The prime Suspect is the Butler cause he holds all the "Keys"

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration).

In recent years many efforts have been invested in the detection of malicious mobile applications for Android operating systems. These efforts have been focused on dynamic analysis sandboxing based on complex, tedious and slow processes which explode the analysis of binary code. This research explores the potential of detecting malicious apps on Android platforms by analysing only the permissions of each apk. The key of the analysis introduced here is to improve the accuracy of detection by minimizing the ratio of false negative. This way it has been possible to propose a first stage approach that reduce the workload of traditional analysis by reducing the set of suspected applications. To obtain the results we have been working through a massive experimentation that has involved over 750 000 applications from different markets (Google Play, …). Exploding antimalware tools results, an automated analysis has allowed us to infer a very particular behavior in these malicious apps, modelled as a combination of specified permissions. This knowledge has allowed the usage of machine learning algorithms to determine if a given apps is suspected of being malicious or not. This preliminary analysis allows a significant reduction of the problem to be solved by traditional solutions, reducing, by extension, the time that runs until an apps is analyzed. In addition, the independence with code analysis permits to detect some malicious apps that cannot be detected by signature comparison.


Presenters:

  • Sergio de los Santos (Head of Labs 11Paths) - Senior Developer
    Authors: Sergio de los Santos, Alfonso Muñoz, Antonio Guzmán y Chema Alonso Speaker: Sergio de los Santos (Head of Labs 11paths) & Jesús Torres (Senior developer) [Sergio de los Santos] Currently head of labs 11 Paths, responsible for creating new projects, tools and prototypes. In the past (2005-2013), he has been Technical consultant in Hispasec (where VirusTotal was developed for 10 years), responsible for several services in the company (antifraud, vulnerabilities alert... mostly bank industry oriented), and responsible for the most veteran security newsletter in Spanish. Since 2000 he has worked as an auditor and technical coordinator in G2Security and Forzis Security solution, and as network administrator for a big network. He has an informatics degree, is a former CISA, former PCI Qualified Security Assesor, MVP Consumer security 2013 and 2014, and is well-known speaker at conferences in Spain and teacher of different courses, masters and lectures at universities and private companies. [Jesús Torres] Jesús Torres has a degree in Granada University. He works as a security developer at Eleven Paths, with tools related to Android. He has strong skills in big data analysis, data bases and security based technology.
  • Jesús Torres - Senior Developer
    Authors: Sergio de los Santos, Alfonso Muñoz, Antonio Guzmán y Chema Alonso Speaker: Sergio de los Santos (Head of Labs 11paths) & Jesús Torres (Senior developer) [Sergio de los Santos] Currently head of labs 11 Paths, responsible for creating new projects, tools and prototypes. In the past (2005-2013), he has been Technical consultant in Hispasec (where VirusTotal was developed for 10 years), responsible for several services in the company (antifraud, vulnerabilities alert... mostly bank industry oriented), and responsible for the most veteran security newsletter in Spanish. Since 2000 he has worked as an auditor and technical coordinator in G2Security and Forzis Security solution, and as network administrator for a big network. He has an informatics degree, is a former CISA, former PCI Qualified Security Assesor, MVP Consumer security 2013 and 2014, and is well-known speaker at conferences in Spain and teacher of different courses, masters and lectures at universities and private companies. [Jesús Torres] Jesús Torres has a degree in Granada University. He works as a security developer at Eleven Paths, with tools related to Android. He has strong skills in big data analysis, data bases and security based technology.

Links:

Similar Presentations: