论文信息 - Identifying Android Malware Using Network-Based Approaches

Identifying Android Malware Using Network-Based Approaches

The proliferation of Android apps has resulted in many malicious apps entering the market and causing significant damage. Robust techniques that determine if an app is malicious are greatly needed. We propose the use of a network-based approach to effectively separate malicious from benign apps, based on a small labeled dataset. The apps in our dataset come from the Google Play Store and have been scanned for malicious behavior using Virus Total to produce a ground truth dataset with labels malicous or benign. The apps in the resulting dataset have been represented using binary feature vectors (where the features represent permissions, intent actions, discriminative APIs, obfuscation signatures, and native code signatures). We have used the feature vectors corresponding to apps to build a weighted network that captures the “closeness” between apps. We propagate labels from the labeled apps to unlabeled apps, and evaluate the effectiveness of the proposed approach using the F1-measure. We have conducted experiments to compare three variants of the label propagation approaches on datasets that include increasingly larger amounts of labeled data. The results have shown that a variant proposed in this study gives the best results overall.

Nathan Albin | Doina Caragea | Pietro Poggi-Corradini | Emily Alfs

[1] Zoubin Ghahramani,et al. Learning from labeled and unlabeled data with label propagation , 2002 .

[2] Gaël Varoquaux,et al. Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[3] Yanfang Ye,et al. Analyzing File-to-File Relation Network in Malware Detection , 2015, WISE.

[4] Guanhua Yan,et al. Transductive malware label propagation: Find your lineage from your neighbors , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[5] Yanfang Ye,et al. FindMal: A file-to-file social network based malware detection framework , 2016, Knowl. Based Syst..

[6] Alexander Zien,et al. Label Propagation and Quadratic Criterion , 2006 .

[7] Doina Caragea,et al. Android malware detection with weak ground truth data , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[8] Nic Herndon,et al. Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning , 2015, ACSAC.

[9] Chih-Jen Lin,et al. A Practical Guide to Support Vector Classication , 2008 .

[10] Tao Li,et al. File Relation Graph Based Malware Detection Using Label Propagation , 2015, WISE.

[11] Bernhard Schölkopf,et al. Learning with Local and Global Consistency , 2003, NIPS.

[12] Xiangliang Zhang,et al. Content-Agnostic Malware Detection in Heterogeneous Malicious Distribution Graph , 2016, CIKM.