Spyware detection techniques used for smartphones


We use our smartphones not only for making calls but for numerous other purposes surfing, messaging, gaming, shopping, banking, etc. Users can store all kinds of data on their smartphones as it’s portable, and they can access their data by being at any place and whenever they want.

Thanks to these advanced features, the number of people using a smartphone is increasing very fast. Unfortunately, the increased demand for smartphones has raised significant security and privacy issues.

Attackers gain access to the confidential data on your smartphone for further attacks through spyware, a type of unwanted malware software used to leak the data back to an attacker.

Often, attackers target android smartphone users who download third-party applications from unknown sources by adding malicious code that can steal the user’s personal information.

When infected with spyware, smartphone users often notice that the smartphone performance has decreased as it runs slow and hangs most of the time. This is because spyware uses the network to send data to attackers, so it does not let users access the internet.

Fortunately, this spyware can be detected and blocked from sending users’ personal information. Detection and prevention of spyware require antispyware tools. Let’s look at the major techniques used by antispyware tools for detection.

1. Signature-Based Detection

Signature-based detection is a pattern-matching technique in which experts construct a signature database for matching the signatures of the applications. It’s very simple to implement and takes less time for detection than other detection techniques. However, there are a few problems with signature-based detection. Firstly the signature database is created manually, which may involve human error. Secondly, they cannot detect attacks involving simple transformation and can be easily evaded. Thirdly the database needs to be updated regularly so that the false negative rate does not increase.

2. Behavior-Based Detection

One of the drawbacks of a signature-based technique is that it can be easily evaded. Spyware’s behavior can be difficult to define as they behave in many ways, and the harm they cause also varies. To overcome this challenge, researchers proposed behavior-based detection to detect spyware accurately.

Behavior-based detection does not depend on the binary representation of the spyware, so it’s better than the signature-based detection technique as it can detect entire classes of spyware, and even obfuscation cannot help the spyware creator cross the antispyware using behavior-based detection technique.

Behavior-based antispyware has a database containing malicious and non-malicious application behavior, which is used to detect spyware. Behavior-based antispyware mainly focuses on web-based interfaces as this spyware can collect confidential data and monitor user activities. Behavior-based detection helps us detect unseen spyware as it checks the application’s behavior. There are a few problems with behavior-based detection. Firstly, constructing a behavior-based database is difficult as it involves many complexities. Secondly, the database needs to be updated occasionally to keep the false positive and false negative rates low.

3. Data Mining Based Detection

In data mining-based detection, a classifier is used to classify the application as spyware. The classifier is made from the training set generated using malicious and non-malicious databases. When the classifier is built, the different attributes are chosen based on one of the attribute selection methods. The purpose of this selection method is to make the classification process of the application very fast. The classifier is made using a data mining algorithm. The algorithm should be chosen carefully as the accuracy of the antispyware depends on it. The test set is used to test the classification accuracy of the classifier. The classifier classifies all the tuples in the test set. The number of correctly classified tuples helps calculate the antispyware’s accuracy. Data mining based antispyware can detect known and new spyware, and it does not use signature matching, so it cannot be evaded by using simple transformations. The accuracy of this technique is much more than that of signature-based detection.