Detecting Symbian OS Malware through Static Function Call Analysis

AutorAubrey-Derrick Schmidt, Jan Hendrik Clausen, Seyit Ahmet Camtepe, Sahin Albayrak
Quelle4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), Montreal, Quebec, Canada 
LinksDownload   |   BibTeX 

Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed in critical applications from communication to health which are threatened by smartphone malwares. New smartphone malwares appear quickly where Symbian OS is the rank one target among all. Application signing seemed to be an appropriate measure for slowing down malware appearance but still new malware emerged to be bypassing this security mechanism. In this paper, we present a novel approach to static malware detection in resource limited mobile environments. This approach can also extend currently used third-party application checking and signing for improved malware prevention. We extract function calls from binaries in order to apply our clustering mechanism, called centroid, also capable of detecting unknown malwares. Our results are promising in that the employed mechanism might be added not only to distribution channels, like online application stores, but also directly to the smartphones for (pre-)checking installed applications.