Identification of Cryptographic Vulnerability and Malware Detection in Android

Identification of Cryptographic Vulnerability and Malware Detection in Android

Anjali Kumawat (Government Women Engineering College, Ajmer, India), Anil Kumar Sharma (Government Women Engineering College, Ajmer, India) and Sunita Kumawat (Government Women Engineering College, Ajmer, India)
Copyright: © 2017 |Pages: 14
DOI: 10.4018/IJISP.2017070102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Android based Smartphones are nowadays getting more popular. While using Smartphone, user is always concerned about security and malicious attacks, cryptographic vulnerability of the applications. With increase in the number of Android mobiles, Android malwares are also increasing very rapidly. So the authors have proposed the “Identification of cryptographic vulnerability and malware detection in Android” system. They have designed a user friendly android application, through which user and developer can easily test the application whether it is benign or vulnerable. The application will be tested firstly using static analysis and then the dynamic analysis will be carried out. The authors have implemented static and dynamic analysis of android application for vulnerable and malicious app detection. They have also created a web page. User can either use the application or the web page.
Article Preview

Introduction

The Internet has turned out to be an essential part of the daily life of a large population. Increasingly people are utilizing the services which are provided by the Internet. The Internet has also developed from a basic communication system to an interconnected set of information sources enabling, among other things, new forms of interactions and market places for the sale of services and products. There are people on the Internet with harmful intentions that struggle to endow themselves by taking benefits of legal users. Malware (i.e. malicious software) helps these people fulfilling their intents.

To protect justified users from these threats, there are various tools that have an objective to isolate malicious software components. Usually, these tools use signature matching to identify known threats. This technique needs a signature database. Then, these signatures are compared with possible threats. When a sample of a new possible threat is detected, it is analyzed to check whether this anonymous sample signifies a threat to users. If the sample poses a threat, a pattern or the signature is defined to identify this sample. The analysis of malware and the successive construction of signatures by humans are time consuming and error prone. An anti-virus vendor that receives thousands of unknown samples per day is not extraordinary nowadays. Symantec (4,300 per day) as well as McAfee (12,300 per day) report to have received over 1.6M new samples during the year 2008. This ample amount requires an automated approach to quickly differentiate between known and anonymous threats. This automatic analysis can be performed in two ways which are dynamic and static analysis. Dynamic analysis refers to techniques that uses a sample and verify its actions, while static analysis performs its task without actually executing the sample.

Malware

“Malware” is a term that can be used for any software that gets installed and activated on user’s device and performs unwanted actions and tasks. It often does so for the benefit of the third party. Malware programs can range from being simple annoying programs like adwares (pop up advertisements) to cause serious damage or invasion on one’s system (Rossow, Dietrich, Gier et al., 2012). The damage can be unmentionable as it can cause various threats like stealing passwords and data or infecting other machines that network with the infected device.

Majority of the malware programs are developed with an intention of data theft. They are designed to transmit information about the user for any third-party interest. They generally keep a track of the user’s browsing habits for benefit of any third party.

Figure 1.

Malicious Attacks

Malwares are malignant software. They are designed such that to damage computer systems and affect their functioning without the knowledge of the owner of the system or the user of the system. Sometimes, software from reputed vendors also contains malwares. These malwares have malicious code that affects the system that leaks the essential information or steal confidential data to the remote servers. The point here is that the user is unaware of the data robbery. Malwares generally includes computer viruses, spywares, rootkits, adware, dialers, Trojans, etc.

There are various malware detection techniques available for successful detection of the malwares. With the increase in the use of mobiles, the mobile malwares are imposing a great threat to public as well as big organizations. Particularly in mobiles also, Android mobiles are in great demand.

Android, currently being the most popular operating system in term of mobile is also one of the most prone operating system to malwares. Day to day the number of malwares are increasing and approximately every day thousands of new malwares are introduced to the internet via various resources. Thus it becomes a need for the sake of one’s safety that a system to detect and curd these malwares has to be developed.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing