MeadDroid: Detecting monetary theft attacks in Android by DVM monitoring

Abstract

Monetary theft attacks are one of the most popular attack forms towards Android system in recent years. In this paper, we present MeadDroid, a lightweight real-time detection system atop Android, to hold back this type of attacks. An FSM of monetary theft attacks is constructed, based on the analysis of real-world attacks. Employing an FSM-based detection approach, with the information obtained from dynamically monitoring the API calls and tracking the processing flow of UI (User Interface) inputs, MeadDroid can detect monetary theft attacks effectively and incurs only a small performance overhead. In addition, realized as an extension of Dalvik VM, MeadDroid is transparent to the user, and thus can provide a good user experience. Based on a prototype system, experiments are conducted with 195 popular Android applications. 11 applications with monetary theft attacks are found and the detection accuracy is almost 100% through comparing the results with the charge bill of the phone number used in the experiments. The performance overhead on a CPU-bound micro-benchmark is 8.97%. Experimental results demonstrate that MeadDroid has good performance in terms of effectiveness and efficiency. © 2013 Springer-Verlag.