Special Issue "New Frontiers in Android Malware Analysis and Detection"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Applications".

Deadline for manuscript submissions: closed (31 July 2020).

Special Issue Editor

Dr. Davide Maiorca
E-Mail Website
Guest Editor
Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d’Armi, 09123, Cagliari, Italy
Interests: malware analysis in documents and binary files; android malware analysis; machine learning for malware detection; adversarial machine learning

Special Issue Information

Dear Colleagues,

Android is the most popular operating system for mobile phones, with more than 2.5 billion currently active devices. Its popularity drove the attention of cybercriminals and malware creators, who have been releasing new and increasingly sophisticated malware that exploits the characteristics of Android applications to steal users’ information, encrypt their data, or compromise their devices.

The goal of this Special Issue is to propose new, sophisticated techniques to analyze and mitigate malware that targets the Android platform. These techniques may feature, among others, the use of static and dynamic analysis, the adoption of machine learning, taint analysis, symbolic execution, and so forth. This Special Issue also welcomes papers that focus on the analysis of specific malware families (such as ransomware), as well as papers related to obfuscation analysis and adversarial machine learning.

Dr. Davide Maiorca
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Android malware
  • Static and dynamic analysis
  • Machine learning
  • Obfuscation
  • Adversarial machine learning

Published Papers (3 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Article
On the Feasibility of Adversarial Sample Creation Using the Android System API
Information 2020, 11(9), 433; https://0-doi-org.brum.beds.ac.uk/10.3390/info11090433 - 10 Sep 2020
Cited by 4 | Viewed by 1382
Abstract
Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and [...] Read more.
Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks. Full article
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
Show Figures

Figure 1

Article
AndroDFA: Android Malware Classification Based on Resource Consumption
Information 2020, 11(6), 326; https://0-doi-org.brum.beds.ac.uk/10.3390/info11060326 - 16 Jun 2020
Cited by 1 | Viewed by 1436
Abstract
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based [...] Read more.
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results. Full article
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
Show Figures

Figure 1

Article
Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences
Information 2020, 11(6), 304; https://0-doi-org.brum.beds.ac.uk/10.3390/info11060304 - 05 Jun 2020
Cited by 4 | Viewed by 1367
Abstract
The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a [...] Read more.
The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications. Full article
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
Show Figures

Figure 1

Back to TopTop