Detecting Symbian OS malware through static function call analysis

Schmidt, A.-D., Clausen, J.H., Camtepe, S. A., & Albayrak, S. (2009) Detecting Symbian OS malware through static function call analysis. In Proceedings of the 4th International Conference on Malicious and Unwanted Software, IEEE Conference Publications , Montreal, Quebec, Canada, pp. 15-22.

View at publisher


Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed while not only being used for classical voice-centric communication. New smartphone malwares keep emerging where most of them still target Symbian OS. In the case of Symbian OS, application signing seemed to be an appropriate measure for slowing down malware appearance. Unfortunately, latest examples showed that signing can be bypassed resulting in new malware outbreak. In this paper, we present a novel approach to static malware detection in resource-limited mobile environments. This approach can be used to extend currently used third-party application signing mechanisms for increasing malware detection capabilities. In our work, we extract function calls from binaries in order to apply our clustering mechanism, called centroid. This method is capable of detecting unknown malwares. Our results are promising where the employed mechanism might find application at distribution channels, like online application stores. Additionally, it seems suitable for directly being used on smartphones for (pre-)checking installed applications.

Impact and interest:

21 citations in Scopus
Search Google Scholar™
10 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 58110
Item Type: Conference Paper
Refereed: Yes
Keywords: smartphone security, function call analysis, malware detection
DOI: 10.1109/MALWARE.2009.5403024
ISBN: 978-1-4244-5787-8
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Deposited On: 12 Mar 2013 01:09
Last Modified: 12 Jun 2013 15:36

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page