Issue No. 01 - Jan.-Feb. (2018 vol. 15)
Andrea Saracino , Instituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy
Daniele Sgandurra , Department of Computing, Imperial College of London, London, United Kingdom
Gianluca Dini , Department of Ingegneria dell'Informazione, Università di Pisa, Pisa, Italy
Fabio Martinelli , Instituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy
Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been specifically designed to take into account those behaviors that are characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96 percent of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption.
Malware, Androids, Humanoid robots, Performance evaluation, Feature extraction, Monitoring
A. Saracino, D. Sgandurra, G. Dini and F. Martinelli, "MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention," in IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 1, pp. 83-97, 2018.