%0 Conference Proceedings
%T Categorizing Mobile Device Malware Based on System Side-Effects
%+ University of Tulsa
%A Grimmett, Zachary
%A Staggs, Jason
%A Shenoi, Sujeet
%Z Part 5: Malware Forensics
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 13th IFIP International Conference on Digital Forensics (DigitalForensics)
%C Orlando, FL, United States
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XIII
%V AICT-511
%P 203-219
%8 2017-01-30
%D 2017
%R 10.1007/978-3-319-67208-3_12
%K Mobile malware
%K Memory-resident
%K Categorization
%K System side-effects
%Z Computer Science [cs]Conference papers
%X Malware targeting mobile devices is an ever increasing threat. The most insidious type of malware resides entirely in volatile memory and does not leave a trail of persistent artifacts. Such malware requires novel detection and capture methods in order to be reliably identified, analyzed and mitigated. This chapter proposes malware categorization and detection techniques based on measurable system side-effects observed in an exploited mobile device. Using the Stagefright family of exploits as a case study, common system side-effects produced as a result of attempted exploitation are identified. These system side-effects are leveraged to trigger volatile memory (i.e., RAM) collection by memory acquisition tools (e.g., LiME) to enable analysis of the malware.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01716405/document
%2 https://inria.hal.science/hal-01716405/file/456364_1_En_12_Chapter.pdf
%L hal-01716405
%U https://inria.hal.science/hal-01716405
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-511