Mobile Security becomes increasingly important nowadays due to the widely use of mobile platforms. With the appearance of ARM virtualization extensions, using virtualization technology to protect system security has become a research hotspot. In this paper, we propose HypTracker to detect malicious behaviours by analyzing the system call sequences based on ARM virtualization extensions, which can intercept the system calls at thread level transparently with Android and generate the system call sequences. We put forward a sensitive-system-call-based feature extraction model using Relative Discrete Euclidean Distance and a greedy-like algorithm to generate the malicious behaviour models. At runtime, a sliding-window-based detection module is used to detect malicious behaviours. We have experimented with the samples of DroidKungfu and the result validates the effectiveness of the proposed methodology.
CITATION STYLE
Shen, D., Su, X., & Li, Z. (2017). HypTracker: A hypervisor to detect malwares through system call analysis on ARM. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10581 LNCS, pp. 199–214). Springer Verlag. https://doi.org/10.1007/978-3-319-69471-9_15
Mendeley helps you to discover research relevant for your work.