A Forensic Analysis of Android Malware -- How is

1.

Malware Written and How it Could Be Detected?

http://orbilu.uni.lu/bitstream/10993/18702/1/A%20Forensic%20Analysis%20of
%20Android%20Malware.pdf

Abstract:
We consider in this paper the analysis of a large set of malware and benign applications
from the Android ecosystem. Although a large body of research work has dealt with Android
malware over the last years, none has addressed it from a forensic point of view. After
collecting over 500,000 applications from user markets and research repositories, we
perform an analysis that yields precious insights on the writing process of Android malware.
This study also explores some strange artifacts in the datasets, and the divergent
capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight
some major weak usage and misunderstanding of Android security by the criminal
community and show some patterns in their operational flow. Finally, using insights from this
analysis, we build a naive malware detection scheme that could complement existing anti
virus software.

A Framework for Malware Detection Using

2.

Combination Technique and Signature Generation

Abstract:
Malware detection must apply sophisticated technique to minimize malware thread that can
break computer operation. Nowadays malware writers try to avoid detection by using
several techniques such as polymorphic, hiding and also zero day of attack. However,
commercial anti-virus or anti-spyware that used signature-based matching to detects
malware cannot solve that kind of attack. In order to overcome this issue, we propose a new
framework for malware detection that combines signature-based technique and genetic
algorithm technique. This framework consists of three main components such as s-based
detection, GA detection and signature generator. These three main components will work
together as interrelated process in our propose framework. Result from this study is the new
framework that design to solve new launce malware and also to generate signature
automatically that can be used on signature-based detection.
Mohamad Fadli Zolkipli
Sch. of Comput. Sci., Univ. Sains Malaysia, Minden, Malaysia
Aman Jantan
Sch. of Comput. Sci., Univ. Sains Malaysia, Minden, Malaysia

http://ieeexplore.ieee.org/abstract/document/5489509/authors

3. An overview of social engineering malware: Trends, tactics,

and implications
Social engineering continues to be an increasing attack vector for the propagation of malicious
programs. For this article, we collected data on malware incidents and highlighted the
prevalence and longevity of social engineering malware. We developed a framework that
shows the steps social engineering malware executes to be successful. To explain its
pervasiveness and persistence, we discuss some common avenues through which such
attacks occur. The attack vector is a combination of psychological and technical ploys, which
includes luring a computer user to execute the malware, and combating any existing technical
countermeasures. We describe some of the prevalent psychological ploys and technical
countermeasures used by social engineering malware. We show how the techniques used by
purveyors of such malware have evolved to circumvent existing countermeasures. The
implications of our analyses lead us to emphasize (1) the importance for organizations to plan
a comprehensive information security program, and (2) the shared social responsibility
required to combat social engineering malware.
Sherly Abraham is a PhD student at the College of Computing & Information, State
University of New York, Albany. She has a Masters degree in Telecommunications from
SUNY Institute of Technology, Utica, NY, and a Bachelors degree in Computer
Engineering from Assumption University, Bangkok, Thailand. Her research interests
include information security, software patents, and telecommunication policies. She has
presented her research at various conferences and her work has been published
in Computer Law and Security Review.

InduShobha Chengalur-Smith is Chair of the Information Technology Management

Department at the School of Business, State University of New York, Albany. She
received her PhD from Virginia Tech, Blacksburg, VA. Prior to joining academia, she
worked in the private and public sectors. Her research interests are in open source
software, technology adoption and implementation, information quality, and security.
She serves on the editorial boards of several journals, and her research has been
published in journals such as Information Systems Research, Communications of the
ACM, and multiple issues of IEEE Transactions.

http://www.sciencedirect.com/science/article/pii/S0160791X10000497

..

Kernel-based Behavior Analysis for Android Malware

4.

Detection

Abstract:
The most major threat of Android users is malware infection via Android application
markets. In case of the Android Market, as security inspections are not applied for many
users have uploaded applications. Therefore, malwares, e.g., Geimini and Droid Dream will
attempt to leak personal information, getting root privilege, and abuse functions of the smart
phone. An audit framework called log cat is implemented on the Dalvik virtual machine to
monitor the application behavior. However, only the limited events are dumped, because an
application developers use the log cat for debugging. The behavior monitoring framework
that can audit all activities of applications is important for security inspections on the market
places. In this paper, we propose a kernel-base behavior analysis for android malware
inspection. The system consists of a log collector in the Linux layer and a log analysis
application. The log collector records all system calls and filters events with the target
application. The log analyzer matches activities with signatures described by regular
expressions to detect a malicious activity. Here, signatures of information leakage are
automatically generated using the smart phone IDs, e.g., phone number, SIM serial number,
and Gmail accounts. We implement a prototype system and evaluate 230 applications in
total. The result shows that our system can effectively detect malicious behaviors of the
unknown applications

Takamasa Isohara
KDDI R&D Labs.. Saitama, Saitama, Japan
Keisuke Takemori
KDDI R&D Labs.. Saitama, Saitama, Japan
Ayumu Kubota
KDDI R&D Labs.. Saitama, Saitama, Japan

http://ieeexplore.ieee.org/abstract/document/6128277/authors

Automated Classification and Analysis of Internet

5.

Malware
Abstract

Numerous attacks, such as worms, phishing, and botnets, threaten the availability of the Internet, the
integrity of its hosts, and the privacy of its users. A core element of defense against these attacks is anti-
virus (AV) softwarea service that detects, removes, and characterizes these threats. The ability of these
products to successfully characterize these threats has far-reaching effectsfrom facilitating sharing
across organizations, to detecting the emergence of new threats, and assessing risk in quarantine and
cleanup. In this paper, we examine the ability of existing host-based anti-virus products to provide
semantically meaningful information about the malicious software and tools (or malware) used by
attackers. Using a large, recent collection of malware that spans a variety of attack vectors (e.g., spyware,
worms, spam), we show that different AV products characterize malware in ways that are inconsistent
across AV products, incomplete across malware, and that fail to be concise in their semantics. To address
these limitations, we propose a new classification technique that describes malware behavior in terms of
system state changes (e.g., files written, processes created) rather than in sequences or patterns of
system calls. To address the sheer volume of malware and diversity of its behavior, we provide a method
for automatically categorizing these profiles of malware into groups that reflect similar classes of
behaviors and demonstrate how behavior-based clustering provides a more direct and effective way of
classifying and analyzing Internet malware.