BROWSE
Detail
Conference Paper
New Approach to Determine Metamorphic Malicious Mobile Code on Android based Smartphones
Cited - time in 
Share 
Share
- Authors
- Sangdon Kim, Hyung-Woo Lee, Jae Deok Lim, Jeong Nyeo Kim
- Issue Date
- 2014-12
- Citation
- International Conference on Internet (ICONI) 2014, pp.1-6
- Language
- English
- Type
- Conference Paper
- Abstract
- Because of the popularity and ubiquity of smartphones, malware creators are starting to develop new kinds of threats for Android platform that are being actively distributed via the official Android Markets. Android malware is evolving quickly. By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, those kinds of malicious codes are constantly changing to evade detection steps by continuing its evolution by operating by a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new approach to determine metamorphic malicious mobile code by monitoring and extracting dynamic system call features activated from Android Kernel. Based on those characteristics, we can classify and detect metamorphic malicious mobile code efficiently using optimized system call sequence similarity measure aggregated from Android kernel level.
- KSP Keywords
- Android Malware, Kernel level, Malicious code, New approach, Remote Server, Root Exploits, Sequence similarity measure, System call sequence, android platform, dynamic system, mobile apps