security and privacy. The primary goal of my research is to understand and mitigate the Android malware threats. In this dissertation, we first presented a systematic study to gain a better understanding of malware threats on both official and alternative app marketplaces, by proposing a system called DroidRanger to detect malicious apps on them. Specifically, we first proposed a permission-based behavioral footprinting scheme to detect new samples of known Android malware families. Then we applied a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malware families. This study showed that there is a clear need for a rigorous vetting process, especially for non-regulated alternative marketplaces. After that, we characterized Android malware from various aspects to provide better insights of existing malware threats to the whole research community. That's because without a deep understanding of Android malware, one can hardly imagine that effective mitigations could be proposed. The characterization and a subsequent evolution-based study of representative families revealed that they were evolving rapidly to circumvent the detection from existing mobile anti-virus software. The Android Malware Genome Project [11], spun off from this research, has helped researchers from more than 450 universities, research labs and companies all over the world to develop more effective solutions. In light of the threats, we further proposed a system called AppCage that thoroughly confines the run-time behavior of third-party Android apps. It leverages two complimentary user-level sandboxes to interpose and regulate the app's access to sensitive APIs, and further block malicious behaviors of Android malware. Specifically, the first sandbox named dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and the second sandbox named native sandbox leverages software fault isolation to prevent app's native libraries from directly accessing the protected APIs or subverting the dex sandbox. Our evaluation showed that AppCage can successfully detect and block attempts to leak private information by third-party apps, and the performance overhead caused by AppCage is negligible for apps without native libraries and minor for apps with them. |
|---|---|
| Bibliographie: | SourceType-Dissertations & Theses-1 ObjectType-Dissertation/Thesis-1 content type line 12 |
| ISBN: | 1339761998 9781339761992 |