SlideShare une entreprise Scribd logo

Android Malware Detection Mechanisms

Talha Kabakus
Talha Kabakus
Technologie
1  sur  23
Android Malware Detection Mechanisms Talha KABAKUŞ talhakabakus@gmail.com
Agenda ● Android Market Share ● Malware Types ● Android Security Mechanism ● User Profiles ● Static Analysis ● Signature Based Analysis & Protection ● Encrypted Data Communication
Android Users more than 1 billion users Surdar Pichai Q4 2013
Applications more than 1 million applications Hugo Barra Temmuz 2013
Android Market Share Source: Strategy Analytics 81.3% Q3 2013
Why Android is so popular? ● Open source ● Google support ● Free ● Linux based ● Java ● Rich SDK ● Strong third party community ve support ○ Sony, Motorola, HTC, Samsung
Malware Market 99%Source: CISCO 2014 Security Report
Malware Stats Source: Sophos Labs 1 million
Malware Types ● Backdoor ○ Access to a computer system that bypasses security mechanisms ● Exploit ○ Modifications on operating system ○ User interface modifications ● Spyware ○ Unauthorized advertising ○ Private data collection, transmission ○ Unauthorized operations (SMS, calls)
Android Security Mechanism ● Permission based ○ Accept / Reject ● Public, indefensible market ○ Everyone can upload any application ● Passive protection - feedback based ○ Applications are removed through negative feedbacks
User Profiles 42% Unaware about permissions 83% do not interest in permissions Source: Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012).
Static Analysis Approach ● Inspection of APK files using reverse engineering ● Manifest file ○ Permissions ○ Activities ○ Services ○ Receives ● API calls ● Source code inspection
Static Analysis Tools ● apktool ○ Extracts .apk archives ● aapt ○ Lists .apk archive contents ● dex2jar ○ Converts .dex files into .jar ● jd-gui ○ Converts .class files into Java sources
● Equality checks ● Type conversion controls ● Static updates ● Dead code detection ● Inconsistent hashCode and equals definitions ● null pointer controls ● Termination controls Source Code Inspection
Type Conversion Sample <EditText android:layout_width="fill_parent" android:layout_height="wrap_content" android: id="@+id/username"/> EditText editText = (EditText) findViewById(R. id.username); XML Java
null pointer control sample Java Activity Class Layout definition
Dead Code Detection Sample Never be executed Unreachable code
Signature Based Analysis & Control ● Signature database ● Smartphone client ● Central server ● Learning based ● Classification Bening Malware
Encrypted Data Communication ● All valuable data is encrypted and stored in SQLite database; decrypted when it is required. ● SMS ● Email ● Sensitive files ● Password ● Personal information Pocatilu, 2011
System Comparisons Ability MADAM DroidMat Julia Manifest inspection Var Var Var API call trace Var Var Var Signature database Var Var Yok Encrypted communication Yok Yok Yok Machine learning Var Var Yok
References I ● Bicheno, S.: Android Captures Record 81 Percent Share of Global Smartphone Shipments in Q3 2013, http://blogs.strategyanalytics.com/WSS/post/2013/10/31/Android-Captures- Record-81-Percent-Share-of-Global-Smartphone-Shipments-in-Q3-2013.aspx. ● Rowinski, D.: Google Play Hits One Million Android Apps, http://readwrite. com/2013/07/24/google-play-hits-one-million-android-apps. ● Cisco 2014 Annual Security Report, https://www.cisco. com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. ● Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. SPSM ’11 Proceedings ● Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS) (2012). ● Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012). ● Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. Proceeding of the WebApps’11 Proceedings of the 2nd USENIX conference on Web application development. p. 7. USENIX Association, Berkeley, CA, USA (2011). ● Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification. ACM conference on Computer and communications security. pp. 235–245 (2009).
References II ● Android Architecture, http://www.tutorialspoint. com/android/android_architecture.htm. ● Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security. pp. 62–69 (2012). ● Payet, É., Spoto, F.: Static analysis of Android programs, (2012). ● Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., Hunt, A.: Automated identification of installed malicious Android applications. Digital Investigation (2013). ● Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-level Anomaly Detector for Android Malware. In: Kotenko, I. and Skormin, V. (eds.) Computer Network Security. pp. 240–253. Springer Berlin Heidelberg, Berlin, Heidelberg (2012). ● Pocatilu, P.: Android applications security. Inform. Econ. 15, 163–171. Retrieved from http://revistaie.ase.ro (2011).
Thanks... /talhakabakus talhakabakus@gmail.com talhakabakus.weebly.com

Recommandé

Fast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachFast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachYury Leonychev
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentationSandeep Joshi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 

Recommandé

Fast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachFast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachYury Leonychev
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentationSandeep Joshi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android AppsAbdelhamid Limami
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis Cysinfo Cyber Security Community
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine LearningJapneet Singh
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development pptGautam Kumar
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
W01 Levent Gurses X
W01 Levent Gurses XW01 Levent Gurses X
W01 Levent Gurses XMovel
 

Contenu connexe

Tendances

IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine LearningJapneet Singh
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development pptGautam Kumar
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 

Tendances (20)

IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
 
malware analysis
malware analysismalware analysis
malware analysis
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
Android Security
Android SecurityAndroid Security
Android Security
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
mobile application security
mobile application securitymobile application security
mobile application security
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development ppt
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
 

Similaire à Android Malware Detection Mechanisms

Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
W01 Levent Gurses X
W01 Levent Gurses XW01 Levent Gurses X
W01 Levent Gurses XMovel
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsJosiah Renaudin
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesCSCJournals
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
1668170.ppt
1668170.ppt1668170.ppt
1668170.ppt230405
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...ijmnct
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniquesgerogepatton
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...karthikvcyber
 

Similaire à Android Malware Detection Mechanisms (20)

Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature Review
 
W01 Levent Gurses X
W01 Levent Gurses XW01 Levent Gurses X
W01 Levent Gurses X
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile Apps
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection Techniques
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Android security
Android securityAndroid security
Android security
 
Android security
Android securityAndroid security
Android security
 
1668170.ppt
1668170.ppt1668170.ppt
1668170.ppt
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android Report
 
What is Android app Pentesting in 2022- DetoxTechnologies.pdf
What is Android app Pentesting in 2022- DetoxTechnologies.pdfWhat is Android app Pentesting in 2022- DetoxTechnologies.pdf
What is Android app Pentesting in 2022- DetoxTechnologies.pdf
 
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...
MOST VIEWED ARTICLES IN ACADEMIA - INTERNATIONAL JOURNAL OF MOBILE NETWORK CO...
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
 

Plus de Talha Kabakus

Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit Sistemi
Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit SistemiAbant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit Sistemi
Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit SistemiTalha Kabakus
 
Web Saldırı Teknikleri & Korunma Yöntemleri
Web Saldırı Teknikleri & Korunma YöntemleriWeb Saldırı Teknikleri & Korunma Yöntemleri
Web Saldırı Teknikleri & Korunma YöntemleriTalha Kabakus
 
Programlanabilir DDRx Denetleyicileri
Programlanabilir DDRx DenetleyicileriProgramlanabilir DDRx Denetleyicileri
Programlanabilir DDRx DenetleyicileriTalha Kabakus
 
Android Kötücül Yazılım (Malware) Tespit Mekanizmaları
Android Kötücül Yazılım (Malware) Tespit MekanizmalarıAndroid Kötücül Yazılım (Malware) Tespit Mekanizmaları
Android Kötücül Yazılım (Malware) Tespit MekanizmalarıTalha Kabakus
 
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2Talha Kabakus
 
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt SistemiAbant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt SistemiTalha Kabakus
 
OSI Veri Bağı Katmanı
OSI Veri Bağı KatmanıOSI Veri Bağı Katmanı
OSI Veri Bağı KatmanıTalha Kabakus
 
Google Arama Motorunda Matrislerin Önemi
Google Arama Motorunda Matrislerin ÖnemiGoogle Arama Motorunda Matrislerin Önemi
Google Arama Motorunda Matrislerin ÖnemiTalha Kabakus
 
Görüntü i̇şlemede makine öğrenme teknikleri
Görüntü i̇şlemede makine öğrenme teknikleriGörüntü i̇şlemede makine öğrenme teknikleri
Görüntü i̇şlemede makine öğrenme teknikleriTalha Kabakus
 
64 bit işlemcilerin modern tarihçesi
64 bit işlemcilerin modern tarihçesi64 bit işlemcilerin modern tarihçesi
64 bit işlemcilerin modern tarihçesiTalha Kabakus
 
ID3 Algorithm & ROC Analysis
ID3 Algorithm & ROC AnalysisID3 Algorithm & ROC Analysis
ID3 Algorithm & ROC AnalysisTalha Kabakus
 

Plus de Talha Kabakus (12)

Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit Sistemi
Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit SistemiAbant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit Sistemi
Abant İzzet Baysal Üniversitesi Lisansüstü Programlara Başvuru Ön Kayit Sistemi
 
Web Saldırı Teknikleri & Korunma Yöntemleri
Web Saldırı Teknikleri & Korunma YöntemleriWeb Saldırı Teknikleri & Korunma Yöntemleri
Web Saldırı Teknikleri & Korunma Yöntemleri
 
Programlanabilir DDRx Denetleyicileri
Programlanabilir DDRx DenetleyicileriProgramlanabilir DDRx Denetleyicileri
Programlanabilir DDRx Denetleyicileri
 
Android Kötücül Yazılım (Malware) Tespit Mekanizmaları
Android Kötücül Yazılım (Malware) Tespit MekanizmalarıAndroid Kötücül Yazılım (Malware) Tespit Mekanizmaları
Android Kötücül Yazılım (Malware) Tespit Mekanizmaları
 
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi v.2
 
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt SistemiAbant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi
Abant İzzet Baysal Üniversitesi Enstitü Ön Kayıt Sistemi
 
Atlassian JIRA
Atlassian JIRAAtlassian JIRA
Atlassian JIRA
 
OSI Veri Bağı Katmanı
OSI Veri Bağı KatmanıOSI Veri Bağı Katmanı
OSI Veri Bağı Katmanı
 
Google Arama Motorunda Matrislerin Önemi
Google Arama Motorunda Matrislerin ÖnemiGoogle Arama Motorunda Matrislerin Önemi
Google Arama Motorunda Matrislerin Önemi
 
Görüntü i̇şlemede makine öğrenme teknikleri
Görüntü i̇şlemede makine öğrenme teknikleriGörüntü i̇şlemede makine öğrenme teknikleri
Görüntü i̇şlemede makine öğrenme teknikleri
 
64 bit işlemcilerin modern tarihçesi
64 bit işlemcilerin modern tarihçesi64 bit işlemcilerin modern tarihçesi
64 bit işlemcilerin modern tarihçesi
 
ID3 Algorithm & ROC Analysis
ID3 Algorithm & ROC AnalysisID3 Algorithm & ROC Analysis
ID3 Algorithm & ROC Analysis
 

Dernier

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Android Malware Detection Mechanisms

  • 1. Android Malware Detection Mechanisms Talha KABAKUŞ talhakabakus@gmail.com
  • 2. Agenda ● Android Market Share ● Malware Types ● Android Security Mechanism ● User Profiles ● Static Analysis ● Signature Based Analysis & Protection ● Encrypted Data Communication
  • 3. Android Users more than 1 billion users Surdar Pichai Q4 2013
  • 5. Android Market Share Source: Strategy Analytics 81.3% Q3 2013
  • 6. Why Android is so popular? ● Open source ● Google support ● Free ● Linux based ● Java ● Rich SDK ● Strong third party community ve support ○ Sony, Motorola, HTC, Samsung
  • 7. Malware Market 99%Source: CISCO 2014 Security Report
  • 9. Malware Types ● Backdoor ○ Access to a computer system that bypasses security mechanisms ● Exploit ○ Modifications on operating system ○ User interface modifications ● Spyware ○ Unauthorized advertising ○ Private data collection, transmission ○ Unauthorized operations (SMS, calls)
  • 10. Android Security Mechanism ● Permission based ○ Accept / Reject ● Public, indefensible market ○ Everyone can upload any application ● Passive protection - feedback based ○ Applications are removed through negative feedbacks
  • 11. User Profiles 42% Unaware about permissions 83% do not interest in permissions Source: Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012).
  • 12. Static Analysis Approach ● Inspection of APK files using reverse engineering ● Manifest file ○ Permissions ○ Activities ○ Services ○ Receives ● API calls ● Source code inspection
  • 13. Static Analysis Tools ● apktool ○ Extracts .apk archives ● aapt ○ Lists .apk archive contents ● dex2jar ○ Converts .dex files into .jar ● jd-gui ○ Converts .class files into Java sources
  • 14. ● Equality checks ● Type conversion controls ● Static updates ● Dead code detection ● Inconsistent hashCode and equals definitions ● null pointer controls ● Termination controls Source Code Inspection
  • 15. Type Conversion Sample <EditText android:layout_width="fill_parent" android:layout_height="wrap_content" android: id="@+id/username"/> EditText editText = (EditText) findViewById(R. id.username); XML Java
  • 16. null pointer control sample Java Activity Class Layout definition
  • 17. Dead Code Detection Sample Never be executed Unreachable code
  • 18. Signature Based Analysis & Control ● Signature database ● Smartphone client ● Central server ● Learning based ● Classification Bening Malware
  • 19. Encrypted Data Communication ● All valuable data is encrypted and stored in SQLite database; decrypted when it is required. ● SMS ● Email ● Sensitive files ● Password ● Personal information Pocatilu, 2011
  • 20. System Comparisons Ability MADAM DroidMat Julia Manifest inspection Var Var Var API call trace Var Var Var Signature database Var Var Yok Encrypted communication Yok Yok Yok Machine learning Var Var Yok
  • 21. References I ● Bicheno, S.: Android Captures Record 81 Percent Share of Global Smartphone Shipments in Q3 2013, http://blogs.strategyanalytics.com/WSS/post/2013/10/31/Android-Captures- Record-81-Percent-Share-of-Global-Smartphone-Shipments-in-Q3-2013.aspx. ● Rowinski, D.: Google Play Hits One Million Android Apps, http://readwrite. com/2013/07/24/google-play-hits-one-million-android-apps. ● Cisco 2014 Annual Security Report, https://www.cisco. com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. ● Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. SPSM ’11 Proceedings ● Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS) (2012). ● Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. p. 1 (2012). ● Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. Proceeding of the WebApps’11 Proceedings of the 2nd USENIX conference on Web application development. p. 7. USENIX Association, Berkeley, CA, USA (2011). ● Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification. ACM conference on Computer and communications security. pp. 235–245 (2009).
  • 22. References II ● Android Architecture, http://www.tutorialspoint. com/android/android_architecture.htm. ● Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security. pp. 62–69 (2012). ● Payet, É., Spoto, F.: Static analysis of Android programs, (2012). ● Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., Hunt, A.: Automated identification of installed malicious Android applications. Digital Investigation (2013). ● Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-level Anomaly Detector for Android Malware. In: Kotenko, I. and Skormin, V. (eds.) Computer Network Security. pp. 240–253. Springer Berlin Heidelberg, Berlin, Heidelberg (2012). ● Pocatilu, P.: Android applications security. Inform. Econ. 15, 163–171. Retrieved from http://revistaie.ase.ro (2011).