Efficient Classification of Android Malware in the wild using Robust Static Features

The ubiquitous use of Android smartphones continue to threaten the security and privacy of users’ personal information. Its fast adoption rate makes the smartphone an interesting target for malware authors to deploy new attacks and infect millions of devices. Moreover, the growing number and diversity of malicious applications render conventional defenses ineffective. Thus, there is a need to not only better understand the characteristics of malware families but also, to generate features that are robust and efficient for classification over an extended period of time. In this chapter, we propose a machine learning based malware detection and classification methodology, with the use of static analysis as feature extraction method. Our tool, uniPDroid can be used to extract a plethora of informative features from our extensive dataset. We performed a malware family classification and obtained an average classification accuracy of 92%. We also present the empirical results for our cumulative classification which investigates how well features from old malware can contribute to the detection of new variants of both known and unknown malware.

[1]  Mauro Conti,et al.  MOSES: supporting operation modes on smartphones , 2012, SACMAT '12.

[2]  Shigeki Goto,et al.  Detecting Android Malware by Analyzing Manifest Files , 2013 .

[3]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[4]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[5]  Deepak Koundel,et al.  Malware Classification using Naïve Bayes Classifier for Android , 2014 .

[6]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[7]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[8]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[9]  Sandro Etalle,et al.  Hybrid Static-Runtime Information Flow and Declassification Enforcement , 2013, IEEE Transactions on Information Forensics and Security.

[10]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[11]  Kevin Joshua Abela AN AUTOMATED MALWARE DETECTION SYSTEM FOR ANDROID USING BEHAVIOR-BASED ANALYSIS AMDA , 2013 .

[12]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[13]  Aiman Abu Samra,et al.  Analysis of Clustering Technique in Android Malware Detection , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[14]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[15]  Karim O. Elish,et al.  On the Need of Precise Inter-App ICC Classification for Detecting Android , 2015 .

[16]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[17]  L. Cavallaro,et al.  A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors , 2013 .

[18]  Jacques Klein,et al.  Are Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection , 2015, ESSoS.

[19]  Veelasha Moonsamy,et al.  Analysis of malicious and benign android applications , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[20]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[21]  Igor Santos,et al.  Anomaly Detection Using String Analysis for Android Malware Detection , 2013, SOCO-CISIS-ICEUTE.

[22]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[23]  Daniele Sgandurra,et al.  Classifying Android Malware through Subgraph Mining , 2013, DPM/SETOP.

[24]  Elisa Bertino,et al.  Detecting mobile malware threats to homeland security through static analysis , 2014, J. Netw. Comput. Appl..

[25]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[26]  Karim O. Elish,et al.  High Precision Screening for Android Malware with Dimensionality Reduction , 2014, 2014 13th International Conference on Machine Learning and Applications.

[27]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[28]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[29]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[30]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[31]  Xuxian Jiang,et al.  Profiling user-trigger dependence for Android malware detection , 2015, Comput. Secur..

[32]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.