SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Smartphones

Paul McNeil, Tennessee State University


Ubiquitous use of mobile devices has resulted in an evolution of mobile malware. The increase and refinement of native device sensors allows mobile application developers the ability to create more complex user experiences. In turn, attackers have developed more sophisticated targeted malware to avoid detection and perpetuate propagation. Next generation malware analysis tools have been developed in response to new mobile attacks. Static analysis tools often miss targeted malware since behaviors are not being observed. Dynamic analysis and hybrid analysis tools fair better in detecting targeted malware. The success of these tools lies in their ability to cover as many smartphone event-scenarios as possible. Three main strategies for generating event coverage during dynamic analysis are: (1) crowdsourced, (2) user interface driven, and (3) analyst generated. Current dynamic and hybrid analysis tools focus on analyzing individual devices which may lead to scalability issues. We introduce SCREDENT as an approach to integrating user group profiling with automated user-behavior driven hybrid analysis. SCREDENT further incorporates probabilistic models to perform intelligent analysis and store. Using the SCREDENT approach, we can perform scalable targeted malware detection and notification in real-time. It employs machine learning techniques to conduct lightweight static analysis. SCREDENT leverages the power of the cloud and container technology to perform distributive dynamic analysis. In this work, we implement the SCREDENT approach for the Android smartphone domain.

Subject Area

Computer Engineering|Computer science

Recommended Citation

Paul McNeil, "SCREDENT: Scalable Real-time Anomalies Detection and Notification of Targeted Malware in Smartphones" (2016). ETD Collection for Tennessee State University. Paper AAI10158680.