Special Issue "New Frontiers in Android Malware Analysis and Detection"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Applications".

Deadline for manuscript submissions: 31 July 2020.

Special Issue Editor

Dr. Davide Maiorca
Website
Guest Editor
Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d’Armi, 09123, Cagliari, Italy
Interests: malware analysis in documents and binary files; android malware analysis; machine learning for malware detection; adversarial machine learning

Special Issue Information

Dear Colleagues,

Android is the most popular operating system for mobile phones, with more than 2.5 billion currently active devices. Its popularity drove the attention of cybercriminals and malware creators, who have been releasing new and increasingly sophisticated malware that exploits the characteristics of Android applications to steal users’ information, encrypt their data, or compromise their devices.

The goal of this Special Issue is to propose new, sophisticated techniques to analyze and mitigate malware that targets the Android platform. These techniques may feature, among others, the use of static and dynamic analysis, the adoption of machine learning, taint analysis, symbolic execution, and so forth. This Special Issue also welcomes papers that focus on the analysis of specific malware families (such as ransomware), as well as papers related to obfuscation analysis and adversarial machine learning.

Dr. Davide Maiorca
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Android malware
  • Static and dynamic analysis
  • Machine learning
  • Obfuscation
  • Adversarial machine learning

Published Papers (2 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Open AccessArticle
AndroDFA: Android Malware Classification Based on Resource Consumption
Information 2020, 11(6), 326; https://doi.org/10.3390/info11060326 - 16 Jun 2020
Abstract
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based [...] Read more.
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results. Full article
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
Show Figures

Figure 1

Open AccessArticle
Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences
Information 2020, 11(6), 304; https://doi.org/10.3390/info11060304 - 05 Jun 2020
Abstract
The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a [...] Read more.
The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications. Full article
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
Show Figures

Figure 1

Back to TopTop