Scientists reveal new malware detection method
Scientists from NQ Mobile’s Mobile Security Research Center, in collaboration with North Carolina State University disclosed a new way to detect mobile threats without relying on known malware samples and their signatures.
Today, malicious software often sits in app marketplaces for days, weeks and even months being downloaded, before finally being discovered.
RiskRanker is a unique analysis system that can automatically detect whether a particular app exhibits dangerous behavior. It differs from other malware tools by identifying apps with risky behavior while they are in the app market and before they make their way to a user’s phone.
RiskRanker was jointly developed by NQ Mobile’s Vice President of Research, Dr. Simon Shihong Zou and NQ Mobile’s Chief Scientist and Associate Professor at North Carolina State University, Xuxian Jiang, along with fellow researchers.
“RiskRanker employs a unique two-step method of discovering malware,” said Dr. Zou today, in a presentation at MobiSys 2012, the 10th International Conference on Mobile Systems Applications and Services, in the United Kingdom. “This two-step system greatly improves the accuracy in identifying patterns of seemingly innocent API uses that can actually be malware,” Zou concluded.
In a trial run earlier this year RiskRanker scanned over one hundred thousand apps from a variety of marketplaces that provide Android applications and identified 718 malware threats, including 322 zero-day threats.