N-opcode analysis for android malware classification and categorization

Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.

[1]  M. Chuah,et al.  Smartphone Dual Defense Protection Framework: Detecting Malicious Applications in Android Markets , 2012, 2012 8th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).

[2]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[3]  Radu State,et al.  Using opcode-sequences to detect malicious Android applications , 2014, 2014 IEEE International Conference on Communications (ICC).

[4]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[5]  Gerardo Canfora,et al.  Mobile malware detection using op-code frequency histograms , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[6]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.

[7]  Akanksha Sharma,et al.  Mining API Calls and Permissions for Android Malware Detection , 2014, CANS.

[8]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[9]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[11]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[12]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[13]  Eric Medvet,et al.  Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[14]  Michalis Faloutsos,et al.  ProfileDroid: multi-layer profiling of android applications , 2012, Mobicom '12.

[15]  Eul Gyu Im,et al.  Android malware classification method: Dalvik bytecode frequency analysis , 2013, RACS.

[16]  Philipp Stephanow,et al.  App-Ray: User-driven and fully automated Android app security assessment , 2013 .

[17]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[18]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[19]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .

[20]  Jiqiang Liu,et al.  A Two-Layered Permission-Based Android Malware Detection Scheme , 2014, 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.

[21]  Sakir Sezer,et al.  High accuracy android malware detection using ensemble learning , 2015, IET Inf. Secur..

[22]  Tao Zhang,et al.  AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android , 2011, ICICA.

[23]  Sakir Sezer,et al.  Android malware detection: An eigenspace analysis approach , 2015, 2015 Science and Information Conference (SAI).

[24]  Christian Platzer,et al.  MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[25]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .