@inproceedings{acd83b27910c4bc49839c9c79029cd0e,
title = "HypTracker: A hypervisor to detect malwares through system call analysis on ARM",
abstract = "Mobile Security becomes increasingly important nowadays due to the widely use of mobile platforms. With the appearance of ARM virtualization extensions, using virtualization technology to protect system security has become a research hotspot. In this paper, we propose HypTracker to detect malicious behaviours by analyzing the system call sequences based on ARM virtualization extensions, which can intercept the system calls at thread level transparently with Android and generate the system call sequences. We put forward a sensitive-system-call-based feature extraction model using Relative Discrete Euclidean Distance and a greedy-like algorithm to generate the malicious behaviour models. At runtime, a sliding-window-based detection module is used to detect malicious behaviours. We have experimented with the samples of DroidKungfu and the result validates the effectiveness of the proposed methodology.",
keywords = "ARM, Android, Hypervisor, Malware detection, Virtualization",
author = "Dong Shen and Xiaojing Su and Zhoujun Li",
note = "Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 9th International Symposium on Cyberspace Safety and Security, CSS 2017 ; Conference date: 23-10-2017 Through 25-10-2017",
year = "2017",
doi = "10.1007/978-3-319-69471-9\_15",
language = "英语",
isbn = "9783319694702",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "199--214",
editor = "Wei Wu and Aniello Castiglione and Sheng Wen",
booktitle = "Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings",
address = "德国",
}