Cascade Learning for Mobile Malware Families Detection through Quality and Android Metrics

Considering the increasing diffusion of mobile devices, attackers started to explore the possibility to perpetrate attacks using mobile surfaces (i.e., smartphones and tablets). Unfortunately, common antimalware techniques are often ineffective to detect new threats with the current signature based approach mainly adopted. In this we paper propose a set of features with the aim to discriminate between malware and trusted mobile applications: in detail we design a cascade learner where the first classifier of the cascade performs a coarse-grain analysis (it discriminates between malware and legitimate apps), while the second one performs a fine-grain analysis (it is aimed to identify the malware family). We obtain a precision equal to 0.947 and a recall equal to 0.962 in legitimate samples identification, while a precision equal to 0.961 and a recall equal to 0.946 is obtained in malware detection. With regard to family identification, an average precision and recall of 0.961 is obtained across 12 malware families.

[1]  Arun Lakhotia,et al.  DroidLegacy: Automated Familial Classification of Android Malware , 2014, PPREW'14.

[2]  Xiaojiang Du,et al.  Permission-combination-based scheme for Android mobile malware detection , 2014, 2014 IEEE International Conference on Communications (ICC).

[3]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[4]  Ram Dantu,et al.  Another free app: Does it have the right intentions? , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[5]  Geoffrey Hecht,et al.  An Approach to Detect Android Antipatterns , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[6]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[7]  Ying Zou,et al.  An Exploratory Study on the Relation between User Interface Complexity and the Perceived Quality , 2014, ICWE.

[8]  David Lo,et al.  What are the characteristics of high-rated apps? A case study on free Android Applications , 2015, 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[9]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[10]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Atanas Rountev,et al.  Testing for poor responsiveness in android applications , 2013, 2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS).

[12]  Gerardo Canfora,et al.  Mobile malware detection using op-code frequency histograms , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[13]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[14]  Romain Rouvoy,et al.  Detecting Antipatterns in Android Apps , 2015, 2015 2nd ACM International Conference on Mobile Software Engineering and Systems.

[15]  R. Ramachandran,et al.  Android Anti-Virus Analysis , .

[16]  Gerardo Canfora,et al.  Composition-Malware: Building Android Malware at Run Time , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[17]  Antonella Santone,et al.  De novo reconstruction of gene regulatory networks from time series data, an approach based on formal methods. , 2014, Methods.

[18]  Antonella Santone,et al.  Hey Malware, I Can Find You! , 2016, 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE).

[19]  Marjan Hericko,et al.  Using Object Oriented Software Metrics for Mobile Application Development , 2013, SQAMIA.

[20]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[21]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[22]  Jiqiang Liu,et al.  A Two-Layered Permission-Based Android Malware Detection Scheme , 2014, 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.

[23]  Antonella Santone,et al.  Infer Gene Regulatory Networks from Time Series Data with Probabilistic Model Checking , 2015, 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering.

[24]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[25]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[26]  Riccardo Scandariato,et al.  Predicting vulnerable classes in an Android application , 2012, MetriSec '12.

[27]  Aniello Cimitile,et al.  An exploratory study on the evolution of Android malware quality , 2018, J. Softw. Evol. Process..

[28]  Diomidis Spinellis,et al.  Undocumented and unchecked: exceptions that spell trouble , 2014, MSR 2014.

[29]  Antonella Santone,et al.  Car hacking identification through fuzzy logic algorithms , 2017, 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[30]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[31]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[32]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[33]  Gerardo Canfora,et al.  LEILA: Formal Tool for Identifying Mobile Malicious Behaviour , 2019, IEEE Transactions on Software Engineering.