Currently, in the smartphone market, Android is the platform with the highest share. Due to this popularity and also to its open source nature, Android-based smartphones are now an ideal target for attackers. Since the number of malware designed for Android devices is increasing fast, Android users are looking for security solutions aimed at preventing malicious actions from damaging their smartphones. In this paper, we describe MADAM, a Multi-level Anomaly Detector for Android Malware. MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones. The rst prototype of MADAM is able to detect several real malware found in the wild. The device usability is not a ected by MADAM due to the low number of false positives generated after the learning phase
MADAM: A Multi-Level Anomaly Detector for Android Malware
Fabio Martinelli;Andrea Saracino;Daniele Sgandurra
2012
Abstract
Currently, in the smartphone market, Android is the platform with the highest share. Due to this popularity and also to its open source nature, Android-based smartphones are now an ideal target for attackers. Since the number of malware designed for Android devices is increasing fast, Android users are looking for security solutions aimed at preventing malicious actions from damaging their smartphones. In this paper, we describe MADAM, a Multi-level Anomaly Detector for Android Malware. MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones. The rst prototype of MADAM is able to detect several real malware found in the wild. The device usability is not a ected by MADAM due to the low number of false positives generated after the learning phaseI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
