Order
Toll-free 24/7:
+13478098481
Order

Detection and Analysis of Malware in Smart Devices

Table of contents

Software technology has witnessed a surge of malicious programs which are written by malware writers. This presents a major threat to software technology. Software developers such as Android have developed security mechanisms to identify and ensure the security of information stored in smartphone devices (Iqbal & Zulkernine, 2018).

An example is the permission mechanism. However, researchers have proposed threats which can bypass the mechanism; thus there is a need to develop the most effective mechanism to eliminate potential threats over the internet. The antivirus programs installed on smartphone devices can secure the devices because of the restrictive nature of operating systems, i.e., an android which does not allow programs to scan the runtime behavior of users.

Get your 100% original paper on any topic done
in as little as 4 hours
Write My Essay

The antivirus malware detection relies on the identification of signature, a mechanism that is reactive rather than proactive. Great efforts have been made to improve the situation which involves dynamic and static analytical techniques. The static analysis comprises decompilation of an application file (apk) for example analysis of control flow, data flow, API call fingerprinting and byte N-gram.

However, the system of static analysis is becoming less effective because of the powerful techniques used in transmission. Thus, dynamic analysis is a useful complement to static analysis due to less vulnerability to transmission of codes. It can extract features which represent unique execution patterns. About 98% over of malware is different from traditional malware family (Iqbal & Zulkernine, 2018).

Dynamic analysis is used by software’s developer such as Google which uses Google bouncer which offer analysis to apks submitted (Iqbal & Zulkernine, 2018). Unfortunately, an Android application has a challenge in using an emulator because malware writers can evade detection. The writers can detect such emulators.

However, integration of the techniques is difficult on devices used by end users and requires a combination of techniques because a single technique or antivirus can only detect a particular family of malware. Currently, there are a number of techniques which are more effective in detecting malicious programs for example siren and spy droid. This paper discusses siren, an injection system that works collaboratively with an intrusion detection system to identify malware. It injects human input using virtual machine technology.

Technical review of the siren

Human input in siren is designed to generate network requests in a known pattern which is sent to the IDS. The IDS is expected to raise the alarm if traffic in the actual network change. Also, IDS detect blending in or mimicry of malware with siren activities. In situations where siren generates an activity which is difficult to separate from normal usage by malware attacks and the malware continue to mimic activity over time, then the likelihood of detecting the malware declines (Iqbal & Zulkernine, 2018).

Also, malware writer can avoid detection if they learn to differentiate between injected input and real input. This is possible by identifying an activity of end-users via out of band channel through calling him or her and request for input of predetermined sequence which triggers malware. An attack that involves the end-user is difficult. The identification of human input presents a real challenge. This is similar to a reverse Turing test which applies CAPTCHA to identify human and computer. This system gives human a challenge which he or she can solve and locks out a computer.

Design

Monitoring web content is one of the many possible ways to identify blending malware. The contents are monitored in terms of what comes into the web browser and human input for example typing in URLs and click links. A comparison is made between the resulting traffic generated by the network and the expected traffic. A difference between the two raises suspicion.

This method has limitations in its implementation although it is effective and does not need an injection of an input. Sophisticated modeling needed to determine what is expected of a web browser in addition to using a different machine to run an input. The security over the internet is culminated by habits of users to download not recommended programs and to copy and paste data into various forms and to upload files.

Software developers, however, continue to take a different approach to curb threats. Siren takes a different technique of injecting a known sequence of input instead of trying to predict network traffic which is a result of human input so that it has control over form data, file uploads, and other browsing activity.

This is possible through the use of a virtual machine (VM) technology useful in injecting an input to enable isolation from the guest operating system. The operating mat sometimes is infected or compromised by malware. A virtual machine has beneficial security features and able to run low-performance overhead. These have been advantageous in the inspection of the condition of an operating system installed on user machines without interfering with its operation and to check its susceptibility to threats.

However, virtual machines are limited to the number of machines which can be operated simultaneously although it often tampers with security features. The host machine can revert to its initial checkpoints. This is a gap in which many security companies take advantage. Siren can run with the main VM from the guest OS and in rare occasions, revert to checkpoints. Also, virtual machines have limited to its current wide use and must be installed for one to use Siren.

Recent research has shown the feasibility of operating the whole operating system inside of a VM without disturbing the OS, significantly hurting performance, or requiring any user interaction (Borders, Zhao, & Prakash, 2006). The current design of Siren comprises guest OS containing normal files of end users and applications. This is found in situations where the end users send emails, browse the internet and compose documents. Mostly, the guest operating system is vulnerable to infection by worms, spyware, and rootkits among other malicious software.

Siren operates at the background of a guest OS on the virtual machine monitor (VMM) thereby isolating itself from any possible threats. Background operation makes it able to view input and output (I/O) originating from guest OS and inject input without detection or disruption by a guest operating system.

Siren takes advantage of the fact that most legitimate programs less often communicate over the network when the user is not around. Many personal computers (PCs) have the ability to run less of the trusted processes, i.e. event notification programs and automated software updates which can generate traffic in the absence of its users.

These programs are capable of generating false positives if unfiltered (Borders, Zhao, & Prakash, 2006). The traffic which is based on process ID can be ignored as a way of filtering trusted applications and network messages. Most commercial protection programs (Black Ice Defender and Nortion Personal Firewall) apply this approach.

Injection and execution into other processes if often straightforward even though the decision by trust does not work well by origin processes. Most malware programs insert libraries into a browser to track the browsing pattern of the end users and at the same time send private information to host servers through the web browser (Borders, Zhao, & Prakash, 2006).

A good security program should support a whitelist of trusted destination addresses of a given network instead of just checking for the origin of processes. Softwares such as siren and spyDroid take advantage of this. As an example, if windows update, Google toolbar, and WeatherBug were to be installed, and the network messages should be ignored if they originate from workstation to the websites, i.e., windowsupdate.com and google.com and weatherbug.com respectively without looking at the application the request originates.

Using a white list of trusted addresses may craete gaps in the system (Borders, Zhao, & Prakash, 2006).

Evaluation of effectiveness for security software

Software’s developers for example siren and android developers aims at eliminating spyware. The programs installed in our devices should be evaluated before allowed into the market for end users who are ignorant of the probability of threats. Evaluation of the effectiveness of any security features of programs first requires its installation on a PC.

Different types of spyware should be installed. The first phase of the evaluation or test involves Siren run without injection of additional input to determine the number of spyware programs which generate network traffic in the absence of end user. However, this test has drawbacks when spyware programs make few web requests to camouflage with normal browsing activities. Also, it is difficult to identify spyware programs if they run as plug-ins within a web browser. This is a trusted process which receives legitimate input. This requires a program that uses input injection to detect embedded spyware in a web browser.

Evaluation malware detectors such as spyDroid and siren require manual creation of a pattern of web activities and replaying each with an installed spyware program. The detectors run a script to make a comparison of the websites that have been visited during a run for every input.

Flagged requests for the sites not visited in initial input run are considered as malicious. Application of this approach, the malware detectors can identify spyware programs even those that run within the web browser and evade detection. Many spyware programs do communicate during active browsing to camouflage with normal traffic.

Conclusion

The past techniques which are used in the identification of malicious activities are susceptible to attack and therefore are needed to develop programs which are difficult to mimic and trace activities of end users. Also, the end user should play their part by evading installation of software’s which are not recommended by device developers. A collaboration between and users and program developers, especially those dealing with an operating system of devices which handle sensitive information such as bank accounts, is necessary.

This can greatly help to reduce threats or attacks by malware. The findings in evaluating malware detection programs conclude that spyDroid in android smartphone devices and Siren is effective in the identification of malicious software which embeds themselves in web browsers.

Reference

  • Borders, K., Zhao, X., & Prakash, A. (2006, May). Siren: Catching evasive malware. In 2006 IEEE Symposium on Security and Privacy (S&P’06) (pp. 6-pp). IEEE.
  • Iqbal, S., ; Zulkernine, M. (2018, October). SpyDroid: A Framework for Employing Multiple Real-Time Malware Detectors on Android. In 2018 13th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 1-8). IEEE.

We will write a custom Essay on Detection and Analysis of Malware in Smart Devices specifically for you for only $16.05 $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount
Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyStudyWriters
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business and administrative studies
excellent job!
Customer 452773, May 25th, 2023
Business and administrative studies
excellent work
Customer 452773, March 12th, 2023
Managerial Accounting & Legal Aspects of Business ACC/543
excellent work
Customer 452773, February 7th, 2024
Management
Love this writer!!! Great work
Customer 452597, April 5th, 2021
Human Resources Management (HRM)
excellent work
Customer 452773, July 3rd, 2023
FIN571
excellent work
Customer 452773, March 1st, 2024
Criminal Justice
This has been the greatest help while I am recovering from an illness. Thank your team so much.
Customer 452671, May 2nd, 2021
business
Great job
Customer 452773, February 13th, 2023
History
Don't really see any of sources I provided, but elsewise its great, thank you!
Customer 452697, May 8th, 2021
Business and administrative studies
Excellent work ,always done early
Customer 452773, February 21st, 2023
Business and administrative studies
Thank you
Customer 452773, March 19th, 2023
Human Resources Management (HRM)
excellent, great job
Customer 452773, June 19th, 2023
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat
Check the price of your paper
Show more
Close

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Order with discount
Before you leave
Receive a guaranteed discount when ordering four or more pages
4
You'll get 15% discount
use discount
Live ChatWhatsApp