Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

An antivirus API for android malware recognition

 
: Fedler, R.; Kulicke, M.; Schütte, J.

:

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013. Proceedings : 22 - 24 October 2013, Fajardo, Puerto Rico, USA
Piscataway, NJ: IEEE, 2013
ISBN: 978-1-4799-2535-3
ISBN: 978-1-4799-2534-6 (Print)
ISBN: 978-1-4799-2533-9 (DVD)
pp.77-84
International Conference on Malicious and Unwanted Software (Malware) <8, 2013, Fajardo/Puerto Rico>
English
Conference Paper
Fraunhofer AISEC ()

Abstract
On the Android platform, antivirus software suffers from significant deficiencies. Due to platform limitations, it cannot access or monitor an Android device's file system, or dynamic behavior of installed apps. This includes the down-loading of malicious files after installation, and other file system alterations. That has grave consequences for device security, as any app - even without openly malicious code in its package file - can still download and execute malicious files without any danger of being detected by antivirus software. In this paper, we present a proposal for an antivirus interface to be added to the Android API. It allows for three primary operations: (1) on-demand file system scanning and traversal, (2) on-change file system monitoring, (3) a set of basic operations that allow for scanning of arbitrary file system objects without disclosing their contents. This interface can enable Android antivirus software to deploy techniques for malware recognition similar to those of desktop antivirus systems. The proposed measures comply with Android's security architecture and user data privacy is maintained. Through our approach, antivirus software on the Android platform would reach a level of effectiveness significantly higher than currently, and comparable to that of desktop antivirus software.

: http://publica.fraunhofer.de/documents/N-300451.html