Malware Insights: Android Infection Rates and Techniques for Identifying Unknown Malware

In the second research result of the month, we report on the recent results in understanding mobile malware. The research was presented and published in the prestigious World Wide Web conference in April 2014.

Research result of the month: Malware Insights - Android Infection Rates and Techniques for Identifying Unknown Malware

In the second research result of the month we report on the recent results in understanding mobile malware. Smartphones are now ubiquitous, personal and store a lot of personal information about their users. Calls and messaging cost money to users, and smartphones are also increasingly used for direct financial transactions. Therefore, one of the great fears about smartphone use is the possibility of large-scale viral infection.

The Malware Insights team at the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) (http://www.icri-sc.org) at the Department have shown that infection rates in Android devices are around 0.25 per cent, significantly higher than the previous independent estimate. They also developed a technique to identify devices infected with previously unknown malware.

The project team, consisting of Hien Truong, Eemil Lagerspetz, Sourav Bhattacharya, and Petteri Nurmi working under the guidance of Professor N. Asokan and Professor Sasu Tarkoma, and collaborating with Adam J. Oliner from the UC Berkeley AMP Lab, published an article on the recent results at this year’s World Wide Web conference (http://www2014.kr/).

Android Infection Rates

There is a steady stream of news stories and announcements about how many more new strains of Android malware appear every passing year. Data showing infection rates in the real world has been hard to come by. There is a lot of data about the number of different malware samples discovered but not so much about the extent they are actually found in the wild. If smartphones were infected to the same extent as personal computers used to be, the resulting damage would be much more severe.

The few estimates that are out there vary greatly: ranging from more than 4 per cent of Android devices, according to an estimate by an anti-virus company, to less than 0.0009 per cent of smartphones in the US, according to a different estimate by group of academic researchers from the US.

What is the reason for this disparity?

The team has been investigating the true extent of malware infection in Android devices. They discovered that infection rates in Android devices are at around 0.25 per cent, significantly higher than the previous independent estimate. The project collected anonymized data from over 50 000 devices during a seven-month period.

An arXiv research report based on the work being done at the "Malware Insights" project at the department of Computer Science has been featured (http://www.technologyreview.com/view/522771/first-direct-measurement-of-infection-rates-for-smartphone-viruses/) in MIT Technology Review's "Emerging Technology From the arXiv" section.

Identifying Unknown Malware

"This is only the beginning. We are now trying to improve the accuracy of our results and are investigating whether we can identify vulnerable devices even before they are infected. I am very excited about the prospects of using data insights to improve security techniques,” professor Asokan explains.

The researchers speculated that smartphones infected with malicious apps may have other, benign, apps in common, possibly because the users purchase them all from the same app market. Based on this conjecture, the researchers investigated if it is possible to develop a technique to identify devices infected with previously unknown malware. In their dataset, this approach is up to five times more likely to identify infected devices than by choosing devices at random.

“The detection of zero-day malware applications is crucial for enabling the mitigation of their adverse effects. Our work aims to detect vulnerable devices and screen them so that new malware applications can be stopped as fast as possible,” professor Tarkoma adds.

Picture: From the left, Sourav Bhattacharya, Eemil Lagerspetz, Hien Truong and Adam J. Oliner attending the conference.

Link to the article:

The company you keep: mobile malware infection rates and inexpensive risk indicators. WWW 2014. http://doi.acm.org/10.1145/2566486.2568046.

Created date

24.04.2014 - 16:47

Inter-university research and training centre on information security

The University of Helsinki and Aalto University have set up a joint research centre focusing on information security. The new centre, HAIC (Helsinki-Aalto Centre for Information Security), will coordinate the Master’s-level security education between the university and Aalto, with links to research and doctoral education.

The idea is to build bridges to the industries and gain their support for the education, and e.g. grants for MSc students coming from outside the EU, the head of the Department of Computer Science, Sasu Tarkoma, says.

Computer science undergraduate Petteri Timonen awarded in US science competition

Petteri Timonen, 19, came second in his category of the Intel International Science and Engineering Fair (ISEF) in Phoenix, Arizona.

 

On Friday, 15 May, Timonen, who is studying computer science at the University of Helsinki, was awarded a grant worth 1500 USD, some 1330 euros, in the Systems Software category of the Intel ISEF science competition.
 
As his entry, Timonen submitted a software tool he developed for Finland’s Red Cross to make mobile blood runs around the country as cost-effective as possible. Timonen implemented his tool in cooperation with the Blood Service.

The tool has gained international attention, as no tool like it seems to have been developed anywhere else. Timonen has also negotiated with the American Red Cross by email.

Renewed Carat App Gives a Smart Boost to Battery

 
The Carat Project Team at the University of Helsinki, Department of Computer Science, has published a new version of the popular mobile energy-awareness application.

After launch in June 2012, Carat has helped over 850,000 users, of which 41 per cent have been Android and 59 per cent iOS users, respectively. The new user interface follows modern application design guidelines and presents battery information in a more intuitive and easy to use manner.

- In addition to the new user interface, we have increased the accuracy of the energy saving recommendations of Carat, says Professor Sasu Tarkoma, the leader of this research done at the university.

The user interface features the number of energy intensive applications (Hogs), energy anomalies (Bugs) and user recommendations (Actions) at a glance on the main screen as well as global energy statistics for the device community.

Cover Song Identification Using Compression-based Distance Measures

M.Sc. Teppo E. Ahonen will defend his doctoral thesis Cover Song Identification Using Compression-based Distance Measures on Friday the 1st of April 2016 at 12 o'clock in the University of Helsinki Exactum Building, Auditorium CK112 (Gustaf Hällströminkatu 2b) His opponent is Academy Professor Petri Toiviainen (University of Jyväskylä) and custos Professor Esko Ukkonen (University of Helsinki). The defence will be held in Finnish.

Measuring similarity in music data is a problem with various potential applications. In recent years, the task known as cover song identification has gained widespread attention. In cover song identification, the purpose is to determine whether a piece of music is a different rendition of a previous version of the composition. The task is quite trivial for a human listener, but highly challenging for a computer.