Android currently represents the most widespread operating system focused on mobile devices. It is not surprising that the majority of malware is created to perpetrate attacks targeting mobile devices equipped with this operating systems. In the mobile malware landscape, there exists a plethora of malware families exhibiting different malicious behaviors. One of the recent threat in this landscape is represented by the HummingBad malware, able to perpetrate multiple attacks for obtain root credentials and to silently install applications on the infected device. From these considerations, in this paper we discuss two different methodologies aimed to detect malicious samples targeting Android environment. In detail the first approach is based on machine learning technique, while the second one is a model checking based approach. Moreover, the model checking approach is able to localize the malicious behaviour of the application under analysis code, in terms of package, class and method. We evaluate the effectiveness of both the designed methods on real-world samples belonging to the HummingBad malware family, one of the most recent and aggressive behaviour embed into malicious Android applications.
Model checking and machine learning techniques for HummingBad mobile malware detection and mitigation
Mercaldo F.
;Nardone V.;Santone A.;
2020-01-01
Abstract
Android currently represents the most widespread operating system focused on mobile devices. It is not surprising that the majority of malware is created to perpetrate attacks targeting mobile devices equipped with this operating systems. In the mobile malware landscape, there exists a plethora of malware families exhibiting different malicious behaviors. One of the recent threat in this landscape is represented by the HummingBad malware, able to perpetrate multiple attacks for obtain root credentials and to silently install applications on the infected device. From these considerations, in this paper we discuss two different methodologies aimed to detect malicious samples targeting Android environment. In detail the first approach is based on machine learning technique, while the second one is a model checking based approach. Moreover, the model checking approach is able to localize the malicious behaviour of the application under analysis code, in terms of package, class and method. We evaluate the effectiveness of both the designed methods on real-world samples belonging to the HummingBad malware family, one of the most recent and aggressive behaviour embed into malicious Android applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.