The Android Malware Handbook: Detection and Analysis by Human and MachineWritten by machine-learning researchers and members of the Android Security team, this all-star guide tackles the analysis and detection of malware that targets the Android operating system. This groundbreaking guide to Android malware distills years of research by machine learning experts in academia and members of Meta and Google’s Android Security teams into a comprehensive introduction to detecting common threats facing the Android eco-system today. Explore the history of Android malware in the wild since the operating system first launched and then practice static and dynamic approaches to analyzing real malware specimens. Next, examine machine learning techniques that can be used to detect malicious apps, the types of classification models that defenders can implement to achieve these detections, and the various malware features that can be used as input to these models. Adapt these machine learning strategies to the identifica-tion of malware categories like banking trojans, ransomware, and SMS fraud. You’ll:
The Android Malware Handbook’s team of expert authors will guide you through the Android threat landscape and prepare you for the next wave of malware to come. |
Contents
10 | |
Up Next | 26 |
Android Malware in the Wild | 27 |
2013 and 2014 | 35 |
2015 and 2016 | 42 |
2017 and Onward | 54 |
Up Next | 67 |
Static Analysis | 71 |
Machine Learning Features | 181 |
Triadic Suspicion Graph Features | 187 |
56 | 194 |
LandmarkBased Features | 195 |
Feature Clustering | 199 |
Rooting Malware | 205 |
57 | 211 |
Rooting Malware vs Other Malware | 214 |
Loading the Malware Sample into jadx | 73 |
Hiding Malicious Code | 81 |
Name Mangling | 92 |
CommandandControl Server Communication | 100 |
27 | 105 |
The Mysterious Fourth Stage | 111 |
35 | 112 |
Dynamic Analysis | 115 |
The Android Studio Emulator | 117 |
36 | 125 |
Analysis with Frida | 127 |
CommandandControl Server Messages | 138 |
Adding Static Analysis | 145 |
54 | 154 |
Up Next | 157 |
Machine Learning Fundamentals | 161 |
Classification Algorithms | 167 |
Evaluating Machine Learning Models | 174 |
Spyware | 219 |
Spyware vs Goodware | 220 |
A Case Study | 227 |
Up Next | 233 |
Banking Trojans | 235 |
Banking Trojans vs Other Malware | 242 |
A Case Study | 246 |
Ransomware | 251 |
How Ransomware Attacks Work | 252 |
Ransomware vs Other Malware | 258 |
Predictions for Important Ransomware Samples | 264 |
SMS Fraud | 267 |
SMS Fraud vs Other Malware | 275 |
The Future of Android Malware | 283 |
Distribution | 289 |
Malware Economics | 291 |
295 | |
Other editions - View all
Common terms and phrases
ABTS Android apps Android devices Android malware Android Security team API package app's applications banking trojans blog post broadcast receivers calls chapter classifier click fraud clustering command command-and-control server decision tree decrypted device's dialog dynamic analysis emulator encryption example execute F1 score Facebook feature value feature vector forms of malware GBDT goodware Google Play install intercept jadx Java JavaScript JSON landmark loaded machine learning malicious apps malicious functionality malware analysis malware authors malware developers malware families malware samples malware's manifest file method node null obfuscated operating system payload percent Percentage Percentage Percentage phishing phone number privilege escalation public static ransomware request this permission reverse engineers rooting malware SEND SMS shown in Listing shows SMS fraud apps spyware static analysis String suspicion score target tcpdump training set two-factor authentication user's uses-permission ware Windows Wireshark XGBoost Yes Yes