论文信息 - Mobile malware visual analytics and similarities of Attack Toolkits (Malware gene analysis)

Mobile malware visual analytics and similarities of Attack Toolkits (Malware gene analysis)

We use Normalized Compression Distance (NCD) (owing to its capabilities to perform similarity measure of unstructured data) to enumerate code similarity between malicious Android apps and visualize their clusters. Our classification methods and visual analytics can help the antivirus community to ensure that a variant of a known malware can still be detected without the need of creating a signature. We also present when a new malware is released, our methods can be used to understand the similarity/behavior with known malware families.

[1] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[2] Steve Hanna,et al. Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications , 2012, DIMVA.

[3] Yajin Zhou,et al. Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[4] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[5] Christopher Krügel,et al. Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode , 2011, RAID.

[6] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[7] Benjamin Livshits,et al. Rozzle: De-cloaking Internet Malware , 2012, 2012 IEEE Symposium on Security and Privacy.

[8] Evangelos P. Markatos,et al. Comprehensive shellcode detection using runtime heuristics , 2010, ACSAC '10.

[9] Niels Provos,et al. Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware , 2008, LEET.