MADAM: a multi-level anomaly detector for android malware

Authors:
Gianluca Dini;Fabio Martinelli;Andrea Saracino;Daniele Sgandurra
Affiliations:
Dipartimento di Ingegneria dell'Informazione, Università di Pisa, Pisa, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy;Dipartimento di Ingegneria dell'Informazione, Università di Pisa, Pisa, Italy, Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy
Venue:
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Year:
2012

Citing 13
Cited 1

Anomalous system call detection

ACM Transactions on Information and System Security (TISSEC)
Proactive security for mobile messaging networks

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Using Battery Constraints within Mobile Hosts to Improve Network Security

IEEE Security and Privacy
Monitoring smartphones for anomaly detection

Mobile Networks and Applications
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
pBMDS: a behavior-based malware detection system for cellphone devices

Proceedings of the third ACM conference on Wireless network security
Diversity in smartphone usage

Proceedings of the 8th international conference on Mobile systems, applications, and services
Static analysis of executables for collaborative malware detection on android

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Crowdroid: behavior-based malware detection system for Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
"Andromaly": a behavioral malware detection framework for android devices

Journal of Intelligent Information Systems
Nearest neighbor pattern classification

IEEE Transactions on Information Theory
Input feature selection for classification problems

IEEE Transactions on Neural Networks

Quantifying and Classifying Covert Communications on Android

Mobile Networks and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Currently, in the smartphone market, Android is the platform with the highest share. Due to this popularity and also to its open source nature, Android-based smartphones are now an ideal target for attackers. Since the number of malware designed for Android devices is increasing fast, Android users are looking for security solutions aimed at preventing malicious actions from damaging their smartphones. In this paper, we describe MADAM, a Multi-level Anomaly Detector for Android Malware. MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones. The first prototype of MADAM is able to detect several real malware found in the wild. The device usability is not affected by MADAM due to the low number of false positives generated after the learning phase.