| Smart phones have become essential mobile devices for people. At the same time, they also become fertile grounds for hackers to spread virus and to deploy malware. The number of malware on smart phones is explosive growth. There is an urgent need to have a safety analysis and detection system which can facilitate the analysis, dissect and associated large number of mobile applications. An effective detection and analysis system needs to solve the following questions:how to automatically collect and manage a large number of mobile malware? How to perform information extraction and found similar malicious logic with existing malware, and quickly identify new malicious code segment? How to analyze a Zero_Day suspicious application and compare or associate it with existing malware family in the database?For these issues, the main work of this paper is as follows:1. This paper analyzes the security of the Android platform, summarizes the characteristics and trends of mobile malware, and analyzes the existing Android malware detection technology.2. This paper presents MSAnalytics, a signature-based automated collection, extraction, analysis and associate Android malware detection and analysis system. The system uses a scalable crawler technology automatically collects malware database, parse APP program, according to the calling sequence API, generate signature of methods, classes, applications, namely the three level signatures, and effectively identify repackaging malicious softwares, implement associate legitimate applications and other malware in the class level and/or method level.3. Using DroidAnalytics to detect the Zero_Day repackaged malware. The method using the similarity score to clustering applications, and using the name of the injected package as the name of its malware family. The experimental results showed that the use DroidAnalytics successfully detected342Zero_Day repackaged malware in three different families:AisRs, AIProvider, and G3app. And we explore the effectiveness of using DroidAnalytics to detect the zeroday repackaged malware.4. This paper illustrate how DroidAnalytics’ signatures can be used to analyze (and detect) malware repackaging, code obfuscation and malware with dynamic payloads. The system facilitates analysis and associate malicious application; reveal malicious logic at the operation code level. Experiments using150,368of Android applications, and successfully identified2,494of Android malware from102different families, with244of them are from six different malware samples of Zero_Day family.Experiments shows that, MSAnalytics can effectively analyze malware repackaging and mutation, has a good detection and analysis capabilities. |
PDF Full Text Request