Malware Detection in Mobile Devices by Analyzing Sequences of System Calls
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32918
Malware Detection in Mobile Devices by Analyzing Sequences of System Calls

Authors: Jorge Maestre Vidal, Ana Lucila Sandoval Orozco, Luis Javier García Villalba


With the increase in popularity of mobile devices, new and varied forms of malware have emerged. Consequently, the organizations for cyberdefense have echoed the need to deploy more effective defensive schemes adapted to the challenges posed by these recent monitoring environments. In order to contribute to their development, this paper presents a malware detection strategy for mobile devices based on sequence alignment algorithms. Unlike the previous proposals, only the system calls performed during the startup of applications are studied. In this way, it is possible to efficiently study in depth, the sequences of system calls executed by the applications just downloaded from app stores, and initialize them in a secure and isolated environment. As demonstrated in the performed experimentation, most of the analyzed malicious activities were successfully identified in their boot processes.

Keywords: Android, information security, intrusion detection systems, malware, mobile devices.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1274


[1] ENISA (2016), “Threat Landscape 2015”. Available:
[2] European Police (2015), “The Internet Organised Crime Threat Assessment (iOCTA)”. Available:
[3] G. Suarez-Tangil, J.E Tapiador, P. Peris-Lopez, A. Ribagorda, “Evolution, Detection and Analysis of Malware for Smart Devices”, in IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 961-987, 2014.
[4] Y. Zhou, X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, 2012, pp. 95-109.
[5] D. Arp, M. Spreitzenbarth, M.H. Hubner, H. Gascon, K. Rieck, “Drebin: Effective and Explainable Detection of Android Malware in your Pocket”, in Proceedings of the 21th Annual Symposium on Network and Distributed System Security (NDSS), San Diego, CA, US, 2014, pp. 1-12.
[6] M. La Polla, F. Martinelli, D. Sgandurra, “A Survey on Security for Mobile Devices”, IEEE Communications Surveys & Tutorials, vol. 15, no. 1, pp. 446-471, 2013.
[7] P. Faruki, A. Bharmal, V. Laxmi, “Android Security: A Survey of Issues, Malware Penetration, and Defenses”, IEEE Communications Surveys & Tutorials, vol. 17, no. 2, pp. 998-1022, 2015.
[8] P. Garca-Teodoro, J. Daz-Verdejo, G. Maci-Fernndez, E. Vzquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges”, Computers & Security, vol. 25, no. 1-2, pp. 18-28, 2009.
[9] A. Feizollah, N. B. Anuar, R. Salleh, A.W.A. Wahab, “A Review on Feature Selection in Mobile Malware Detection”, Digital Investigation, vol. 13, pp. 23-37, 2015.
[10] M. Lindorfer, S. Volanis, A. Sisto, M. Neugschwandtner, E. Athanasopoulos, F. Maggi, C. Platzer, S. Zanero, S. Ioannidis, “AndRadar: Fast Discovery of Android Applications in Alternative Markets”, in Proceedings of the 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Egham, UK, 2014. lecture Notes in Computer Science, vol. 8550, pp. 51-71, 2014.
[11] L. Xing, X. Pan, R. Wang, K. Yuan, X. Wang, “Upgrading your android, elevating my malware: privilege escalation through mobile OS updating”, in Proceedings of the 35th IEEE Symposium on Security and Privacy, San Jose, CA, US, 2014, pp. 393-408.
[12] I. Burguera, U. Zurutuza, S. Nadjm-Tehrani,“Crowdroid: Behavior-Based Malware Detection System for Android”, in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Chicago, IL, US, 2011, pp. 15-26.
[13] Y.D. Lin, Y.C. Lai, C.H. Chen, H.C. Tsai, “Identifying android malicious repackaged applications by thread-grained system call sequences”, Computers & Security, vol. 39, pp. 340-350, 2013.
[14] Z.C. Schreuders, T. McGill, C. Payne, “The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls”, Computers & Security, vol. 32, pp. 219-241, 2013.
[15] X. wei, L. Gomez, I. Neamtiu, M. Faloutsos, “ProfileDroid: multi-layer profiling of android applications”, in Proceedings of the 18th annual international conference on Mobile computing and networking (Mobicom), Istambul, Turkey, 2012, pp. 137-148.
[16] R. Pandita, X. Xiao, W. Yang, W. Enck, T. Xie, “WHYPER: Towards Automating Risk Assessment of Mobile Applications”, in Proceedings of the 22nd USENIX Conference on Security, Washington, D.C, US, 2013, vol. 13, pp. 527-542.
[17] S. B. Needleman, C. D. Wunsch, “A general method applicable to the search for similarities in the amino acid sequence of two proteins”, Journal of Molecular Biology, vol. 48, no. 3, pp. 443-453, 1970.
[18] F. Wilcoxon, “Individual Comparisons by Ranking Methods”, Biometrics Bulletin, pp. 80-83, 1945.