论文信息 - X-ANOVA ranked features for Android malware analysis

X-ANOVA ranked features for Android malware analysis

The proposed framework represents a static analysis framework to classify the Android malware. From each Android .apk file, three distinct features likely (a) opcodes (b) methods and (c) permissions are extracted. Analysis of Variance (X-ANOVA) is used to rank features that have high difference in variance in malware and benign training set. To achieve this conventional ANOVA was modified; and a novel technique referred to us as X-ANOVA is proposed. Especially, X-ANOVA is utilized to reduce the dimensions of large feature space in order to minimize classification error and processing overhead incurred during the learning phase. Accuracy of the proposed system is computed using three classifiers (J48, ADABoostM1, RandomForest) and the performance is compared with voted classification approach. An overall accuracy of 88.30% with opcodes, 87.81% with method and an accuracy of 90.47% is obtained considering permission as features, using independent classifiers. However, using voted classification approach, an accuracy of 88.27% and 87.53% are obtained respectively for features like opcodes and methods. Also, an improved accuracy of 90.63% was ascertained considering permissions. Initial results are promising which demonstrate that the proposed approach can be used to assist mobile antiviruses.

P. Vinod | Rincy Raphael | Bini Omman

[1] Yoav Freund,et al. Experiments with a New Boosting Algorithm , 1996, ICML.

[2] P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[3] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4] Steve Hanna,et al. A survey of mobile malware in the wild , 2011, SPSM '11.

[5] Ian H. Witten,et al. The WEKA data mining software: an update , 2009, SKDD.

[6] Yajin Zhou,et al. Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[7] C. R. Kothari,et al. Research Methodology: Methods and Techniques , 2009 .

[8] Patrick D. McDaniel,et al. Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[9] Eul Gyu Im,et al. Android malware classification method: Dalvik bytecode frequency analysis , 2013, RACS.

[10] Chun-Ying Huang,et al. Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[11] Andy Liaw,et al. Classification and Regression by randomForest , 2007 .

[12] Thorsten Holz,et al. Slicing droids: program slicing for smali code , 2013, SAC '13.

[13] Xuxian Jiang,et al. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[14] Yajin Zhou,et al. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.