More Web Proxy on the site http://driver.im/

article

Androscanreg 2.0: : Enhancement of Android Applications Analysis in a Flexible Blockchain Environment

Authors:

Abdellah Ouaguid,

Noreddine Abghour,

Mohammed Ouzzif,

Mouad ZouinaAuthors Info & Claims

International Journal of Software Innovation (IJSI), Volume 10, Issue 1

Pages 1 - 28

https://doi.org/10.4018/IJSI.309724

Published: 30 September 2022 Publication History

Abstract

In this article, the authors propose a new innovative method based on blockchain technology providing an analysis of Android applications in a decentralized, flexible, and reliable way. The proposed approach improves the typical operation of the blockchain technology that considers invalid (or “fraudulent”) any outcome different from other results found by the majority of network nodes. However, ignoring any result different from the majority without starting additional verification can cause losses in terms of data, time, computing power, or even system reliability and the integrity of its data. The purpose of the presented approach is to confirm or deny the legitimacy of any outcome different from the majority. This new concept will facilitate the detection of polymorphic programs by allowing nodes to adopt specific environments at any time to reduce the rejection of results deemed, wrongly, to be fraudulent. A proof of concept has been designed and implemented showing the feasibility of the proposed approach with a real case study.

References

[1]

Aafer, Y., Du, W., & Yin, H. (2013). Droidapiminer: Mining api-level features for robust malware detection in android. In International conference on security and privacy in communication systems (pp. 86–103). Academic Press.

[2]

Ahmadi, M., Sotgiu, A., & Giacinto, G. (2018). Intelliav: Building an effective on-device android malware detector. arXiv preprint arXiv:1802.01185.

[3]

Ahvanooey, M. T., Li, Q., Rabbani, M., & Rajput, A. R. (2020). A survey on smartphones security: software vulnerabilities, malware, and attacks. arXiv preprint arXiv:2001.09406.

[4]

Al-Jaroodi, J., & Mohamed, N. (2019). Blockchain in industries: A survey. IEEE Access: Practical Innovations, Open Solutions, 7, 36500–36515.

[5]

Almin, S. B., & Chatterjee, M. (2015). A novel approach to detect android malware. Procedia Computer Science, 45, 407–417.

[6]

Almotairy, R., & Daadaa, Y. (2021). B-droid: A static taint analysis framework for android applications. International Journal of Advanced Computer Science and Applications, 12(1). 10.14569/IJACSA.2021.0120150

[7]

Alzaylaee, M. K., Yerima, S. Y., & Sezer, S. (2020). Dl-droid: Deep learning based android malware detection using real devices. Computers & Security, 89, 101663.

Digital Library

[8]

Aonzo, S., Merlo, A., Migliardi, M., Oneto, L., & Palmieri, F. (2017). Lowresource footprint, data-driven malware detection on android. IEEE Transactions on Sustainable Computing, 5(2), 213–222.

[9]

AppBrain. (2021). Top android os versions. https://www.appbrain.com/stats/top-android-sdk-versions

[10]

Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., & Siemens, C. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In NDSS (Vol. 14, pp. 23–26). Academic Press.

[11]

Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., & Yu, H. (2018). Samadroid: A novel 3-level hybrid malware detection model for android operating system. IEEE Access: Practical Innovations, Open Solutions, 6, 4321–4339.

[12]

Bai, C., Han, Q., Mezzour, G., Pierazzi, F., & Subrahmanian, V. (2019). Dbank:Predictive behavioral analysis of recent android banking trojans. IEEE Transactions on Dependable and Secure Computing, 1.

[13]

Cabau, G., Buhu, M., & Oprisa, C. P. (2016). Malware classification based on dynamic behavior. In 2016 18th international symposium on symbolic and numeric algorithms for scientific computing (synasc) (pp. 315–318). 10.1109/SYNASC.2016.057

[14]

Castro, M., & Liskov, B. (1999). Practical byzantine fault tolerance. In OSDI (Vol. 99, pp. 173–186). Academic Press.

[15]

Chester, P., Jones, C., Mkaouer, M. W., & Krutz, D. E. (2017). M-perm: A lightweight detector for android permission gaps. In 2017 IEEE/ACM 4th international conference on mobile software engineering and systems (mobilesoft) (pp. 217–218). Academic Press.

[16]

Dharmalingam, V. P., & Palanisamy, V. (2020). A novel permission ranking system for android malware detection—The permission grader. Journal of Ambient Intelligence and Humanized Computing, 1–11.

[17]

Di Cerbo, F., Girardello, A., Michahelles, F., & Voronkova, S. (2010). Detection of malicious applications on android os. In International workshop on computational forensics (pp. 138–149). Academic Press.

[18]

Eilam, E. (2011). Reversing: secrets of reverse engineering. John Wiley & Sons.

[19]

El Haddouti, S., & El Kettani, M. D. E.-C. (2019). Analysis of identity management systems using blockchain technology. In Commnet (pp. 1–7).

[20]

Falliere, N., Murchu, L. O., & Chien, E. (2011). W32. stuxnet dossier. White paper, Symantec Corp.

[21]

Fatima, A., Kumar, S., & Dutta, M. K. (2021). Host-server-based malware detection system for android platforms using machine learning. In Advances in computational intelligence and communication technology (pp. 195–205). Springer.

[22]

Feng, R., Chen, S., Xie, X., Meng, G., Lin, S.-W., & Liu, Y. (2020). A performance-sensitive malware detection system using deep learning on mobile devices. IEEE Transactions on Information Forensics and Security, 16, 1563–1578.

[23]

Gartner. (2020). Gartner says worldwide smartphone sales will grow 3% in 2020. Author. https://www.gartner.com/en/newsroom/press-releases/2020-01-28-gartner-says-worldwide-smartphone-sales-will-grow-3--

[24]

Google-Developers. (2019). Multiple apk support. Documentation for app developers. https://developer.android.com/google/play/publishing/multiple-apks.html

[25]

Google-Play-Help. (2021). Full list of supported android devices. Google Play Help. https://storage.googleapis.com/play public/supporteddevices.html

[26]

Han, H., Li, R., & Gu, X. (2016). Identifying malicious android apps using permissions and system events. International Journal of Embedded Systems, 8(1), 46–58.

[27]

IDC. (2020). Smartphone market share 2020. Author. https://www.idc.com/promo/smartphone-market-share/os

[28]

Iezzi, D. (2020). Google play python api. GitHub. https://github.com/NoMore201/googleplay-api

[29]

Jan, S., Musa, S., Ali, T., Nauman, M., Anwar, S., Ali Tanveer, T., & Shah, B. (2021). Integrity verification and behavioral classification of a large dataset applications pertaining smart os via blockchain and generative models. Expert Systems: International Journal of Knowledge Engineering and Neural Networks, 38(4), e12611.

[30]

Jones, P. C. D. K. C. P. C. (2020). Android m permissions analysis. GitHub. https://github.com/MPerm/MPermission

[31]

Kansal, S. (2020). A simple tutorial for developing a blockchain application from scratch in python. Github. https://github.com/satwikkansal/python

[32]

Karim, A., Chang, V., & Firdaus, A. (2021). Android botnets: A proof-ofconcept using hybrid analysis approach. In Research anthology on securing mobile technologies and applications (pp. 75–92). IGI Global.

[33]

Koldemir, B. (2020). A digital transformation in international transport and logistics: Blockchain. In Handbook of research on the applications of international transportation and logistics for world trade (pp. 425–453). IGI Global.

[34]

Kumar, R., Wang, W., Kumar, J., Zakria, Yang, T., & Ali, W. (2021). Collective intelligence: Decentralized learning for android malware detection in iot with blockchain. Academic Press.

[35]

Kushner, D. (2013). The real story of stuxnet. IEEE Spectrum, 3(50), 48–53.

[36]

Lao, L., Li, Z., Hou, S., Xiao, B., Guo, S., & Yang, Y. (2020). A survey of iot applications in blockchain systems: Architecture, consensus, and traffic modeling. ACM Computing Surveys, 53(1), 1–32.

Digital Library

[37]

Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., & Ye, H. (2018). Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics, 14(7), 3216–3225.

[38]

Martinelli, F., Marulli, F., & Mercaldo, F. (2017). Evaluating convolutional neural network for effective mobile malware detection. Procedia Computer Science, 112, 2372–2381.

Digital Library

[39]

Matsudo, T., Kodama, E., Wang, J., & Takata, T. (2012). A proposal of security advisory system at the time of the installation of applications on android os. In 2012 15th international conference on network-based information systems (pp. 261–267). 10.1109/NBiS.2012.110

Digital Library

[40]

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Academic Press.

[41]

Nari, S., & Ghorbani, A. A. (2013). Automated malware classification based on network behavior. In 2013 international conference on computing, networking and communications (icnc) (pp. 642–647).

Digital Library

[42]

Ouaguid, A., Abghour, N., & Ouzzif, M. (2018). A novel security framework for managing android permissions using blockchain technology. [IJCAC]. International Journal of Cloud Applications and Computing, 8(1), 55–79.

[43]

Ouaguid, A., Abghour, N., & Ouzzif, M. (2022). Node security metric: Proof of conformity blockchain consensus protocol. In Kacprzyk, J., Balas, V. E., & Ezziyyani, M. (Eds.), Advanced intelligent systems for sustainable development (ai2sd’2020) (pp. 665–682). Springer International Publishing.

[44]

Ouaguid, A., Ouzzif, M., & Abghour, N. (2020). Vulnerability Detection Approaches on Application Behaviors in Mobile Environment. In Education excellence and innovation management: A 2025 vision to sustain economic development during global challenges (pp. 16830-16839). Academic Press.

[45]

POA-Network. (2017). Proof of authority: consensus model with identity at stake. https://medium.com/poa-network/proof-of-authority-consensus-model-with-identity-at-stake-d5bd15463256

[46]

Poelstra, A. (2015). On stake and consensus. WP Software, 22.

[47]

QuZ.RastogiV.ZhangX.ChenY.ZhuT.ChenZ. (2014). Autocog: Measuring the description-to-permission fidelity in android applications. In Proceedings of the 2014 acm sigsac conference on computer and communications security (pp. 1354–1365). 10.1145/2660267.2660287

[48]

Sumathi, M., & Sangeetha, S. (2020). Blockchain based sensitive attribute storage and access monitoring in banking system. International Journal of Cloud Applications and Computing, 10(2), 77–92.

Digital Library

[49]

Sun, M., Li, X., Lui, J. C., Ma, R. T., & Liang, Z. (2016). Monet: A useroriented behavior-based malware variants detection system for android. IEEE Transactions on Information Forensics and Security, 12(5), 1103–1112.

Digital Library

[50]

Sun, Y. S., Chen, C.-C., Hsiao, S.-W., & Chen, M. C. (2018). Antsdroid: Automatic malware family behaviour generation and analysis for android apps. In Australasian conference on information security and privacy (pp. 796–804). Academic Press.

[51]

Syed, T. A., Siddique, M. S., Nadeem, A., Alzahrani, A., Jan, S., & Khattak, M. A. K. (2020). A novel blockchain-based framework for vehicle life cycle tracking: An end-to-end solution. IEEE Access: Practical Innovations, Open Solutions, 8, 111042–111063.

[52]

Taheri, R., Javidan, R., & Pooranian, Z. (2021). Adversarial android malware detection for mobile multimedia applications in iot environments. Multimedia Tools and Applications, 80(11), 16713–16729.

Digital Library

[53]

Tang, J., Li, R., Wang, K., Gu, X., & Xu, Z. (2020). A novel hybrid method to analyze security vulnerabilities in android applications. Tsinghua Science and Technology, 25(5), 589–603.

[54]

Wazid, M., Zeadally, S., & Das, A. K. (2019). Mobile banking: evolution and threats: malware threats and security solutions. IEEE Consumer Electronics Magazine, 8(2), 56–60.

[55]

WIRED. (2018). How android phones hide missed security updates from you. https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/

[56]

WuY.ZouD.YangW.LiX.JinH. (2021). Homdroid: detecting android covert malware by social-network homophily analysis. In Proceedings of the 30th acm sigsoft international symposium on software testing and analysis (pp. 216–229). 10.1145/3460319.3464833

Digital Library

[57]

Xiao, L., Li, Y., Huang, X., & Du, X. (2017). Cloud-based malware detection game for mobile devices with offloading. IEEE Transactions on Mobile Computing, 16(10), 2742–2750.

Digital Library

[58]

Yamaguchi, F., Golde, N., Arp, D., & Rieck, K. (2014). Modeling and discovering vulnerabilities with code property graphs. In 2014 IEEE symposium on security and privacy (pp. 590–604).

Digital Library

[59]

Yeriomin, S. (2018). Google play store protobuf api wrapper in java. Github. https://github.com/yeriomin/play-store-api

[60]

Yuan, Z., Lu, Y., & Xue, Y. (2016). Droiddetector: Android malware characterization and detection using deep learning. Tsinghua Science and Technology, 21(1), 114–123.

[61]

Zhang, P., & Boulos, M. N. K. (2020). Blockchain solutions for healthcare. In Precision medicine for investigators, practitioners and providers (pp. 519–524). Elsevier.

[62]

Zouina, M., & Outtai, B. (2019). Towards a distributed token based payment system using blockchain technology. In 2019 international conference on advanced communication technologies and networking (commnet) (pp. 1–10).

Cited By

Bidry Ouaguid Hanine (2024)The Impact of Blockchain on E-Learning: Comparative Projects AnalysisProceedings of the 7th International Conference on Networking, Intelligent Systems and Security10.1145/3659677.3659732(1-7)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3659677.3659732

Index Terms

Androscanreg 2.0: Enhancement of Android Applications Analysis in a Flexible Blockchain Environment

Index terms have been assigned to the content through auto-classification.

Recommendations

Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Since Android is the most widespread operating system, malware targeting it poses a severe threat to the security and privacy of millions of users and is increasing from year to year. The response from the community was swift, and many researchers have ...
Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers

Android platform has dominated the markets of smart mobile devices in recent years. The number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android platform has also become the primary target of attackers. The management of ...
revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Dynamic revocation of permissions of installed Android applications has been gaining popularity, because of the increasing concern of security and privacy in the Android platform. However, applications often crash or misbehave when their permissions are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Software Innovation

International Journal of Software Innovation Volume 10, Issue 1

Sep 2022

2247 pages

ISSN:2166-7160

EISSN:2166-7179

Issue’s Table of Contents

Copyright © 2022.

Publisher

IGI Global

United States

Publication History

Published: 30 September 2022

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bidry Ouaguid Hanine (2024)The Impact of Blockchain on E-Learning: Comparative Projects AnalysisProceedings of the 7th International Conference on Networking, Intelligent Systems and Security10.1145/3659677.3659732(1-7)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3659677.3659732

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents