• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Malicious and Unwanted Software >SpyDroid: A Framework for Employing Multiple Real-Time Malware Detectors on Android
【24h】

SpyDroid: A Framework for Employing Multiple Real-Time Malware Detectors on Android

机译:SpyDroid:在Android上使用多个实时恶意软件检测器的框架

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Android has become the leading operating system for next-generation smart devices. Consequently, the number of Android malware has also skyrocketed. Many dynamic analysis techniques have been proposed to detect Android malware. However, very few of these techniques use real-time monitoring on user devices as Android does not provide low-level information to third-party apps. Moreover, some techniques detect a specific malware class more effectively than others. Therefore, end users can be benefited by installing multiple malware detection techniques. In this paper, we propose SpyDroid, a real-time malware detection framework that can accommodate multiple detectors from third-parties (e.g., researchers and antivirus vendors) and allows efficient and controlled real-time monitoring. SpyDroid consists of two operating system modules (monitoring and detection) and supports application layer sub-detectors. Sub-detectors are regular Android applications that monitor and analyze different runtime information using the monitoring module and they report the detection module about their findings. The detection module decides when to mark an app as malware. Researchers and antivirus vendors can now publish their techniques via app markets and end users can install any number of sub-detectors as they require. We have implemented SpyDroid using the Android Open Source Project (AOSP) and our experiments with a dataset containing 4,965 apps show that decisions from multiple sub-detectors can increase the malware detection rate significantly on a real device.
机译:Android已成为下一代智能设备的领先操作系统。因此,Android恶意软件的数量也猛增。已经提出了许多动态分析技术来检测Android恶意软件。但是,由于Android不会向第三方应用程序提供底层信息,因此这些技术中很少有在用户设备上使用实时监控的。此外,某些技术比其他技术更有效地检测到特定的恶意软件类别。因此,通过安装多种恶意软件检测技术可以使最终用户受益。在本文中,我们提出了SpyDroid,这是一种实时恶意软件检测框架,可以容纳来自第三方(例如研究人员和防病毒软件供应商)的多个检测器,并可以进行有效且受控的实时监控。 SpyDroid由两个操作系统模块(监视和检测)组成,并支持应用程序层子检测器。子检测器是常规的Android应用程序,它们使用监视模块监视和分析不同的运行时信息,并向检测模块报告其发现结果。检测模块确定何时将应用标记为恶意软件。研究人员和防病毒供应商现在可以通过应用程序市场发布其技术,最终用户可以根据需要安装任意数量的子检测器。我们已经使用Android开放源代码项目(AOSP)实现了SpyDroid,并且对包含4,965个应用程序的数据集进行的实验表明,来自多个子检测器的决策可以显着提高真实设备上的恶意软件检测率。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号