Skip to main content

2019 | OriginalPaper | Buchkapitel

Android Malware Detection Using Code Graphs

verfasst von : Shikha Badhani, Sunil Kumar Muttoo

Erschienen in: System Performance and Management Analytics

Verlag: Springer Singapore

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The amount of Android malware is increasing faster every year along with the growing popularity of Android platform. Hence, detection and analysis of Android malware have become a critical topic in the area of computer security. This paper proposes a novel method of detecting Android malware that uses the semantics of the code in the form of code graphs extracted from Android apps. These code graphs are then used for classifying Android apps as benign or malicious by using the Jaccard index of the code graphs as a similarity metric. We have also evaluated code graph of real-world Android apps by using the k-NN classifier with Jaccard distance as the distance metric for classification. The result of our experiment shows that code graph of Android apps can be used effectively to detect Android malware with the k-NN classifier, giving a high accuracy of 98%.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Rastogi, V., Chen, Y., & Jiang, X. (2013). Evaluating android anti-malware against transformation attacks. Northwest University, 329–334. Rastogi, V., Chen, Y., & Jiang, X. (2013). Evaluating android anti-malware against transformation attacks. Northwest University, 329–334.
3.
Zurück zum Zitat Preda, M. D., Christodorescu, M., Jha, S., & Debray, S. (2008). A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems, 30, 1–54.CrossRef Preda, M. D., Christodorescu, M., Jha, S., & Debray, S. (2008). A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems, 30, 1–54.CrossRef
4.
Zurück zum Zitat Zhang, M., Duan, Y., Yin, H., & Zhao, Z. (2014). Semantics-aware android malware classification using weighted contextual api dependency graphs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1105–1116). Zhang, M., Duan, Y., Yin, H., & Zhao, Z. (2014). Semantics-aware android malware classification using weighted contextual api dependency graphs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1105–1116).
5.
Zurück zum Zitat Lee, J., Jeong, K., & Lee, H. (2010). Detecting metamorphic malwares using code graphs. In Proceedings of the 2010 ACM Symposium on Applied Computing. SAC ‘10. 1970. Lee, J., Jeong, K., & Lee, H. (2010). Detecting metamorphic malwares using code graphs. In Proceedings of the 2010 ACM Symposium on Applied Computing. SAC ‘10. 1970.
6.
Zurück zum Zitat Aha, D. W., Kibler, D., & Albert, M. K. (1991). Instance-based learning algorithms. Machine Learning, 6, 37–66. Aha, D. W., Kibler, D., & Albert, M. K. (1991). Instance-based learning algorithms. Machine Learning, 6, 37–66.
7.
Zurück zum Zitat Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ‘09 (pp. 235–245). Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ‘09 (pp. 235–245).
8.
Zurück zum Zitat Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., & Álvarez, G. (2013). PUMA: Permission usage to detect malware in android. Advances in Intelligent Systems and Computing (AISC), 189, 289–298. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., & Álvarez, G. (2013). PUMA: Permission usage to detect malware in android. Advances in Intelligent Systems and Computing (AISC), 189, 289–298.
9.
Zurück zum Zitat Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. SPSM ‘11, Vol. 15. Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. SPSM ‘11, Vol. 15.
10.
Zurück zum Zitat Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2010). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones (Vol. 49, pp. 1–6). Osdi ’10. Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2010). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones (Vol. 49, pp. 1–6). Osdi ’10.
11.
Zurück zum Zitat Shawe-Taylor, J., & Cristianini, N. (2004). Kernel Methods for Pattern Analysis (pp. 140–193). Shawe-Taylor, J., & Cristianini, N. (2004). Kernel Methods for Pattern Analysis (pp. 140–193).
12.
Zurück zum Zitat Wu, D. J., Mao, C. H., Wei, T. E., Lee, H. M., & Wu, K. P. (2012). DroidMat: Android malware detection through manifest and API calls tracing. In 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS). IEEE (pp. 62–69). Asia JCIS 2012. Wu, D. J., Mao, C. H., Wei, T. E., Lee, H. M., & Wu, K. P. (2012). DroidMat: Android malware detection through manifest and API calls tracing. In 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS). IEEE (pp. 62–69). Asia JCIS 2012.
13.
Zurück zum Zitat Arp, D., Spreitzenbarth, M., Malte, H., Gascon, H., & Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In Symposium on Network and Distributed System Security (pp. 23–26). Arp, D., Spreitzenbarth, M., Malte, H., Gascon, H., & Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In Symposium on Network and Distributed System Security (pp. 23–26).
14.
Zurück zum Zitat Jaccard, P. (1901). Distribution de la flore alpine dans le Bassin des Drouces et dans quelques regions voisines. Bulletin de la Société Vaudoise des Sciences Naturelles, 37, 241–272. Jaccard, P. (1901). Distribution de la flore alpine dans le Bassin des Drouces et dans quelques regions voisines. Bulletin de la Société Vaudoise des Sciences Naturelles, 37, 241–272.
15.
Zurück zum Zitat Blokhin, K., Saxe, J., & Mentis, D. (2012). Malware similarity identification using call graph based system call subsequence features. In 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops (ICDCSW) (pp. 6–10). Blokhin, K., Saxe, J., & Mentis, D. (2012). Malware similarity identification using call graph based system call subsequence features. In 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops (ICDCSW) (pp. 6–10).
16.
Zurück zum Zitat Schenker, A., Last, M., Bunke, H., & Kandel, A. (2003). Classification of web documents using a graph model. In Proceedings Seventh International Conference on Document Analysis and Recognition. Schenker, A., Last, M., Bunke, H., & Kandel, A. (2003). Classification of web documents using a graph model. In Proceedings Seventh International Conference on Document Analysis and Recognition.
21.
Zurück zum Zitat Bunke, H., & Allermann, G. (1983). Inexact graph matching for structural pattern recognition. Pattern Recognition Letters, 1, 245–253.CrossRef Bunke, H., & Allermann, G. (1983). Inexact graph matching for structural pattern recognition. Pattern Recognition Letters, 1, 245–253.CrossRef
22.
Zurück zum Zitat Sanfeliu, A., Sanfeliu, A., & Fu, K. S. (1983). A distance measure between attributed relational graphs for pattern recognition. IEEE Transactions on Systems, Man, and Cybernetics SMC, 13, 353–362.CrossRef Sanfeliu, A., Sanfeliu, A., & Fu, K. S. (1983). A distance measure between attributed relational graphs for pattern recognition. IEEE Transactions on Systems, Man, and Cybernetics SMC, 13, 353–362.CrossRef
23.
Zurück zum Zitat Liao, Y., & Vemuri, V. R. (2002). Use of k-nearest neighbor classifier for intrusion detection. Computers & Security, 21, 439–448.CrossRef Liao, Y., & Vemuri, V. R. (2002). Use of k-nearest neighbor classifier for intrusion detection. Computers & Security, 21, 439–448.CrossRef
25.
Zurück zum Zitat Kang, H., Jang, J. W., Mohaisen, A., & Kim, H. K. (2015). Detecting and classifying android malware using static analysis along with creator information. International Journal of Distributed Sensor Networks, 11(6), 479174. Kang, H., Jang, J. W., Mohaisen, A., & Kim, H. K. (2015). Detecting and classifying android malware using static analysis along with creator information. International Journal of Distributed Sensor Networks, 11(6), 479174.
Metadaten
Titel
Android Malware Detection Using Code Graphs
verfasst von
Shikha Badhani
Sunil Kumar Muttoo
Copyright-Jahr
2019
Verlag
Springer Singapore
DOI
https://doi.org/10.1007/978-981-10-7323-6_17