4MMSR-Network Security-2012-2013-Android Malware Detection Using Run-Time Properties Monitoring

De Ensiwiki
Aller à : navigation, rechercher

Mycomputer.png  Deuxième Année  CDROM.png  Informatique  Security logo.png  Sécurité  4MMSR-mini research logo.jpg  4MMSR-mini research project 

Android Malware Detection and Prevention Using Run-Time Monitoring and Enforcement of Properties

This is a "mini" research project for the course 4MMSR-Network Security

Keywords

android,dynamic analysis, malware, run-time monitoring

Description

Expected output

  • considered applications categories:
    • games
    • plane tickets comparator application
    • other?
  • for each considered categories,
    • a set of known to be "good" applications (ie without malicious code inside)
    • a set of known "malicious/bad" appliactions (ie with malicious code inside)

---> for the second one, we will mainly use malware.lu

  • properties to be monitored and enforced for the considered categories
  • plugin for droidbox that monitors those properties at runtime and stop the execution if one of them is violated

Research Questions

  • knowing a set of "good" applications for a given category (e.g., games), can we identify characteristics that hold for "most of those applications"?
    • temporal behavioral patterns
    • difference between permissions exposed in manifest.xml and actually used permissions
    • other ideas?
  • can we detect "malicious/bad" applications with the properties we wrote?
  • what is our precision? (false negative, false positive)
  • performance overhead?

References

Tools

Results

{{{results}}}

Get Started!

  • create an archive on the ensimag server, so that only your team members and I have access to it.
  • Créer_une_archive_partagée_avec_Git
  • obviously, do not forget to send me the path afterwards

Contacts

Fabien Duchene and Ylies Falcone