Copyright © 2018 Authors. This is an open access article distributed under the Creative Commons Attribution License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. International Journal of Engineering & Technology, 7 (4.15) (2018) 59-62 International Journal of Engineering & Technology Website: www.sciencepubco.com/index.php/IJET Research paper A New Mobile Malware Classification for Audio Exploitation Muhamad Nur Arif 1 , Azreena Abu Bakar 1 , Madihah Mohd Saudi 1,2 * 1 Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia 2 CyberSecurity and Systems Research Unit, Islamic Science Institute (ISI), Universiti Sains Islam Malaysia (USIM), Malaysia *Corresponding author E-mail: madihah@usim.edu.my Abstract Rapid growth and usage of Android smartphones worldwide have attracted many attackers to exploit them. Currently, the attackers used mobile malware to attack victims’ smartphones to steal confidential information such as username and password. The attacks are also motivated based on profit and money. The attacks come in different ways, such as via audio, image, GPS location, SMS and call logs in the smartphones. Hence, this paper presents a new mobile malware classification for audio exploitation. This classification is beneficial as an input or database to detect the mobile malware attacks. System calls and permissions for audio exploitation have been extracted by using static and dynamic analyses using open source tools and freeware in a controlled lab environment. The testing was conducted by using Drebin dataset as the training dataset and 500 anonymous apps from Google Play store as the testing dataset. The experiment re- sults showed that 2% suspicious malicious apps matched with the proposed classification. The finding of this paper can be used as guid- ance and reference for other researchers with the same interest. Keywords: Audio Exploitation; Android Smartphone; Malicious Apps; Mobile Malware. 1. Introduction With the proliferation of mobile devices, there is an increasing threat from mobile malware such as worm, Trojan, spyware, ad- ware, virus, spam and other malicious software. Exploited An- droid devices by malware can be manipulated such as to retrieve any crucial information like background process and services on the device. Additionally, the device also can be used by the at- tacker to record audio, send short messages service, make calls, execute any malicious command and delete browser history [1]. There is 0.15% of devices infected with malware in 2014, and some of them can steal bank account information via reviewing emails in Gmail [2]. Furthermore, there is a Trojan that specializes in accessing audio data and steal t he audio data without the user’s knowledge [3]. The Trojan uses a sensitive sensor which is a con- text sensitive reference to monitor the Audio Flinger. From that audio service, the Trojan changes the media data from the kernel service. This Trojan can block other application from accessing audio data when the call is being used. After that, the controller is alerted from the system when the sensitive call is made. Therefore, the objective of this paper is to develop a new mobile malware classification for audio exploitation based on system call and permission. Based on the experiment conducted, there are 32 patterns of classification for the audio exploitation and 10 out of 500 mobile apps matched with the proposed classification. The scope of this paper is on Android smart phone only. This is due to the worldwide usage of Android with 86.1% in the market and Android has become the most targeted smartphone by the attack- ers in the world [4-5]. Malware can be referred as virus, worm, Trojan, botnet, adware and spyware. There are many techniques such dynamic analysis or static analysis to analyse the malware. For dynamic analysis, the malware sample is executed in a controlled environment to see the payload [6]. As for static analysis, the malware dataset is being reverse engineered, and the source code is being analysed to see the command and payload inside the source code [7]. Examples of works that are related to malware analysis are research work by [8-13]. Each of the static and dynamic analyses has it owns strength, but under certain condition where the malwares payload is hard to be analysed, both analyses need to be combined. This is known as hybrid analysis where it combines static and dynamic analyses, which has been used by [8, 14]. The strength of the hy- brid analysis is both conditions can be monitored for optimum result. Therefore, our paper has implemented this technique for the experiment conducted. The rest of this paper is written as follows. Section 2 presents the methodology used in this paper. Section 2 presents the experi- mental result and Section 4 concludes this paper and discusses the future work. 2. Methodology The overall experiment for malware analysis processes is summa- rized in Figure 1. It is beneficial to extract the system call and permission from the mobile apps. There are two types of dataset which are training and testing. Drebin dataset with a total of 5560 was used as the training dataset to produce the pattern of the classification, while the testing da- taset was taken from 500 anonymous mobile apps from Google Play Store for evaluation. The experiment was conducted in a controlled environment, where no outgoing network is allowed to avoid malware spreads. 80% of the software used are open source, which includes SDK tool for dynamic analysis, Genymotion for android emulator, apk tool to decompile apk resource file into a folder and strace to capture system call behaviour. During the experiment, hybrid analysis that combines dynamic and static analyses was conducted. There is no standard sequence to run dynamic or static analysis. As for this experiment, the dynamic