SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Mobile Devices

摘要

The ubiquitous availability of Android devices has led to increasing malicious mobile attacks targeting the Android mobile operating system. In recent times, adversaries leverage situational awareness, user and device context to create targeted malware for mobile devices. Several mobile security tools such as Mobile Sandbox, TargetDroid, and ANANAS focus on tailoring the detection schemes for individual users and suffer from scalability by analyzing individual user's activities. To the best of our knowledge, these tools do not incorporate user group profiling in their automated user-behavior driven dynamic analysis. In addition, adaptive and location-based alerts are not provided to mobile users. We propose SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Mobile Devices, to provide a scalable system to classify, detect, and predict targeted malware in real-time. SCREDENT incorporates behavior-triggering probabilistic models and user grouping to minimize the number of parallel dynamic analysis instances needed. SCREDENT leverages container technology to perform dynamic analysis and allow for modularity as emulation technology improves. SCREDENT uses adaptive, location-based notification principles to create a geographical fence which warn users of malicious attacks. Finally, SCREDENT provides proactive, adaptive alerts to individual users if at least one of the group members has triggered malicious activities in an application currently used by the individual.