SherlockDroid: a research assistant to spot unknown malware in Android marketplaces

Axelle Apvrille Ludovic Apvrille 1, 2
1 LabSoC - System on Chip
LTCI - Laboratoire Traitement et Communication de l'Information
Abstract :

With over 1,400,000 Android applications in Google Play alone, and dozens of different marketplaces, Android malware unfortunately have no difficulty to sneak in and silently spread. Known malware and their variants are nowadays quite well detected by anti-virus scanners. Nevertheless, the fundamentally new and unknown malware remain an issue. To assist research teams in the discovery of such new malware, we built an infrastructure, named SherlockDroid, whose goal is to filter out the mass of applications and only keep those which are the most likely to be malicious for future inspection by Anti-virus teams. SherlockDroid consists of marketplace crawlers, code-level property extractors and a classification tool named Alligator which decides whether the sample looks malicious or not, based on some prior learning. In our tests, we extracted properties and classified over 480K applications. During two crawling campaigns in July 2014 and October 2014, SherlockDroid crawled over 120K applications with the detection of one new malware, Android/Odpa.A!tr.spy, and two new riskware. With previous findings, this increases SherlockDroid and Alligator’s “Hall of Shame” to 8 malware and potentially unwanted applications.

Complete list of metadatas

https://hal.telecom-paristech.fr/hal-02287146
Contributor : Telecomparis Hal <>
Submitted on : Friday, September 13, 2019 - 4:38:54 PM
Last modification on : Sunday, September 15, 2019 - 1:12:46 AM

Identifiers

Citation

Axelle Apvrille, Ludovic Apvrille. SherlockDroid: a research assistant to spot unknown malware in Android marketplaces. Journal of Computer Virology and Hacking Techniques, 2015, 11 (39), pp.1-11. ⟨10.1007/s11416-015-0245-z⟩. ⟨hal-02287146⟩

Share

Metrics

Record views

4