SafeGuard

a behavior based real-time malware detection scheme for mobile multimedia applications in android platform

Eun Su Jeong, In-Seok Kim, Dong Hoon Lee

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.

Original languageEnglish
Pages (from-to)1-21
Number of pages21
JournalMultimedia Tools and Applications
DOIs
Publication statusAccepted/In press - 2016 Dec 6

Fingerprint

Smartphones
Application programming interfaces (API)
Viruses
Servers
Monitoring
Malware

Keywords

  • Android malware detection
  • Android platform
  • Behavior detection
  • Mobile multimedia application
  • Mobile security

ASJC Scopus subject areas

  • Software
  • Media Technology
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

@article{7b7f10cf60d846e3886165ed0d806ab3,
title = "SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform",
abstract = "SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.",
keywords = "Android malware detection, Android platform, Behavior detection, Mobile multimedia application, Mobile security",
author = "Jeong, {Eun Su} and In-Seok Kim and Lee, {Dong Hoon}",
year = "2016",
month = "12",
day = "6",
doi = "10.1007/s11042-016-4189-1",
language = "English",
pages = "1--21",
journal = "Multimedia Tools and Applications",
issn = "1380-7501",
publisher = "Springer Netherlands",

}

TY - JOUR

T1 - SafeGuard

T2 - a behavior based real-time malware detection scheme for mobile multimedia applications in android platform

AU - Jeong, Eun Su

AU - Kim, In-Seok

AU - Lee, Dong Hoon

PY - 2016/12/6

Y1 - 2016/12/6

N2 - SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.

AB - SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.

KW - Android malware detection

KW - Android platform

KW - Behavior detection

KW - Mobile multimedia application

KW - Mobile security

UR - http://www.scopus.com/inward/record.url?scp=85001819615&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85001819615&partnerID=8YFLogxK

U2 - 10.1007/s11042-016-4189-1

DO - 10.1007/s11042-016-4189-1

M3 - Article

SP - 1

EP - 21

JO - Multimedia Tools and Applications

JF - Multimedia Tools and Applications

SN - 1380-7501

ER -