ABSTRACT
The popularity and openness of Android platform encourage malware authors to penetrate various market places with malicious applications. As a result, malware detection has become a critical topic in security. Currently signature-based system is able to detect malware only if it is properly documented. This reveals the need to find new malware detection techniques. In our framework, a statistical technique for Android malware detection using opcodes extracted from various applications is proposed. This technique is evaluated against malware apk samples from contagio dataset and benign apk samples from various markets. The prominent features that result in reduced misclassification rates are determined using Hartley's test.
- dex2jar. http://androidorigin.blogspot.in/2011/02/dex-format-to-jar-format.html. {Online; accessed 29-Jan-2015}.Google Scholar
- F-max table. https://home.comcast.net/~sharov/PopEcol/tables/f005.html. {Online; accessed 28-Feb-2015}.Google Scholar
- Drebin dataset. http://user.informatik.uni-goettingen.de/~darp/drebin/download.html. {Online; accessed 12-March-2015}.Google Scholar
- javap - The Java Class File Disassembler. http://docs.oracle.com/javase/7/docs/technotes/javap.html. {Online; accessed 2-Feb-2015}.Google Scholar
- Y. Aafer, W. Du, and H. Yin. Droidapiminer: Mining api-level features for robust malware detection in android. In T. A. Zia, A. Y. Zomaya, V. Varadharajan, and Z. M. Mao, editors, SecureComm, volume 127 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pages 86--103. Springer, 2013.Google Scholar
- D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck. Drebin: Effective and explainable detection of android malware in your pocket. In NDSS. The Internet Society, 2014.Google Scholar
- I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In X. Jiang, A. Bhattacharya, P. Dasgupta, and W. Enck, editors, SPSM@CCS, pages 15--26. ACM, 2011. Google ScholarDigital Library
- W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst., 32(2):5, 2014. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. D. McDaniel. On lightweight mobile phone application certification. In E. Al-Shaer, S. Jha, and A. D. Keromytis, editors, ACM Conference on Computer and Communications Security, pages 235--245. ACM, 2009. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Y. Chen, G. Danezis, and V. Shmatikov, editors, ACM Conference on Computer and Communications Security, pages 627--638. ACM, 2011. Google ScholarDigital Library
- Y. Freund and R. E. Schapire. Experiments with a new boosting algorithm. In International Conference on Machine Learning, pages 148--156, 1996.Google ScholarDigital Library
- A. Gianazza, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. CoRR, abs/1402.4826, 2014.Google Scholar
- M. C. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day android malware detection. In N. Davies, S. Seshan, and L. Zhong, editors, MobiSys, pages 281--294. ACM, 2012. Google ScholarDigital Library
- M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: an update. SIGKDD Explor. Newsl., 11(1): 10--18, 2009. Google ScholarDigital Library
- A. M. H. K. K. Hyunjae Kang, Jae-wook Jang. Detecting and classifying android malware using static analysis along with creator information. In International Journal of Distributed Sensor Networks, Hindawi, 2015.Google Scholar
- D. Kim, J. Kwak, and J. Ryou. Dwroiddump: Executable code extraction from android applications for malware analysis. 2015.Google Scholar
- L. S. N. L. Lei Cen, CHRIS Gates. A probabilistic discriminant model for android malware detection with decompiled code. In Dependable and Secure Computing. IEEE, 2013.Google Scholar
- A. Liaw and M. Wiener. Classification and Regression by randomForest. R News, 2(3): 18--22, 2002.Google Scholar
- R. T. Llamas. Worldwide Smartphone 2015--2019 Forecast and Analysis. http://www.idc.com/getdoc.jsp?containerId=254912. {Online; accessed 01-May-2015}.Google Scholar
- Contagio Dump. http://contagiodump.blogspot.in/2011/03/take-sample-leave-sample-mobile-malware.html, 2011. {Online; accessed 20-Jan-2015}.Google Scholar
- R. L. Ott and M. Longnecker. An Introduction to Statistical Methods and Data Analysis. 2010. Google ScholarDigital Library
- H. Peng, C. S. Gates, B. P. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of android apps. In T. Yu, G. Danezis, and V. D. Gligor, editors, ACM Conference on Computer and Communications Security, pages 241--252. ACM, 2012. Google ScholarDigital Library
- P. Refaeilzadeh, L. Tang, and H. Liu. Cross-validation. In L. Liu and M. T. Ozsu, editors, Encyclopedia of Database Systems, pages 532--538. Springer US, 2009.Google ScholarCross Ref
- J. J. Rodrïguez, L. I. Kuncheva, and C. J. Alonso. Rotation forest: A new classifier ensemble method. IEEE Trans. Pattern Anal. Mach. Intell., 28(10): 1619--1630, 2006. Google ScholarDigital Library
- A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss. Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst., 38(1): 161--190, 2012. Google ScholarDigital Library
- K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro. Copperdroid: Automatic reconstruction of android malware behaviors. In NDSS. The Internet Society, 2015.Google Scholar
- D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu. Droidmat: Android malware detection through manifest and api calls tracing. In AsiaJCIS, pages 62--69. IEEE, 2012. Google ScholarDigital Library
- W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party android marketplaces. In E. Bertino and R. S. Sandhu, editors, CODASPY, pages 317--326. ACM, 2012. Google ScholarDigital Library
Index Terms
- Hartley's test ranked opcodes for Android malware analysis
Recommendations
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyObfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Smart malware detection on Android
Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
An HMM and structural entropy based detector for Android malware
Smartphones are becoming more and more popular and, as a consequence, malware writers are increasingly engaged to develop new threats and propagate them through official and third-party markets. In addition to the propagation vectors, malware is also ...
Comments