International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

A Review Paper on Effective Behavioral Based Detection and Prevention Techniques for Android Platform

Mr. Sagar Vitthal Shinde1 M.Tech Comp. Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email id: [email protected]

Ms. Amrita A. Manjrekar2 Assistant Professor, Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email Id: [email protected]

Abstract late). It has been recently reported that almost 60% of Android is most popular platform for mobile devices. existing malware send stealthy premium rate SMS messages. Smartphone’s and mobile tablets are rapidly indispensable in Most of these behaviors are exhibited by a category of apps daily life. Android has been the most popular open sources called Trojanized that can be found in online marketplaces mobile operating system. On the one side android users are not controlled by Google. However, also Google Play, the increasing, but other side malicious activity also official market for Android apps, has hosted apps which have simultaneously increasing. The risk of malware (Malicious been found to be malicious [1] [21]. apps) is sharply increasing in Android platform, Android Existing system consist of some limited features of android detection and prevention has become an app, malware detection is based on behavioral base. The important research topic. Some malware attacks can make the malware detection and prevention process is also static which phone partially or fully unusable, cause unwanted SMS/MMS create some problems such as it increase false positive rate. (short message service/multimedia messaging service) billing, Malicious apps (generically called malware) constitute the money, or expose private information. main vector for security attacks against mobile devices. Various applications contain misbehavior code, but those are Disguised as traditional and helpful apps, they hide not actually malicious apps. The existing system categories treacherous code that performs actions within the background such apps as a malware apps. This problem will be overcome that threatens the user privacy, the device integrity, or in proposed system with the help of new feature extraction maybe user’s credit. Some common examples of attacks algorithm. In proposed system selected android features will performed by Android malicious apps are stealing contacts, be extracted for entire feature set to detect malware on four login credentials, text messages, or maliciously subscribing phases: package, user, application, and validation phase. The the user to expensive premium services. malware detection will be based on behavioral and classified Today’s world is mobile (Smartphone) world. Due to low according to their risk (High, Medium, and Low). This will prices of Smartphone’s are availability in 3G and 4G be helpful for the user to handle the system (Application) networks. Smartphone’s and tablets have become extremely very smoothly. popular in the last years. At the end of 2014, the number of active mobile devices worldwide was almost 7 billion, and in Keywords: Android, malware detection and prevention, developed nations the ratio between mobile devices and feature extraction, behavioral based people is estimated as 120.8 % [22]. Most of these many are common peoples who don’t know what is the android INTRODUCTION structure and how android system work. Due to well interface Android is Linux based open sources operation system and openness android is very popular day by day. There are developed by Google. Now a day it is very popular due to its much more application available which increase several features. As increasing in number of Android phones performances of system as well as reduce time and cost. there is simultaneous increase in mobile malware The user is unaware of which application is good and which apps that performs malicious activities like misusing user’s are harmful. Many apps are stealing user personal data. More private information as sending messages. Malware is a type than 1 millions of malicious apps are currently available in of malicious software which interrupt the different operation the world [23]. Many apps looks like as normal and useful on mobile system, crashes the important information or apps, but they hide treacherous code which performs actions private information of the mobile system. In other words in the background that threatens the user privacy, the device malicious software, malware refers to software programs integrity, or even user’s credit. designed to damage or do other unwanted actions on a mobile All private companies and government organizations moved system. their work to android application. The chances of information Furthermore, all these misbehaviors can be performed on leakage and theft of personal data is increased. In existing Android devices without the user notice (or when it is too system focus on limited features of android application to

901 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

detect malware. Therefore here system is proposed to better ICC Detector trained model for malware detection malware detection in android Devices. Author Proposed [4] a new malware detection method, named ICC Detector. ICC Detector outputs a detection model after LITERATURE SURVEY training with a set of benign apps and a set of , and There are various methods available for android malware employs the trained model for malware detection. The detection classification & prevention in literature it has been performance of ICC Detector is evaluated with 5264 observed that mainly three approaches were considered which malwares, and 12 026 benign apps. Compared with their are as follows: benchmark, which is a permission-based method proposed by  Signature-based detection: may be a widespread Peng et al. in 2012 with an accuracy up to 88.2%, technique supported looking for antecedently outlined ALTERDROID, a dynamic analysis approach for detecting virus signatures in input files [23]. Signature detection has such hidden or obfuscated malware the advantage of detecting malicious activity before the system is infected by the malicious code. In this paper [5] they had describe ALTERDROID, a dynamic analysis approach for detecting such hidden or  Behavior checking: is another standard technique obfuscated malware components distributed as parts of an app supported a behavior checker that resides within the package. The key idea in ALTERDROID consists of memory longing for uncommon behavior. [23] During this analyzing the behavioral differences between the original app case, the user is alerted. Behavior checker encompasses a and a number of automatically generated versions of it, where disadvantage that by the time a malicious activity is a number of modifications (faults) have been carefully detected, some changes have already been done to the injected. Observable differences in terms of activities that system. appear or vanish in the modified app are recorded.  Integrity Checker: is the technique that maintains a log of all the files that area unit gift within the system. The Exchanging data using two detection methods log could contain characteristics of files just like the file The Author have aim [6] to spot malware covertly size, date/time stamp and substantiation. Whenever exchanging data using two detection methods based on associate degree integrity checker is run, it'll check the artificial intelligence tools, such as neural networks and decision trees. To verify their effectiveness, seven covert files on the system and compares with the characteristics it channels have been implemented and tested over a had saved earlier. [23] measurement framework using Android devices. Experimental results show the feasibility and effectiveness to Depending upon types of malware detection detect the hidden data exchange between colluding method/technique The existing approaches are classified and applications. listed below Privacy preserving data-leak detection Host based malware detection In this technique author presented [10] a privacy preserving Andrea Saracino at. [1] Presented MADAM, a novel host- data-leak detection (DLD) solution to solve the issue where a based malware detection system for Android devices this special set of sensitive data digests is used in detection. The simultaneously analyzes and correlates features at four levels: advantage of our method is that it enables the data owner to kernel, application, user and package, to detect and stop safely delegate the detection operation to a semi honest malicious behaviors. MADAM has been designed to take into provider without revealing the sensitive data to the provider. account those behaviors characteristics of almost every real They describe how Internet service providers can offer their malware which can be found in the wild. MADAM detects customers DLD as an add-on service with strong privacy and effectively blocks more than 96% of malicious apps, guarantees. which come from three large datasets with about 2,800 apps, Permission - induced risk in Android apps by exploiting the cooperation of parallel classifiers and a In this paper [12], they explore the permission-induced risk in behavioral based detector. Android apps on three levels in a systematic manner. First, Inter-App permission Leakage they thoroughly analyze the risk of an individual permission Hamid Bagheri at [2], presents COVERT, a tool for and the risk of a group of collaborative permissions. They compositional analysis of Android inter-app vulnerabilities. employ three feature ranking methods, namely, mutual COVERT’s analysis is modular to enable incremental information, correlation coefficient, and T-test to rank analysis of applications as they are installed, updated, and Android individual permissions with respect to their risk. We removed. It statically analyzes the reverse engineered source then use sequential forward selection as well as principal code of each individual app, and extracts relevant security component analysis to identify risky permission subsets. specifications in a format suitable for formal verification. VetDroid, a dynamic analysis platform Given a collection of specifications extracted in this way, a In This paper [13] they have presented VetDroid, a dynamic formal analysis engine (e.g., model checker) is then used to analysis platform for generally analyzing sensitive behaviors verify whether it is safe for a combination of applications in Android apps from a novel permission use perspective. holding certain permissions and potentially interacting with VetDroid proposes a systematic permission use analysis each other to be installed together. technique to effectively construct permission use behaviors,

902 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

i.e., how applications use permissions to access (sensitive) example [26]. Pirated copies of a game were infected with system resources, and how these acquired permission- an outbreak that sent valuable SMS messages once sensitive resources are further utilized by the application. users complete the illicit copy of the sport. Hijacking With permission use behaviors, security analysts can easily phone resources isn't sudden – malware authors are examine the internal sensitive behaviors of an app. mistreatment victims’ resources for quite a where as.

 Denial-of-Service (DoS): consistent with Dagon et al. Solution that leverages a method to assign a risk score to [26], DoS may well be done by flooding the device and each app exhausting power. At present, it's extraordinarily simple to Christopher S. Gates [15] had proposed a solution that crash or overwhelm most Bluetooth applications on leverages a method to assign a risk score to each app and mobile devices simply by causation perennial items of display a summary of that information to users. Results from data, corrupted packets, and incorrect file formats. four experiments are reported in which they examine the However, power demands forever constrain mobile effects of introducing summary risk information and how best devices , therefore this latter class is believed to be a lot of it is. serious. DoS continues to be the dominant attack kind that may be exploited from the celebrated vulnerabilities [24]. ANDROID MALWARE DETECTION OVERVIEW Trying to the attack history, several Trojans, Worms, Malware outbreaks in wireless networks represent associate Viruses have entered the mobile world and have affected rising analysis topic [24]. In November 2006 web poll of them. Consistent with F-secure, there have been quite 350 company IT directors by security seller’s sophos reported that mobile malware in circulation by the tip of 2007 [9][29] . eighty one of respondent specific concern over malware and targeting mobile devices can become a big threat. Detection Methods of Android Malware However, sixty fourth aforementioned they need nothing in situ to secure their sensible phones and PDAs [25]. Because Presently, there are two Methods to detect Android Malware: the range of mobile devices within the world has swollen static behavioral detection method and dynamic behavioral dramatically in recent years, the number of malware targeting detection method. the mobile devices conjointly accumulated [25]. This is brief examined the work by Dagon et.al [26], to grasp the kinds of Static Behavioral Detection Method: attacks against mobile devices on the idea of securities Through analyzing and examination the instruction codes attackers hope to attain. Table I depicts the classification of the software package, Static activity detection established by the authors methodology detects whether or not the software package The detailed description of security attacks is mentioned contains API operate calls which may cause malicious below behaviors. mistreatment this methodology to discover, it first of all acquires Java supply codes of humanoid application Security Goals Types of Attacks software package, analyzes whether or not the software Confidentiality Theft of data, bluebugging package contains sensitive operate calls and whether or not and bluesnarfing there square measure security threats, so comes up with the conclusion whether or not the software package is malicious Integrity Phone hijacking or not. Static activity detection methodology has to decompile Availability Denial-of-service attacks the appliance by ways that of reverse engineering to and battery draining accumulate supply codes. However the analysis is usually full

of software package secret writing and implicit functions Table 1. Security Attacks (virtual functions, etc.,) thus it always cannot draw the proper

conclusion.  Theft of data: Hackers usually attack mobile devices to get transient info and static info. Transient info includes Dynamic behavioral Detection Method: the phones location, its power usage and alternative Dynamic behavioral detection methodology works information, that the device doesn’t usually record throughout the running of the appliance. It detects and records [26].They attack on static info that cellular devices store the system’s communications, short messages, network or send over the network. These attacks attempt to get interfaces and therefore the network access of the relevant information like contact info, phone numbers, and implicit data, therefore exploit the application’s behavior programs keep on sensible phones. The blue snarfing and model. Dynamic behavioral detection methodology will solve blue bugging attack area unit samples of information the issues that static detection methodology cannot do as a larceny. the blue bugging attack permits unauthorized result of the appliance codes square measure encrypted or access to the phone and will embrace paying attention to confused. Dynamic behavioral detection methodology calls made of and to a victim’s phone. constructs operation setting by victimization sandbox, virtual machine and alternative forms, and simulates the execution of  Phone Hijacking: Some malware may conceive to use the appliance to amass the application’s behavior model. it's the victim’s phone resources. Prospects embrace putting higher request to the period detection long-distance or 900-number calls, causing valuable SMS messages, etc. The recent Mosquitoes virus is one

903 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

Acquiring the Malicious Behaviors  May  Post-facto, Firstly, the author collects fifty malicious computer detect a attack already code samples as well as worm, spyware and worms, etc., 2 wide occurred decompiles them, and analyzes the operate calls of their range of  Easy to evade APK supply codes. Within the method of decompilation, the Behavior- novel once known author uses DEX2JAR to rework categories.dex file to Java based attacks codes, so the reworked categories.dex file contains APK detection implementation codes, acquires its resources file and  Low false positives sophistication file, and uses Java Decompiler to rework the category file to clear format. The binary  Can be AndroidManifest.XML file is reworked by AXMLPrinter2 cheap to [30]. deploy and Behaviors The name of information monitor Collector Receives SMS/MMS SMS/MMS , IMEI Sends SMS/MMS, Access Phone Number, Contacts Device location PROPOSED WORK Send Data over HTTP(s), Email, Android Version The propose System will be consist of new feature extraction Execute Commands algorithm to extract appropriate feature of android Uses WiFi, Encryption Browser History, GPS application. The malware detection is based on behavioral. Coordinates On successful implementation of system it will classify Write to disk (internal or Data in Flash Card , Call android apps into two type’s i.e. malicious app or benign app external flash card) logs (not malware or harmful). The system will also give risk rank Obfuscation, Internet Logs Phone Conversation (risk involved) of that particular app. This will help user to Send Data (cellular) Root Level handle various application in his android devices. Receive Data over HTTP(s) The proposed system will be consisting of three modules the Table 2. The Statistic of the Sample`s malicious behavior details are as follows:

 Pre-App Monitor COMPARISONS BETWEEN DETECTION TECHNIQUES The pre-app monitor will be complementary to the monitor activity it is aimed to detecting additional misbehaviors (Patterns) of unknown application. The pre-app monitor Sr.No Malware Pros Cons module deals with Detection Structure of an android application: Technique Components are basic logical building blocks of Android  Can detect  May miss applications. Each component can be run individually, potentially known attacks either by its embodying application or by system upon a wide permitted requests from other applications. Android 1 range of  May miss novel attacks if they applications can comprise four types of components: (1) Anomaly- novel don't stick out Activity components provide the basis of the Android based attacks along the user interface. Each Application may have multiple detection observed Activities representing different screens of the dimension application to the user. (2) Service components provide background processing capabilities, and do not provide  High false any user interface. Playing music and downloading a file positive rate while a user interacts with another application are examples of operations that may run as a Service. (3)  Purity of Broadcast Receiver components respond training data asynchronously to system-wide message broadcasts. A (i.e., absence of receiver component typically acts as a gateway to other attacks) components, and passes on messages to Activities or Services to handle them. (4) Content Provider components provide database capabilities to other components. Such databases will be used for both intra- app data persistence as well as sharing data across applications.

904 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

Extraction of features of android app [2]  “Sms Trojan”  “Spyware”  “Installer” Algorithm 1. Model Extractor  “” (prevent user from interacting with the device) Input: app: Android App Output: A: App’s Extracted Model Giving information to user about malicious app. 1 A ← < {}; {}; {}; {}; {}> The risk information of the application will be given to 2 ICFG ← {} user at the run time. The notification of pop-up message 3 summaries ← {} will be occurred on user screen. //►Entity Extraction cf. Sec. 5.1 4 A:C ← extractManifestComponents (app)  User Interface 5 A:P ← extractManifestPermissions(app) The User interface module will be responsible for prevention 6 A:F ← extractManifestFilters(app) of malware. 7 IFEntities ← {} 8 foreach method € app do Taking Decision about Application: 9 IFEntities ← identifyIFEntity(method; summaries) In this stage proper decision about application will 10 end be taken, either user want to keep the application or uninstall 11 resolveIFEntityAttr(IFEntities) the application. 12 A:I ← getIntents(IFEntities) 13 A:F ← getIntentFilters(IFEntities) Ư A:F Perform the appropriate action (uninstall app or keep //►ICFG Augmentation - cf. Sec. 5.2 app): 14 G ← constructICFG(app) In this stage include prevention module which stop 15 E ← extractImplicitCallBacks(app) malicious action and in case a malware is found handle the 16 ICFG ← augmentICFG(G;E) procedure for removing the application. //►Vul. Paths Identification - cf. Sec. 5.3 17 A:S← findVulPaths(A:C; ICFG)

Storing the extracted feature in feature set. The output of the model extractor algorithm will be stored in feature set as well as the pattern or behavior of known application will be stored for future use.

 Risk Analysis In the risk analysis module calculate the risk of android application. The risk Analysis module deals with Classifying the application according to their behavior malicious app or benign app: The classification will be done on malicious behavioral patterns. which are as following

Figure 1. Proposed System Architecture  “Text messages sent by a non-default message app”.

 “Text messages sent to numbers not in the user contact list”. CONCLUSION  “High number of outgoing message per period of time”. This paper reviews the existing malware detection and  “High number of process per app”. prevention techniques. Here existing malware detection &  “Unauthorized installation of new apps”. prevention approaches were discussed & overviewed  “Unsolicited kernel level activity of background malicious software are present in large numbers on android app”. platform compare to others the harm of malicious behavior is increasing recently which brings greater challenges to Calculating the risk of Malware affected app: detection & prevention of android malicious software. Here The risk (High Medium Low) will be calculated on the system is proposed with the help of new feature extraction basic of malware classes. Which are as following algorithm for detection of android malware apps & risk analysis of it. Depending upon system result user will initiate appropriate action. This system will address android platform  “” security problems will be useful in near future .  “Root kit”

905 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

References [11] Parvez Faruki, Ammar Bharmal, Vijay Laxmi, Vijay [01] Andrea Saracino, Daniele Sgandurra, Gianluca Dini Ganmoor, Manoj Singh Gaur,Mauro Conti, Senior and Fabio Martinelli, “MADAM: Effective and Member, IEEE, and Muttukrishnan Rajarajan Efficient Behavior-based Android Malware Detection “Android Security: A Survey of Issues, Malware and Prevention”, IEEE Transactions on Dependable Penetration, and Defenses” IEEE and Secure Computing , 2016. COMMUNICATION SURVEYS & TUTORIALS, [02] Hamid Bagheri, Member, IEEE, Alireza Sadeghi, VOL. 17, NO. 2, SECOND QUARTER 2015 Joshua Garcia, and Sam Malek, Member, IEEE, [12] Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, “COVERT: Compositional Analysis of Android Inter- Zhen Han, and Xiangliang Zhang, Member, IEEE, App Permission Leakage” IEEE Transactiton on “Exploring Permission-Induced Risk in Android software engineering,2015 Applications for Malicious application Detection” [03] Shancang Li, Theo Tryfonas, Gordon Russell, and IEEE TRANSACTIONS ON INFORMATION Panagiotis Andriotis, “Risk Assessment for Mobile FORENSICS AND SECURITY, VOL. 9, NO. 11, Systems Through a Multilayered Hierarchical NOVEMBER 2014 Bayesian Network”, IEEE TRANSACTIONS ON [13] Yuan Zhang, Min Yang, Zhemin Yang, Guofei Gu, CYBERNETICS, VOL. 46, NO. 8, AUGUST 2016 Peng Ning, and Binyu Zang, “Permission Use Analysis [04] Ke Xu, Yingjiu Li, and Robert H. Deng for Vetting Undesirable Behaviors in Android Apps” “ICCDetector: ICC-Based Malware Detection on IEEE TRANSACTIONS ON INFORMATION Android”, IEEE TRANSACTIONS ON FORENSICS AND SECURITY, VOL. 9, NO. 11, INFORMATION FORENSICS AND SECURITY, NOVEMBER 2014 VOL. 11, NO. 6, JUNE 2016 [14] Silvio Cesare, Member, IEEE, Yang Xiang, Senior [05] Guillermo Suarez-Tangil, Juan E. Tapiador, Flavio Member, IEEE , and Wanlei Zhou, Senior Member, Lombardi, and Roberto Di Pietro, “ALTERDROID: IEEE, “Control Flow-Based Malware Variant Differential Fault Analysis of Obfuscated Smartphone Detection” IEEE TRANSACTIONS ON Malware” IEEE TRANSACTIONS ON MOBILE DEPENDABLE AND SECURE COMPUTING, VOL. COMPUTING, VOL. 15, NO. 4, APRIL 2016. 11, NO. 4, JULY/AUGUST 2014 [06] Luca Caviglione, Mauro Gaggero, Jean-François [15] Christopher S. Gates, Jing Chen, Ninghui Li, Senior Lalande, Wojciech Mazurczyk, Senior Member, Member, IEEE, and Robert W. Proctor, “Effective IEEE,and Marcin Urba´nski “Seeing the Unseen: Risk Communication for Android Apps” IEEE Revealing Mobile Malware Hidden Communications TRANSACTIONS ON DEPENDABLE AND via Energy Consumption and Artificial Intelligence”, SECURE COMPUTING, VOL. 11, NO. 3, MAY- IEEE TRANSACTIONS ON INFORMATION JUNE 2014 FORENSICS AND SECURITY, VOL. 11, NO. 4, [16] Zhiyong Shan and Xin Wang “Growing Grapes in APRIL 2016 Your Computer to DefendAgainst Malware” IEEE TRANSACTIONS ON INFORMATION [07] Xiaokui Shu, Jing Zhang, Danfeng (Daphne) Yao, FORENSICS AND SECURITY, VOL. 9, NO. 2, Senior Member, IEEE, and Wu-Chun Feng, Senior FEBRUARY 2014 Member IEEE, “Fast Detection of Transformed Data [17] Vaibhav Rastogi, Yan Chen, and Xuxian Jiang ,“Catch Leaks”, IEEE TRANSACTIONS ON Me If You Can: Evaluating Android Anti-Malware INFORMATION FORENSICS AND SECURITY, Against Transformation Attacks” IEEE VOL. 11, NO. 3, MARCH 2016 TRANSACTIONS ON INFORMATION [08] Chunjie Zhou, Shuang Huang, Naixue Xiong, Senior FORENSICS AND SECURITY, VOL. 9, NO. 1, Member, IEEE, Shuang-Hua Yang, Senior Member, JANUARY 2014 IEEE,Huiyun Li, Yuanqing Qin, and Xuan Li, “Design [18] Wei Peng, Student Member, IEEE, Feng Li, Member, and Analysis of Multimodel-Based Anomaly Intrusion IEEE,Xukai Zou, Member, IEEE, and Jie Wu, Fellow, Detection Systems in Industrial Process Automation” IEEE “Behavioral Malware Detection in Delay IEEE TRANSACTIONS ON SYSTEMS, MAN, AND Tolerant Networks”, IEEE TRANSACTIONS ON CYBERNETICS: SYSTEMS, VOL. 45, NO. 10, PARALLEL AND DISTRIBUTED SYSTEMS, VOL. OCTOBER 2015 25, NO. 1, JANUARY 2014 [09] Jemal Abawajy, Senior Member, IEEE, Morshed [19] Junghwan Rhee, Member, IEEE, Ryan Riley, Member, Chowdhury and Andrei Kelarev, “Hybrid Consensus IEEE, Zhiqiang Lin, Member, IEEE, Xuxian Jiang, and Pruning of Ensemble Classifiers for Big Data Malware Dongyan Xu, Member, IEEE, “Data-Centric OS Detection”, IEEE TRANSACTIONS ON CLOUD Kernel Malware Characterization” IEEE COMPUTING, VOL. 3, NO. 2, OCTOBER 2015 TRANSACTIONS ON INFORMATION [10] Xiaokui Shu, Danfeng Yao, Member, IEEE, and Elisa FORENSICS AND SECURITY, VOL. 9, NO. 1, Bertino, Fellow, IEEE “Privacy-Preserving Detection JANUARY 2014 of Sensitive Data Exposure” , IEEE TRANSACTIONS [20] Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro ON INFORMATION FORENSICS AND SECURITY, Peris-Lopez, and Arturo Ribagorda, “Evolution, VOL. 10, NO. 5, MAY 2015 Detection and Analysis of Malware for Smart Devices”, IEEE COMMUNICATIONS SURVEYS &

906 International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com

TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 [21] http://www.symantec.com/connect/blogs/another- media-stealing-app-found-google-play [22] “Global mobile statistics 2014 part a: Mobile subscribers;handset market share; mobile operators,” http://mobiforge.com/research-analysis/global-mobile- statistics-2014-part-a-mobile subscribers-handset- market-share-mobile-operators, 2014. [23] D. Venugopal, “An Efficient Signature Representation and Matching Method fo Mobile Devices,” Proc. 2nd Annual International workshop on Wireless Internet (WICON ’06), Boston, MA, United States, 2006. doi: 10.1145/1234161.1234177. [24] Q. Yang, R. H . Deng, Y. Li, and T.Li, “On the Potential of Limitation-oreinted Malware Detection and Prevention Techniques on Mobile Phones,” International Journal of Security and its Applications, vol. 4, no. 1, Jan. 2010. [25] G. Lawton, “Is It Finally Time to Worry about Mobile Malware?,” Computer, vol. 41, no. 5, May 2008, pp. 12-14, doi:10.1109/MC.2008.159. [26] D. Dagon,T. Martin, and T. Starner, “Mobile Phones as Computing Devices,the Viruses are Coming!,” Pervasive Computing, IEEE, vol. 3,no. 4, Oct-Dec. 2004, pp. 11-15. doi: 10.1109/MPRV.2004.21. [27] M. Howell, S. Love, and M. Turner, “User Characteristics and Performance with Automated Mobile Phone Systems,” International Journal of Mobile Communications, vol. 6, no. 1,2008, pp.1-15. [28] A. Shmidt, F. Peters, F. Lamour, and S. Albayrak, “Monitoring Smartphones for Anomaly Detection,” Proc. 1st International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, 2008. [29] Lamia Ketari and Mohammadi Akheela Khanum, “A Review of Malicious Code Detection Techniques for Mobile Devices”, International Journal of Computer Theory and Engineering Vol. 4, No. 2, April 2012 [30] K. Sharma, T. Dand, T. Oh, et al., “Malware Analysis for Android Operating”, 8th Annual Symposium on Information Assurance (ASIA’13), vol. 31, (2013).

907