Abstract
SafeGuard is proposed as a solution to monitor behaviors of smartphone applications in real-time and detect and block any malicious behaviors. This solution consists of a server that manages and deploys the blocking rules and the device solution that monitors various applications in Android devices. The proposed scheme provides users with real-time malware information such as spyware detected by the SafeGuard library upon suspicious API call within the Android platform. Except for use of Rootkit at the kernel level, the scheme can detect behaviors that use the API from the platform or caused by a combination of those APIs. The database that determines any malicious behaviors can be periodically updated to block various malicious behaviors by using preemptive responses different from existing anti-virus products. For this purpose, the behaviors of smartphone applications are classified and are defined for monitoring. The architecture to apply them is also proposed in the Android framework and the proposed scheme is applied in the Android smartphone environment to verify its stability and feasibility through measuring the overhead in the environment.
Similar content being viewed by others
References
Blasing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak S (2010) An Android Application Sandbox system for suspicious software detection. 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp 55–62, October 2010
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for Android. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp 15–26
Chan PPK, Song W-K (2014) Static detection of Android malware by using permissions and API calls. in 2014 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1, pp. 82–87
Di Cerbo F, Girardello A, Michahelles F, Voronkova S (2011) Detection of malicious applications on android os. Proceedings of the 4th international conference on Computational forensics, IWCF’10, pp 138–149, November 2011
Enck W, Gilbert P, Chun B-G, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proceedings of the 9th USENIX conference on Operating systems design and implementation, October 2010
Fuchs AP, Chaudhuri A, Foster JS (2009) SCanDroid: Automated Security Certification of Android Applications. Technical Report CSTR-4991, Department of Computer Science, University of Maryland, November 2009
Google Play. Play.google.com. Retrieved 25 June 2015, from https://play.google.com/store
Isohara T, Takemori K, Kubota A (2011) Kernel-based Behavior Analysis for Android Malware Detection. 2011 Seventh International Conference on Computational Intelligence and Security, pp 1011–1015, Dec 2011
Jang J, Yun J, Woo J, Kim HK (2014) Andro-profiler: anti-malware system based on behavior profiling of mobile malware. in Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion, pp. 737–738
Juniper Networks Inc (2011) Malicious mobile threats report 2010/2011. Technical report, Juniper Networks, Inc.
Kim S, Cho JI, Myeong HW, Lee DH (2012) A study on static analysis model of mobile application for privacy protection. Computer Science and Convergence 114:529–540
Manjunath V (2011) Reverse Engineering of Malware on Android. SANS Institute InfoSec Reading Room, August 2011
NQ Mobile’s Security Lab (2012) NQ mobile’s 2012 security report, pp 1–4. Retrieved from http://www.nq.com/2012_NQ_Mobile_Security_Report.pdf
Rastogi V, Chen Y, Enck W (2013) AppsPlayground: automatic security analysis of smartphone applications. in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY '13), pp. 209–220, ACM, February 2013
Retina-X Studios (2009) Android mobile spy software. [Online] http://www.mobile-spy.com/android.html
Wu D-J, Mao C-H, Wei T-E, Lee H-M, Wu K-P (2012) DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp 62–29, August 2012
Wu L, Du X, Fu X (March 2014) Security threats to mobile multimedia applications: Camera-based attacks on mobile phones. Communications Magazine, IEEE 52(3):80–87
Zhao M, Ge F, Zhang T, Yuan Z (2011) Antimaldroid: An efficient SVM-based malware detection framework for android. Communications in Computer and Information Science 243:158–166
Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. Proceedings of the 19th Annual Network & Distributed System Security Symposium, Feb 2012
Acknowledgements
This work was supported by the ICT R&D program of MSIP/IITP. [R0101-15-0195(10043959), Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no competing interests.
Rights and permissions
About this article
Cite this article
Jeong, E.S., Kim, I.S. & Lee, D.H. SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform. Multimed Tools Appl 76, 18153–18173 (2017). https://doi.org/10.1007/s11042-016-4189-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-016-4189-1