About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
Our Work
Overview
Mission Areas
Systems Engineering
Information Technology
MITRE Research Program
MITRE Federal Employee Fellowship Program
Technology Transfer Office
Technical Papers

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > Our Work > Technical Papers >

Automated Identification of Installed Malicious Android Applications

February 2013

Mark D. Guido, The MITRE Corporation
Jared K. Ondricek, The MITRE Corporation
Justin N. Grover, The MITRE Corporation
David M. Wilburn, The MITRE Corporation
Thanh N. Nguyen, The MITRE Corporation
Andrew N. Hunt, The MITRE Corporation

ABSTRACT

Increasingly, Android smartphones are becoming more pervasive within the government and industry, despite the limited ways to detect malicious applications installed to these phones' operating systems. Although enterprise security mechanisms are being developed for use on Android devices, these methods cannot detect previously unknown malicious applications. As more sensitive enterprise information becomes available and accessible on these smartphones, the risk of data loss inherently increases. A malicious application's actions could potentially leave sensitive data exposed with little recourse. Without an effective corporate monitoring solution in place for these mobile devices, organizations will continue to lack the ability to determine when a compromise has occurred.

The Periodic Mobile Forensics research project applies traditional digital forensic techniques to monitor and audit Android smartphones. The project aims at ascertaining new ways of identifying malicious Android applications and ultimately attempts to improve the state of enterprise smartphone monitoring. A client, server, database, and analysis framework was developed and tested using real mobile malware. The results are promising in that the developed detection techniques identify changes to important system partitions; recognize file system changes, including file deletions; and find persistence and triggering mechanisms in newly installed applications. It is believed that these detection techniques should be performed by enterprises to identify malicious applications affecting their phone infrastructure.

View/Download Document

Additional Search Keywords

android smart phones, malicious androids, malicious android applications, cyber attack detection, data loss risk, corporate computer monitoring, cybersecurity, Periodic Mobile Forensics, PMF, forensic techniques, smartphone monitoring, Mobile Computing Security Initiative, MOCSI

 

Page last updated: March 18, 2013   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us