Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Paul McNeil - Tennessee State University
Co-Author(s): Divya Guntu and Gauree Barve, Tennessee State University, TN
About 84% of all smartphones, worldwide, are Android devices. Given Android’s prominence, it is not surprising the majority of malicious mobile attacks are designed for the Android operating system. A new generation of Android malware leverages situational awareness (device location, user profile, presence of other apps) to trigger attacks, avoid detection, or both. Current detection systems do not incorporate user profiling models with their automated user-behavior driven dynamic analysis. We propose a new system, Scredent, which detects and alerts Android users of targeted malware in real-time.
Scredent generates probabilistic models and user groups from captured mobile interaction events. Next, it injects these models into a scalable, distributed dynamic analysis testbed. Risk factor for each application is then determined and an adaptive, location based alert is sent to the end user. There are three key subsystems of Scredent: user monitoring, distributed dynamic analysis, and adaptive alerting.
We propose a two-part monitoring subsystem for Scredent: logging and mapping. The logging system consists of a native Android application which logs contextual and user behavior data locally on the device. This information is then uploaded from the device to the cloud for modeling and mapping.
In the distributed dynamic analysis subsystem, Scredent manages the creation, scheduling, and execution of Droidbox clones in the cloud. Droidbox is an Android malware sandboxing tool. Our cloud possesses an Apache Spark infrastructure to allow for real-time processing.
Targeted Malware Alert and Notification System (TAMANOS) is an adaptive, location-based targeted malware alert and notification system for Android devices. This subsystem determines malware risk and the urgency of sending an alert. TAMANOS selects the best notification type for the user’s current activity. Further, TAMANOS notifies users when they have entered a known targeted malware attack zone.
In this abstract, we present the design and implementation of Scredent, a targeted malware detection and notification system. Scredent captures real user behaviors and converts them into probabilistic models to improve distributed targeted malware dynamic analysis. Further, Scredent provides end users with adaptive, location-based alerts and notifications in real-time. Future research will include end-to-end testing of Scredent with large volume of users.
ERN Abstract 2016_Paul.docxFunder Acknowledgement(s): This study was funded by the NSF Research Initiation Award awarded to Dr. Sachin Shetty.
Faculty Advisor: Sachin Shetty, sshetty@tnstate.edu