Android currently represents the most widespread operating system focused on mobile devices. It is not surprising that the majority of malware is created to perpetrate attacks targeting mobile devices equipped with this operating systems. In the mobile malware landscape, there exists a plethora of malware families exhibiting different malicious behaviors. One of the recent threat in this landscape is represented by the HummingBad malware, able to perpetrate multiple attacks for obtain root credentials and to silently install applications on the infected device. From these considerations, in this paper we discuss two different methodologies aimed to detect malicious samples targeting Android environment. In detail the first approach is based on machine learning technique, while the second one is a model checking based approach. Moreover, the model checking approach is able to localize the malicious behaviour of the application under analysis code, in terms of package, class and method. We evaluate the effectiveness of both the designed methods on real-world samples belonging to the HummingBad malware family, one of the most recent and aggressive behaviour embed into malicious Android applications.

Model Checking and Machine Learning techniques for HummingBad Mobile Malware detection and mitigation

Gigliola Vaglini
2020-01-01

Abstract

Android currently represents the most widespread operating system focused on mobile devices. It is not surprising that the majority of malware is created to perpetrate attacks targeting mobile devices equipped with this operating systems. In the mobile malware landscape, there exists a plethora of malware families exhibiting different malicious behaviors. One of the recent threat in this landscape is represented by the HummingBad malware, able to perpetrate multiple attacks for obtain root credentials and to silently install applications on the infected device. From these considerations, in this paper we discuss two different methodologies aimed to detect malicious samples targeting Android environment. In detail the first approach is based on machine learning technique, while the second one is a model checking based approach. Moreover, the model checking approach is able to localize the malicious behaviour of the application under analysis code, in terms of package, class and method. We evaluate the effectiveness of both the designed methods on real-world samples belonging to the HummingBad malware family, one of the most recent and aggressive behaviour embed into malicious Android applications.
2020
Martinelli, Fabio; Mercaldo, Francesco; Nardone, Vittoria; Santone, Antonella; Vaglini, Gigliola
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1051170
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 11
social impact