Randomizing Smartphone Malware Profiles against Statistical Mining Techniques

Abstract

The growing use of smartphones opens up new opportunities for malware activities such as eavesdropping on phone calls, reading e-mail and call-logs, and tracking callers' locations. Statistical data mining techniques have been shown to be applicable to detect smartphone malware. In this paper, we demonstrate that statistical mining techniques are prone to attacks that lead to random smartphone malware behavior. We show that with randomized profiles, statistical mining techniques can be easily foiled. Six in-house proof-of-concept malware programs are developed on the Android platform for this study. The malware programs are designed to perform privacy intrusion, information theft, and denial of service attacks. By simulating and tuning the frequency and interval of attacks, we aim to answer the following questions: 1) Can statistical mining algorithms detect smartphone malware by monitoring the statistics of smartphone usage? 2) Are data mining algorithms robust against malware with random profiles? 3) Can simple consolidation of random profiles over a fixed time frame prepare a higher quality data source for existing algorithms? © 2012 IFIP International Federation for Information Processing.