Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New Technique Targets C Code to Spot, Contain Malware Attacks

05.03.2014

Researchers from North Carolina State University have developed a new tool to detect and contain malware that attempts root exploits in Android devices. The tool improves on previous techniques by targeting code written in the C programming language – which is often used to create root exploit malware, whereas the bulk of Android applications are written in Java.

Root exploits take over the system administration functions of an operating system, such as Android. A successful Android root exploit effectively gives hackers unfettered control of a user’s smartphone.

The new security tool is called Practical Root Exploit Containment (PREC). It refines an existing technique called anomaly detection, which compares the behavior of a downloaded smartphone application (or app), such as Angry Birds, with a database of how the application should be expected to behave.

When deviations from normal behavior are detected, PREC analyzes them to determine if they are malware or harmless “false positives.” If PREC determines that an app is attempting root exploit, it effectively contains the malicious code and prevents it from being executed.

“Anomaly detection isn’t new, and it has a problematic history of reporting a lot of false positives,” says Dr. Will Enck, an assistant professor of computer science at NC State and co-author of a paper on the work. “What sets our approach apart is that we are focusing solely on C code, which is what most – if not all – Android root exploits are written in.”

“Taking this approach has significantly driven down the number of false positives,” says Dr. Helen Gu, an associate professor of computer science at NC State and co-author of the paper. “This reduces disturbances for users and makes anomaly detection more practical.”

The researchers are hoping to work with app vendors, such as Google Play, to establish a database of normal app behavior.

Most app vendors screen their products for malware, but malware programmers have developed techniques for avoiding detection – hiding the malware until users have downloaded the app and run it on their smartphones.

The NC State research team wants to take advantage of established vendor screening efforts to create a database of each app’s normal behavior. This could be done by having vendors incorporate PREC software into their app assessment processes. The software would take the app behavior data and create an external database, but would not otherwise affect the screening process.

“We have already implemented the PREC system and tested it on real Android devices,” Gu says. “We are now looking for industry partners to deploy PREC, so that we can protect Android users from root exploits.”

The paper, “PREC: Practical Root Exploit Containment for Android Devices,” will be presented at the Fourth ACM Conference on Data and Application Security and Privacy being held March 3-5 in San Antonio, Texas. Lead author of the paper is former NC State graduate student Tsung-Hsuan Ho. The paper was co-authored by Daniel Dean, a Ph.D. student in Gu’s lab at NC State.

The work was supported by the National Security Agency; U.S. Army Research Office grant W911NF-10-1-0273; National Science Foundation grants CNS-1149445, CNS-1253346, and CNS-1222680; IBM Faculty Awards and Google Research Awards.

-shipman-

Note to Editors: The paper abstract follows.

“PREC: Practical Root Exploit Containment for Android Devices”

Authors: Tsung-Hsuan Ho, Daniel J. Dean, Xiaohui Gu, and William Enck, North Carolina State University

Presented: March 3-5 at the Fourth ACM Conference on Data and Application Security and Privacy in San Antonio, Texas.

Abstract: Application markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware detection can be easily circumvented using logic bombs or checks for an emulated environment. We present a Practical Root Exploit Containment (PREC) framework that protects users from such conditional malicious behavior. PREC can dynamically identify system calls from high-risk components (e.g., third-party native libraries) and execute those system calls within isolated threads. Hence, PREC can detect and stop root exploits with high accuracy while imposing low interference to benign applications. We have implemented PREC and evaluated our methodology on 140 most popular benign applications and 10 root exploit malicious applications. Our results show that PREC can successfully detect and stop all the tested malware while reducing the false alarm rates by more than one order of magnitude over traditional malware detection algorithms. PREC is light-weight, which makes it practical for runtime on-device root exploit detection and containment.

Matt Shipman | EurekAlert!

Further reports about: ACM Android Application Code Data Devices Google Malware Security Store state-of-the-art

More articles from Information Technology:

nachricht Computing at the Speed of Light
22.05.2015 | University of Utah

nachricht NOAA's GOES-R satellite begins environmental testing
22.05.2015 | NASA/Goddard Space Flight Center

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Basel Physicists Develop Efficient Method of Signal Transmission from Nanocomponents

Physicists have developed an innovative method that could enable the efficient use of nanocomponents in electronic circuits. To achieve this, they have developed a layout in which a nanocomponent is connected to two electrical conductors, which uncouple the electrical signal in a highly efficient manner. The scientists at the Department of Physics and the Swiss Nanoscience Institute at the University of Basel have published their results in the scientific journal “Nature Communications” together with their colleagues from ETH Zurich.

Electronic components are becoming smaller and smaller. Components measuring just a few nanometers – the size of around ten atoms – are already being produced...

Im Focus: IoT-based Advanced Automobile Parking Navigation System

Development and implementation of an advanced automobile parking navigation platform for parking services

To fulfill the requirements of the industry, PolyU researchers developed the Advanced Automobile Parking Navigation Platform, which includes smart devices,...

Im Focus: First electrical car ferry in the world in operation in Norway now

  • Siemens delivers electric propulsion system and charging stations with lithium-ion batteries charged from hydro power
  • Ferry only uses 150 kilowatt hours (kWh) per route and reduces cost of fuel by 60 percent
  • Milestone on the road to operating emission-free ferries

The world's first electrical car and passenger ferry powered by batteries has entered service in Norway. The ferry only uses 150 kWh per route, which...

Im Focus: Into the ice – RV Polarstern opens the arctic season by setting course for Spitsbergen

On Tuesday, 19 May 2015 the research icebreaker Polarstern will leave its home port in Bremerhaven, setting a course for the Arctic. Led by Dr Ilka Peeken from the Alfred Wegener Institute, Helmholtz Centre for Polar and Marine Research (AWI) a team of 53 researchers from 11 countries will investigate the effects of climate change in the Arctic, from the surface ice floes down to the seafloor.

RV Polarstern will enter the sea-ice zone north of Spitsbergen. Covering two shallow regions on their way to deeper waters, the scientists on board will focus...

Im Focus: Gel filled with nanosponges cleans up MRSA infections

Nanoengineers at the University of California, San Diego developed a gel filled with toxin-absorbing nanosponges that could lead to an effective treatment for skin and wound infections caused by MRSA (methicillin-resistant Staphylococcus aureus), an antibiotic-resistant bacteria. This "nanosponge-hydrogel" minimized the growth of skin lesions on mice infected with MRSA - without the use of antibiotics. The researchers recently published their findings online in Advanced Materials.

To make the nanosponge-hydrogel, the team mixed nanosponges, which are nanoparticles that absorb dangerous toxins produced by MRSA, E. coli and other...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

International symposium: trends in spatial analysis and modelling for a more sustainable land use

20.05.2015 | Event News

15th conference of the International Association of Colloid and Interface Scientists

18.05.2015 | Event News

EHFG 2015: Securing health in Europe. Balancing priorities, sharing responsibilities

12.05.2015 | Event News

 
Latest News

For pollock surveys in Alaska, things are looking up

22.05.2015 | Agricultural and Forestry Science

Mission possible: This device will self-destruct when heated

22.05.2015 | Power and Electrical Engineering

NOAA's GOES-R satellite begins environmental testing

22.05.2015 | Information Technology

VideoLinks
B2B-VideoLinks
More VideoLinks >>>