Malware Detection and Removal Using Patch File Distribution in Android Smartphone

Home , Patch (computing)

International Journal of Scientific Research in Information Systems and Engineering (IJSRISE) Volume 2, Issue 1, April-2016. ISSN 2380-8128

MALWARE DETECTION AND REMOVAL USING PATCH FILE DISTRIBUTION IN ANDROID SMARTPHONE

P. Mohan [1], T. Vipin [2], R. Maniraj* *Assistant Professor, Vel Tech High Tech Dr. Rangarajan Dr. Sakunthala Engineering College [1], [2], Student, Vel Tech High Tech Dr. Rangarajan Dr. Sakunthala Engineering College

Email [1]: [email protected] Email [2]: [email protected]

Abstract: As the smartphone devices are becoming popular, and there is a massive increase of personal data being transmitted and stored on these devices. Thus, the impact of the mobile phones due to the malware is becoming dangerous and also poses a critical threat to the network security. In the existing system, an antivirus application is used for the detection and removal of this malware from the device. However, the use of antivirus application degrades the overall performance of the mobile phone. So in the proposed system, a two-layer network process is developed for real-time virus propagation through both Bluetooth and SMS. The user actions invoke the virus and spread into their device. It also contains an Android Application, which has a connection to the remote server. The server manages the information regarding the virus and detects the malicious content. Moreover, an automatic alert is sent to the server and then the corresponding patch files are delivered to the affected mobile. Keywords: Malware propagation, Android mobiles, Antivirus application, Patch files

Fig 1: Percentage of malware propagation in 1. INTRODUCTION smartphones With the recent advancements in the In the early stages, the virus defiles the smartphone and other mobile devices, they have machines through exchanged emails or disks. rapidly become ubiquitous in a computing platform. However, now the most commonly exploited ways Because of their increased data processing, storage is either through the Bluetooth or SMS capacity, and high-speed wireless network communication channel. They provide a means for intermediaries, the smartphones have outnumbered transfusing the malware into other devices. other computing devices and become the Unfortunately, the expansion in the endorsement of fundamental choice for personal use. This popularity smartphones comes with the enlarging prevalence of of the mobile devices has increased the impact on mobile malware. The problems present in them in our normal lifestyle, and the reality is that identifying such malware admit unique challenges the malware creators are developing malignant due to the narrow resources available and bounded codes containing viruses propagating on them in privileges available to the user. Concurrently, there large numbers. Among these malware attacks, the have been several methods to insulate the most contemplated are the Android platform which smartphone against malware attacks and to provide has become the most commonly used operating them with a primary level of security from hackers system on the smartphone. and malware writers. Moreover, thus a compromised smartphone causes many problems due to the malignant codes such as disruption to the service of users, e.g., damage to the system, financial loss, data loss, or privacy leakage. In this paper, we propose a model for characterizing the viruses, which propagate through Bluetooth and SMS Services, respectively, to address the ongoing deficiency. In our proposed model, viruses are activated as a result of human activities which invoke the malware. It differs from the existing work as they focus on the impact of network dynamics on the virus propagation and the

existing work is aimed to provide further perception into how human routine activities affect the propagation dynamics of mobile viruses.

2. PROPOSED SYSTEM Due to the increase in the use of internet and wireless networks, there has been a significant expansion in the use of smartphone and its usage in all aspects of life. Thus, they have become the victim and target of malware attacks. The existing countermeasures provide various ways such as using antivirus application, formatting the disk drive. However, in the mobile phone, many people opt for the utilization of an antivirus application. These Fig 3: Overall process diagram requests normally degrade the overall performance of the mobile. The above figure shows the The mobile client is an android application percentage of detection and slowdown of standard which communicates with the antivirus server. This device activities such as email, messaging, video antivirus server maintains the database of the calling, and many other features by those antivirus malware and the corresponding patch files for applications. clearing the virus. When the mobile client is identified with the malicious content, then it will send alert to the server regarding the malware in the smartphone. Then the server will deliver the respective patch file to the smartphone to clear the malware from the infected device.

3. MODULE DESCRIPTION

Mobile Applicant In the mobile applicant module, we develop an Android application and then it is installed on the user’s Android smartphone. In the Fig 2: Performance measures of a smartphone with first page of the application, the User registration an antivirus application. process is created which has a two buttons and the In the proposed system, we create a two corresponding text field for entering the address to layer network process for modeling a real-time connect to the server. The application is created virus. The virus is created and then it is propagated using the Android programming language. Once the through SMS and Bluetooth channel. The virus page is designed, we have to write the codes for each developed for the Bluetooth propagation is a new component in the page. After the coding is folder virus contained in the application which is completed, the application will be generated with then installed in the user smartphone. Then an the extension of .apk format suitable for installing application with malicious code in it is sent through them. Then this APK file will be located in the Bluetooth to another mobile. Once the virus is smartphone as a mobile client application. transmitted to mobile, the user actions invoke the virus, and it spreads and completely affects the Server smartphone. The server is a host system which manages and processes the overall functions. It also maintains a constant association with the mobile client applicant. The coding for the server is developed using Java programming language. The server will stack up the information which the mobile applicant is requesting and then responds to the solicited queries. Then the server will detect the malicious nodes activities. It maintains the database of the malware and it contains the patch files to clear the virus from the infected smartphone.

Malware Procreation and Dissemination In this module, the mobile virus is created which contains the malignant code that will perform malicious activities. In this module, we are constructing a dummy virus as well as a New Folder virus which performs malignant activities. Once the attacker has created the virus, it will be propagated through Bluetooth or SMS technique. The user action invokes the virus, and then it will spread into the device affecting them. The users have to be present within the reception range while sending via Bluetooth medium and it can also be transmitted in the form of an SMS. The attacker can send the malware embedded in a mobile application through Bluetooth, and it can be installed on their cell phones. Fig 4: Reliability and performance result in a graph. The above figure depicts result graph of reliability and performance monitoring did at the Detection of Malware server end. Moreover, the following table depicts the After the attacker spreads the virus file to correlation between the detection based on the another device, it will be infected with malware hardware measurement and presents with a coarse based on the user actions. The server is responsible indication of overall system performance. for detecting and validating the contents for any malicious activities by interpreting them when the Table 1: Observation of the overall detection mobile device acquires them. If the file is enclosed accuracy based on hardware measurement TP (the with any malignant coding, then they are recognized true-positive rate) equals PA plus TP∗ (the exclusive as a virus file. The central server maintains the true-positive rate). Brute-force (BF) comparison and corresponding patches needed by the virus detected FFT methods are compared with FN (false in the smartphone. negatives) and FP (false positives) as well as TP and PA. Distribution of Patches Once the server identifies file infected with Methods FP TP∗ FN PA TP malware in the smartphone, the central server will BF w/o opt. 2% 28% 5% 64% 93% automatically deliver the patch files to remove the BF w/o comp. 2% 20% <1% 78% 98% virus in the infected mobile. These patch files are 2% 20% <1% 78% 98% maintained on the server. Thus, the patches will be BF delivered to the user’s mobile phone automatically BF (95%) to clear the virus in the infected smartphone. <2% 23% 0% 76% 99% FFT 3% 24% 2% 74% 96% 4. RESULT ANALYSIS In this section, we discuss the fundamental 5. CONCLUSION & FUTURE outcomes of our proof-of-concept implementation. ENHANCEMENT Initially, activities done by the antivirus software’s, In this project, we explore the problem of normally used at the mobile user side like scanning malware in mobile networks, and the proposed and removing malware is analyzed, based on their model is based on the propagation and detection of detection rate and delay made by performing such malware on the smartphones. As the existing activities is well analyzed. antivirus application has a greater impact on the Then analyzing the reliability and performance of the smartphone, we develop an performance measures of doing the same activities application that acts as an antivirus application like that of the antivirus software is separately from without degrading the performance of the system. It the server, improves user’s efficiency in various is used for detecting the malware and deleting them factors like memory booster to free the RAM usage, with the help of patch files downloaded from the a power saving, then clearance of junk files and such server to the infected smartphone. others. The future work can be focused on the adware and spyware as this project mainly targeted by the malware. It can also be made to concentrate IJSRISE © 2015. http://www.ijsrise.com pg. 50 International Journal of Scientific Research in Information Systems and Engineering (IJSRISE) Volume 2, Issue 1, April-2016. ISSN 2380-8128

on the virus propagated through other forms such as emails to provide the smartphone with absolute privacy and security from all forms of attacks.

REFERENCES [1] S. Peng, S. Yu, and A. Yang, “Smartphone malware and its propagation modeling: A survey,” IEEE Commun. Surveys Tuts., vol. 16,no. 2, pp. 925–941, 2014.

[2] G. Yan and S. Eidenbenz, “Modeling propagation dynamics of Bluetooth worms (extended version),” IEEE Trans. Mobile Comput.,vol. 8, no. 3, pp. 353–368, Mar. 2009

[3] Mohsen Damshenas, Ali ehghantanha, Ramlan Mahmoud, ” A Survey on Malware propagation, analysis, and detection,” International Journal of Cyber-Security and Digital Forensics (IJCSDF) Vol. 2, No. 4, pp 10-29, Dec 2013

[4] Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo, “An Email Worm Vaccine Architecture” Information Security Practice and Experience(ISPEC) pp 97-108, April 2005

[5] Ajay Gupta, Daniel C. DuVarney, “Using predators to combat worms and viruses: A simulation based study,” IEEE Trans, pp 116-125 Dec 2004

[6] Kejun Xin, Gang Li, Zhongyuan Qin, Qunfang Zhang, “Malware detection in smartphone using Hidden Markov Model,” Fourth International Conference on Multimedia Information Networking and Security, pp- 867-870, Nov 2014

[7] Wonjoo PARK, Sun-joong Kim, Won Ryu, “Detecting malware with similarity to android applications” Information and Communication Technology Convergence (ICTC), pp 1249-1251, Oct 2015

[8] Liang Xie, Hui Song, Trent Jaeger, and Sencun Zhu, ”A systematic approach for cell- phone worm containment” Proceedings of the 17th international conference on World Wide Web, pp 1083-1084, April 2008