AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (2.1 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

MobSafe: Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining

Department of Computer Science and Technology and Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing 100084, China
Department of Electronic Engineering and Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing 100084, China
Research Institute of Information Technology and Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing 100084, China
Department of Computer Science and Technology, Research Institute of Information Technology and Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing 100084, China
Show Author Information

Abstract

With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app’s virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

Keywords

Android platformmobile malware detectioncloud computingforensic analysismachine learningredis key-value storebig datahadoop distributed file systemdata mining

References

[1]
R. Lawler, Mary Meeker’s 2013 Internet Trends report, http://techcrunch.com/2013/05/29/mary-meeker-2013-internet-trends/, May 29, 2013.
[2]
J. Wu, On Top of Tides (Chinese Edition), Beijing: China Publishing House of Electronics Industry, January 8, 2011.
[3]
S. Q. Feng, Android software security and reversing engineering analysis (Chinese Edition), Beijing: Posts and Telecom Press, Feb. 2013.
[4]
Gartner, http://www.gartner.com/it/page.jsp?id=2153215, September 11, 2012.
[5]
List of mobile software distribution platforms, http://en.wikipedia.org/wiki/List_of_digital_distribution_platforms_for_mobile_devices, July 19 2013.
[6]
D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, A methodology for empirical analysis of permission-based security models and its application to Android, in Proc. 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010, pp. 73-84.
Crossref
[7]
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, A study of android application security, in USENIX Security Symposium, San Francisco, USA, 2011.
[8]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, Android permissions demystified, in Proc. 18th ACM Conference on Computer and Communications Security, Chicago, USA, 2011, pp. 627-638.
Crossref
[9]
K. O. Elish, D. Yao, and B. G. Ryder, User-centric dependence analysis for identifying malicious mobile apps, in Workshop on Mobile Security Technologies (MoST), San Francisco, USA, 2012.
[10]
I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, Crowdroid: Behavior-based malware detection system for Android, in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Chicago, USA, 2011, pp. 15-26.
Crossref
[11]
J. Hoffmann, M. Ussath, T. Holz, and M. Spreitzenbarth, Slicing droids: Program slicing for smali code, in Proc. 28th Annual ACM Symposium on Applied Computing, Coimbra, Portugal, 2013, pp. 1844-1851.
Crossref
[12]
Y. Nadji, J. Giffin, and P. Traynor, Automated remote repair for mobile malware, in Proc. 27th Annual ACM Computer Security Applications Conference, Orlando, USA, 2011, pp. 413-422.
Crossref
[13]
G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, Paranoid Android: Versatile protection for smartphones, in Proc. 26th Annual ACM Computer Security Applications Conference, Austin, USA, 2010, pp. 347-356.
Crossref
[14]
Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets, in Proc. 19th Annual Network and Distributed System Security Symposium, San Diego, USA, 2012.
[15]
A. D. Schmidt, R. Bye, H. G. Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, and S. Albayrak, Static analysis of executables for collaborative malware detection on Android, in Communications, ICC’09, IEEE International Conference on, Dresden, Germany, 2009.
Crossref
[16]
M. Frank, B. Dong, A. P. Felt, and D. Song, Mining permission request patterns from Android and facebook applications, in Proc. 12th IEEE International Conference on Data Mining, Brussels, Belgium, 2012, pp. 870-875.
Crossref
[17]
A. Shabtai, Y. Fledel, and Y. Elovici, Automated static code analysis for classifying Android applications using machine learning, in Proc. 6th IEEE International Conference on Computational Intelligence and Security (CIS), Nanning, China, December, 2010, pp. 329-333.
Crossref
[18]
B. Sanz, I. Santos, C. Laorden, X. Ugarte-Pedrero, and P. G. Bringas, On the automatic categorisation of Android applications, in Proc. 9th IEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, Nevada, USA, January, 2012, pp. 149-153.
Crossref
[19]
W. Zhou, Y. Zhou, Y. Jiang, and P. Ning, Detecting repackaged smartphone applications in third-party Android marketplaces, in Proc. 2nd ACM conference on Data and Application Security and Privacy, San Antonio, TX, USA, February, 2012, pp. 317-326.
Crossref
[20]
Z. Chen, F. Y. Han, J. W. Cao, X. Jiang, and S. Chen, Cloud computing-based forensic analysis for collaborative network security management system, Tsinghua Science and Technology, vol. 18, no. 1, pp. 40-50, 2013.
Crossref Google Scholar
[21]
T. Li, F. Han, S. Ding, and Z. Chen, LARX: Large-scale Anti-phishing by Retrospective Data-Exploring Based on a Cloud Computing Platform, in Proc. 20th International Conference on. IEEE. Computer Communications and Networks (ICCCN), Maui, Hawaii, USA, 2011, pp. 1-5.
Crossref
[22]
IPSAN storage, Openindianna + napit, http:// openindiana.org/ and http://www.napp-it.org, June, 2013.
[23]
Cloudstack project, http://cloudstack.apache.org, June, 2013.
[24]
ASEF project, https://code.google.com/p/asef/, June 2013.
[25]
Google Safe Browsing API v2, http://code.google.com/apis/safebrowsing/, June, 2013.
[26]
SAAF project, https://code.google.com/p/saaf/, June, 2013.
[27]
Readelf, http://sourceware.org/binutils/docs/binutils/readelf. html, June, 2013.
[28]
Ded, http://siis.cse.psu.edu/ded/, June, 2013.
[29]
Apktool, https://code.google.com/p/Android-apktool/, June, 2013.
[30]
Androguard, https://code.google.com/p/androguard/, June, 2013.
[31]
Soot, http://www.sable.mcgill.ca/soot/, June, 2013.
[32]
Strace, https://zh.wikipedia.org/wiki/Strace, June, 2013.
[33]
Randoop, https://code.google.com/p/randoop/, June, 2013.
[34]
J. Wu, Beauty of mathematics (Chinese Edition), Beijing: Posts and Telecom Press, January 6, 2012.
Tsinghua Science and Technology
Volume 18 Issue 4,
August 2013
Pages 418-427
DOI: 10.1109/TST.2013.6574680
Cite this article:
Xu J, Yu Y, Chen Z, et al. MobSafe: Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining. Tsinghua Science and Technology, 2013, 18(4): 418-427. https://doi.org/10.1109/TST.2013.6574680

596

Views

15

Downloads

25

Crossref

N/A

Web of Science

34

Scopus

0

CSCD

Altmetrics
Received: 19 July 2013
Accepted: 19 July 2013
Published: 05 August 2013
© The author(s) 2013
Return