Android malware detection boosted by university research

Researchers from North Carolina State University have found a way to monitor for Android malware with very low overhead

By , IDG News Service |  Security

While app marketplace operators such as Apple or Google already screen the apps submitted to their stores, malware programmers have learned how to bury their code within an app so it doesn't execute until after the program has been downloaded, Gu said.

The researchers chose Android over Apple's iOS because the Android kernel, which is Linux, is open source, whereas Apple keeps the kernel for iOS under wraps. They built PREC as a module that can be compiled into the kernel.

PREC is not the only Android malware detector based on anomaly detection that researchers have created. Crowdroid uses a crowd-sourcing model of determining routine app behavior, and Paranoid Android offloads some of the detection duties to servers.

Both of those detectors require far more processing power on the portable device, compare to PREC, according to the NCSU researchers. Running PREC typically incurs about 3 percent overhead on the system, compared to the 15 to 30 percent overhead incurred by Crowdroid and Android.

IBM, Google, the U.S. National Science Foundation and the U.S. Army funded the research.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question