An Improved Feature Vector storage metric for fast Android Malware Detection Framework

Android based devices are rapidly flourishing day-by-day, due to its ease of use and popularity. As a result, the number of malware attacks on Android is also increasing. This paper is based on the Text Mining approach for analyzing Android malware families. The proposed methodology is motivated by the method introduced by Guillermo Suarez-Tangil which aims to automate malware analysis process based on DENDROID. The main issue in this regard is the storage of Family Feature Vectors (FFV) which is stored as sparse matrix. Therefore, this work presents a novel concept of Compressed Row Storage (CRS) to store the statistical features intellectually. By implementing this methodology, the FFV of Malware families are stored in an efficient manner. The experimental result proves that the large reduction (79%) in space needed to store FFV which incorporates only the non-zero elements is observed. This eventually leads to the reduction in the Feature Vector generation time and the Total process time. The proposed methodology will reduce the dimensionality and hence the time searching for a particular malware family signature.

[1]  Joohan Lee,et al.  A survey of data mining techniques for malware detection using file features , 2008, ACM-SE 46.

[2]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[3]  Yang Xiang,et al.  Classification of malware using structured control flow , 2010 .

[4]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[5]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[7]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[8]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[9]  Vasile Palade,et al.  Class Imbalance Learning Methods for Support Vector Machines , 2013 .

[10]  Hieu Le Thanh Analysis of Malware Families on Android Mobiles: Detection Characteristics Recognizable by Ordinary Phone Users and How to Fix It , 2013 .

[11]  Juan E. Tapiador,et al.  Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families , 2014, Expert Syst. Appl..

[12]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[13]  Veelasha Moonsamy,et al.  Mining permission patterns for contrasting clean and malicious android applications , 2014, Future Gener. Comput. Syst..

[14]  Samaneh Hosseini Moghaddam,et al.  Sensitivity analysis of static features for Android malware detection , 2014, 2014 22nd Iranian Conference on Electrical Engineering (ICEE).

[15]  Cengiz Acartürk,et al.  The analysis of feature selection methods and classification algorithms in permission based Android malware detection , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[16]  Minakshi Ramteke,et al.  Comparative Study and a Survey on Malware Analysis Approaches for Android Devices , 2014 .

[17]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[18]  Roberto Di Pietro,et al.  Thwarting Obfuscated Malware via Differential Fault Analysis , 2014, Computer.

[19]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[20]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[21]  Heejo Lee,et al.  Screening smartphone applications using malware family signatures , 2015, Comput. Secur..