A collaborative framework for android malware detection using DNS & dynamic analysis

Zurutuza, Urko

View/Open

A collaborative framework for android malware detection using DNS & dynamic analysis.pdf (697.3Kb)

Full record

Impact

xmlui.dri2xhtml.METS-1.0.item-share

Save the reference

Title

A collaborative framework for android malware detection using DNS & dynamic analysis

xmlui.dri2xhtml.METS-1.0.item-contributorOtherinstitution

https://ror.org/00brc6r59

Version

http://purl.org/coar/version/c_ab4af688f83e57aa

Rights

Access

http://purl.org/coar/access_right/c_abf2

URI

https://hdl.handle.net/20.500.11984/5932

Publisher’s version

https://doi.org/10.1109/CONCAPAN.2017.8278529

Published at

IEEE 37th Central America and Panama Convention (CONCAPAN XXXVII) Managua, 15-17 November 2017. IEEE, 2018

Publisher

IEEE

Keywords

Android malware
API calls
Dynamic behavior analysis
DNS queries ... [+]

Android malware
API calls
Dynamic behavior analysis
DNS queries
Collaborative framework [-]

Abstract

Nowadays, with the predominance of smart devices such as smartphones, mobile malware attacks have increasingly proliferated. There is an urgent need of detecting potential malicious behaviors so as to hinder them. Furthermore, Android malware is one of the major security issues and fast growing threats facing the Internet in the mobile arena. At the same time, DNS (Domain Name System) is widely misused by miscreants in order to provide Internet connection within malicious networks. Here, we propose an infrastructure for monitoring the Android applications in a platform-independent manner, introducing hooks in order to trace restricted API calls used at runtime of the application. These traces are collected at a central server were the application behavior filtering, string matching, and visualization takes place. From these traces we can extract malicious URLs and correlate them with DNS service network traffic, enabling us to find presence of malware running at the network level. [-]