Function-oriented mobile malware analysis as first aid

Jae Wook Jang, Huy Kang Kim

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware's main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.

Original languageEnglish
Article number6707524
JournalMobile Information Systems
Volume2016
DOIs
Publication statusPublished - 2016

Fingerprint

Application programming interfaces (API)
Malware
Mobile devices
Data storage equipment
Experiments

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Function-oriented mobile malware analysis as first aid. / Jang, Jae Wook; Kim, Huy Kang.

In: Mobile Information Systems, Vol. 2016, 6707524, 2016.

Research output: Contribution to journalArticle

@article{0ed70df3fcaf4e76a6fc1606201306a3,
title = "Function-oriented mobile malware analysis as first aid",
abstract = "Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware's main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.",
author = "Jang, {Jae Wook} and Kim, {Huy Kang}",
year = "2016",
doi = "10.1155/2016/6707524",
language = "English",
volume = "2016",
journal = "Mobile Information Systems",
issn = "1574-017X",
publisher = "IOS Press",

}

TY - JOUR

T1 - Function-oriented mobile malware analysis as first aid

AU - Jang, Jae Wook

AU - Kim, Huy Kang

PY - 2016

Y1 - 2016

N2 - Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware's main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.

AB - Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware's main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.

UR - http://www.scopus.com/inward/record.url?scp=84962285684&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962285684&partnerID=8YFLogxK

U2 - 10.1155/2016/6707524

DO - 10.1155/2016/6707524

M3 - Article

AN - SCOPUS:84962285684

VL - 2016

JO - Mobile Information Systems

JF - Mobile Information Systems

SN - 1574-017X

M1 - 6707524

ER -