A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools

Authors

  • Charu Negi Graphic Era Hill University, Dehradun, India
  • Preeti Mishra Graphic Era Deemed to be University, Dehradun, India
  • Pooja Chaudhary Graphic Era Deemed to be University, Dehradun, India
  • Harsh Vardhan Graphic Era Deemed to be University, Dehradun, India

DOI:

https://doi.org/10.13052/jcsm2245-1439.1018

Keywords:

Android, android architecture, attack taxonomy, malware detection, machine learning, malware

Abstract

As android devices have increased in number in the past few years, the android operating system has started dominating the smartphone market. The vast spread of android across all the devices has made security an important issue as the android users continue to grow exponentially. The security of android platform has become the need of the hour in view of increase in the number of malicious apps and thus several studies have emerged to present the detection approaches. In this paper, we review the android components to propose a threat model that illustrates the possible threats that are present in the android. We also present the attack taxonomy to illustrate the possible attacks at various layers of the android architecture. Experiments demonstrating the feature extraction and classification using machine earning algorithms have also been performed.

Downloads

Download data is not yet available.

Author Biographies

Charu Negi, Graphic Era Hill University, Dehradun, India

Charu Negi is currently working as Assistant Professor in Graphic Era Hill university, Dehradun, India. She is a research scholar working under the guidance of Dr Preeti Mishra, from Graphic Era Deemed to be University, Dehradun, India. Her research interests include Android Security, Malware detection, Machine Learning.

Preeti Mishra, Graphic Era Deemed to be University, Dehradun, India

Preeti Mishra is currently working as an Associate Professor in Graphic Era Deemed to be University, Dehradun, India. She has been awarded Ph. D. in Computer Science and Engineering from Malaviya National Institute of Technology Jaipur, India under the supervision of Dr. Emmanuel S. Pilli and Prof. Vijay Varadharajan (2017). She has been a Visiting Scholar in Macquarie University, Sydney, Australia in 2015. She is an active IEEE member and her interest includes Cloud Security, Cyber Security and Machine Learning, android Security.

Pooja Chaudhary, Graphic Era Deemed to be University, Dehradun, India

Pooja Chaudhary is a BTech student at Graphic Era deemed to be University at Dehradun since summer 2018. She has worked on research papers like detecting rice leaf disease using Image Processing and Machine Learning which was published in 2020. She served as the vice technical head of GEU ACM from March 2019–July 2020. She is currently in the 3rd year of her graduation and wishes to learn and build technologies that impact the world positively in the future.

Harsh Vardhan, Graphic Era Deemed to be University, Dehradun, India

Harsh Vardhan, is a B-Tech student at Graphic Era Deemed to be University since summer 2018. He has researched on detection of diseases in rice leaves using image processing and has a research paper about it which was published by Springer in 2020. He has keen interest in data structures and algorithms and is working on improving his problem solving skills. He is currently in his penultimate year of graduation and is working towards learning and contributing more to various fields of computer science.

References

P. Kaur and S. Sharma, “Google Android a mobile platform: A review,” 2014 Recent Adv. Eng. Comput. Sci. RAECS 2014, pp. 6–8, 2014, doi: 10.1109/RAECS.2014.6799598.

“Statista”. [Online] Available: https://www.statista.com

Y. Kim, T. Oh, and J. Kim, “Analyzing User Awareness of Privacy Data Leak in Mobile Applications,” Mob. Inf. Syst., vol. 2015, 2015, doi: 10.1155/2015/369489.

D. Wu, D. Gao, E. K. T. Cheng, Y. Cao, J. Jiang, and R. H. Deng, “Towards understanding android system vulnerabilities: Techniques and insights,” AsiaCCS 2019 – Proc. 2019 ACM Asia Conf. Comput. Commun. Secur., pp. 295–306.

V. Kouliaridis, K. Barmpatsalou, G. Kambourakis, and S. Chen, “A survey on mobile malware detection techniques,” IEICE Trans. Inf. Syst., vol. E103D, no. 2, pp. 204–211, 2020, doi: 10.1587/transinf.2019INI0003.

H. Li, D. Zhan, T. Liu, and L. Ye, “Using Deep-Learning-Based Memory Analysis for Malware Detection in Cloud,” Proc. – 2019 IEEE 16th Int. Conf. Mob. Ad Hoc Smart Syst. Work. MASSW 2019, pp. 1–6.

N. Xie, X. Wang, W. Wang, and J. Liu, “Fingerprinting Android malware families,” Front. Comput. Sci., vol. 13, no. 3, pp. 637–646, 2019, doi: 10.1007/s11704-017-6493-y.

J. B. Hur and J. A. Shamsi, “A survey on security issues, vulnerabilities and attacks in Android based smartphone,” 2017 Int. Conf. Inf. Commun. Technol. ICICT 2017, vol. 2017-December, pp. 40–46.

P. Feng, J. Ma, C. Sun, X. Xu, and Y. Ma, “A novel dynamic android malware detection system with ensemble learning,” IEEE Access, vol. 6, pp. 30996–31011, 2018, doi: 10.1109/ACCESS.2018.2844349.

P. Faruki et al., “Android security: A survey of issues, malware penetration, and defenses,” IEEE Commun. Surv. Tutorials, vol. 17, no. 2, pp. 998–1022, 2015, doi: 10.1109/COMST.2014.2386139.

Krajci I., Cummings D. (2013) History and Evolution of the Android OS. In: Android on x86. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4302-6131-5_1.

Sufatrio et al., “Securing Android: A Survey, Taxonomy, and Challenges,” ACM Comput. Surv., vol. 47, no. 4, pp. 1–45, 2015, doi: 10.1145/2733306.

S. Hutchinson and D. C. Varol, “A Survey of Privilege Escalation Detection in Android,” 2018 9th IEEE Annu. Ubiquitous Comput. Electron. Mob. Commun. Conf. UEMCON 2018, pp. 726–731.

H. Meng, V. L. L. Thing, Y. Cheng, Z. Dai, and L. Zhang, “A survey of Android exploits in the wild,” Comput. Secur., vol. 76, pp. 71–91, 2018, doi: 10.1016/j.cose.2018.02.019.

B. Kong, Y. Li, and L.-P. Ma, “PtmxGuard: An Improved Method for Android Kernel to Prevent Privilege Escalation Attack,” ITM Web Conf., vol. 12, p. 05010, 2017, doi: 10.1051/itmconf/20171205010.

L. Nguyen-Vu, N. T. Chau, S. Kang, and S. Jung, “Android Rooting: An Arms Race between Evasion and Detection,” Secur. Commun. Networks, vol. 2017, no. 4, 2017, doi: 10.1155/2017/4121765.

Y. an Tan et al., “A root privilege management scheme with revocable authorization for Android devices,” J. Netw. Comput. Appl., vol. 107, pp. 69–82, 2018, doi: 10.1016/j.jnca.2018.01.011.

B. Soewito and A. Suwandaru, “Android Sensitive Data Leakage Prevention with Rooting Detection Using Java Function Hooking,” J. King Saud Univ. – Comput. Inf. Sci., no. xxxx, 2020, doi: 10.1016/j.jksuci.2020.07.006.

P. Bhat and K. Dutta, “A survey on various threats and current state of security in android platform,” ACM Comput. Surv., vol. 52, no. 1, 2019, doi: 10.1145/3301285.

A. Kwong, D. Genkin, D. Gruss, and Y. Yarom, “RAMBleed,” no. May, pp. 1–17, 2019.

D. Gruss et al., “Page cache attacks,” Proc. ACM Conf. Comput. Commun. Secur., pp. 167–180.

N. Redini et al., “Bootstomp: On the security of bootloaders in mobile devices,” Proc. 26th USENIX Secur. Symp., pp. 781–798.

R. Fedler, M. Kulicke, and J. Schütte, “Native Code Execution Control for Attack Mitigation on Android,” pp. 15–20.

J. Zhang, A. R. Beresford, and S. A. Kollmann, “LibiD: Reliable identification of obfuscated third-party android libraries,” ISSTA 2019 – Proc. 28th ACM SIGSOFT Int. Symp. Softw. Test. Anal., pp. 55–65.

M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis,” IEEE Trans. Reliab., vol. 69, no. 1, pp. 124–138, 2020, doi: 10.1109/TR.2019.2926129.

L. Davi, A. Dmitrienko, A. R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 6531 LNCS, pp. 346–360, 2011, doi: 10.1007/978-3-642-18178-8_30.

R. Kour, A. Thaduri, and R. Karim, “Railway defender kill chain to predict and detect cyber-attacks,” J. Cyber Secur. Mobil., vol. 9, no. 1, pp. 47–90, 2020, doi: 10.13052/JCSM2245-1439.912.

O. Aslan and R. Samet, “A Comprehensive Review on Malware Detection Approaches,” IEEE Access, vol. 8, pp. 6249–6271, 2020, doi: 10.1109/ACCESS.2019.2963724.

W. Wang et al., “Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions,” IEEE Access, vol. 7, pp. 67602–67631, 2019, doi: 10.1109/ACCESS.2019.2918139.

A. Arora, S. K. Peddoju, and M. Conti, “ PermPair : Android Malware Detection Using Permission Pairs ,” IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 1968–1982, 2019, doi: 10.1109/tifs.2019.2950134.

Y. Feng, L. Chen, A. Zheng, C. Gao, and Z. Zheng, “AC-Net: Assessing the Consistency of Description and Permission in Android Apps,” IEEE Access, vol. 7, pp. 57829–57842, 2019, doi: 10.1109/ACCESS.2019.2912210.

Z. Liu, Y. Lai, and Y. Chen, “Android malware detection based on permission combinations,” Int. J. Simul. Process Model., vol. 10, no. 4, pp. 315–326, 2015, doi: 10.1504/IJSPM.2015.072522.

K. Xu, Y. Li, and R. H. Deng, “ICCDetector: ICC-Based Malware Detection on Android,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 6, pp. 1252–1264, 2016, doi: 10.1109/TIFS.2016.2523912.

D. Octeau et al., “Combining static analysis with probabilistic models to enable market-scale android inter-component analysis,” ACM SIGPLAN Not., vol. 51, no. 1, pp. 469–484, 2016, doi: 10.1145/2837614.2837661.

M. A. Jerlin and K. Marimuthu, “A New Malware Detection System Using Machine Learning Techniques for API Call Sequences,” J. Appl. Secur. Res., vol. 13, no. 1, pp. 45–62, 2018, doi: 10.1080/19361610.2018.1387734.

J. Garcia, M. Hammad, and S. Malek, “Lightweight, obfuscation-Resilient detection and family identification of android malware,” ACM Trans. Softw. Eng. Methodol., vol. 26, no. 3, pp. 1–29, 2018, doi: 10.1145/3162625.

C. Yong, M. Yongmin, and S. Meie, “Data change analysis based on function call path,” Int. J. Comput. Appl., vol. 40, no. 3, pp. 1–10, 2018, doi: 10.1080/1206212X.2017.1413625.

M. H. Nguyen, D. Le Nguyen, X. M. Nguyen, and T. T. Quan, “Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning,” Comput. Secur., vol. 76, pp. 128–155, 2018, doi: 10.1016/j.cose.2018.02.006.

P. K. Das, A. Joshi, and T. Finin, “App behavioral analysis using system calls,” 2017 IEEE Conf. Comput. Commun. Work. INFOCOM WKSHPS 2017, pp. 487–492.

V. G. Turrisi Da Costa, S. Barbon, R. S. Miani, J. J. P. C. Rodrigues, and B. B. Zarpelão, “Mobile botnets detection based on machine learning over system calls,” Int. J. Secur. Networks, vol. 14, no. 2, pp. 103–118, 2019, doi: 10.1504/IJSN.2019.100092.

Y. Liu, K. Guo, X. Huang, Z. Zhou, and Y. Zhang, “Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods,” Mob. Inf. Syst., vol. 2018, 2018, doi: 10.1155/2018/1649703.

L. Onwuzurike, E. Mariconti, P. Andriotis, E. De Cristofaro, G. Ross, and G. Stringhini, “MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version),” vol. 22, no. 2, 2017.

W. Wang, Z. Gao, M. Zhao, Y. Li, J. Liu, and X. Zhang, “DroidEnsemble: Detecting Android Malicious Applications with Ensemble of String and Structural Static Features,” IEEE Access, vol. 6, pp. 31798–31807, 2018, doi: 10.1109/ACCESS.2018.2835654.

Z. Ma, H. Ge, Y. Liu, M. Zhao, and J. Ma, “A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms,” IEEE Access, vol. 7, pp. 21235–21245, 2019, doi: 10.1109/ACCESS.2019.2896003.

Y. Feng, L. Chen, A. Zheng, C. Gao, and Z. Zheng, “AC-Net: Assessing the Consistency of Description and Permission in Android Apps,” IEEE Access, vol. 7, pp. 57829–57842, 2019, doi: 10.1109/ACCESS.2019.2912210.

F. Alswaina and K. Elleithy, “Android Malware Permission-Based Multi-Class Classification Using Extremely Randomized Trees,” IEEE Access, vol. 6, pp. 76217–76227, 2018, doi: 10.1109/ACCESS.2018.2883975.

Stuart Millar, Niall McLaughlin, Jesus Martinez del Rincon, Paul Miller, and Ziming Zhao. 2020. DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY ’20). Association for Computing Machinery, New York, NY, USA, 353–364.

J. Zhang, Z. Qin, K. Zhang, H. Yin, and J. Zou, “Dalvik Opcode Graph Based Android Malware Variants Detection Using Global Topology Features,” IEEE Access, vol. 6, pp. 51964–51974, 2018, doi: 10.1109/ACCESS.2018.2870534.

“APKtool” [Online] Available: https://ibotpeaches.github.io/Apktool/

“Androguard” [Online] Available: https://github.com/androguard/androguard

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, pages 259–269, New York, NY, USA, 2014. ACM

“Android Tamer”. [Online] Available: https://github.com/AndroidTamer/Tools.

“MOBSF” [Online] Available: https://mobsf.github.io/docs/#/

P. Lantz, “An Android Application Sandbox for Dynamic Analysis,” 2011.

Yerima, Suleiman (2018): Android malware dataset for machine learning 2. figshare. Dataset. https://doi.org/10.6084/m9.figshare.5854653.v1

W. Wang, J. Wei, S. Zhang, and X. Luo, “LSCDroid: Malware Detection Based on Local Sensitive API Invocation Sequences,” IEEE Trans. Reliab., vol. 69, no. 1, pp. 174–187, 2020, doi: 10.1109/TR.2019.2927285.

Z. Ma, H. Ge, Y. Liu, M. Zhao, and J. Ma, “A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms,” IEEE Access, vol. 7, pp. 21235–21245, 2019, doi: 10.1109/ACCESS.2019.2896003.

J. Zhang, Z. Qin, K. Zhang, H. Yin, and J. Zou, “Dalvik Opcode Graph Based Android Malware Variants Detection Using Global Topology Features,” IEEE Access, vol. 6, pp. 51964–51974, 2018, doi: 10.1109/ACCESS.2018.2870534.

Downloads

Published

2021-03-23

How to Cite

1.
Negi C, Mishra P, Chaudhary P, Vardhan H. A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools. JCSANDM [Internet]. 2021 Mar. 23 [cited 2024 Nov. 21];10(1):231-60. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5261

Issue

2021: Vol 10 Iss 1

Section

Emerging Trends in Cyber Security and Cryptography