nach oben

Soft Computing

Erschienen in:

25.07.2016 | Methodologies and Application

MOCDroid: multi-objective evolutionary classifier for Android malware detection

verfasst von: Alejandro Martín, Héctor D. Menéndez, David Camacho

Erschienen in: Soft Computing | Ausgabe 24/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Malware threats are growing, while at the same time, concealment strategies are being used to make them undetectable for current commercial antivirus. Android is one of the target architectures where these problems are specially alarming due to the wide extension of the platform in different everyday devices. The detection is specially relevant for Android markets in order to ensure that all the software they offer is clean. However, obfuscation has proven to be effective at evading the detection process. In this paper, we leverage third-party calls to bypass the effects of these concealment strategies, since they cannot be obfuscated. We combine clustering and multi-objective optimisation to generate a classifier based on specific behaviours defined by third-party call groups. The optimiser ensures that these groups are related to malicious or benign behaviours cleaning any non-discriminative pattern. This tool, named MOCDroid, achieves an accuracy of 95.15 % in test with 1.69 % of false positives with real apps extracted from the wild, overcoming all commercial antivirus engines from VirusTotal.

Vorheriger Artikel Enhancing social emotional optimization algorithm using local search

Nächster Artikel An empirical study of some software fault prediction techniques for the number of faults prediction

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Available at: https://secure.gd/dl-us-mmwr201504.

https://github.com/skylot/jadx.

http://www.aptoide.com/.

https://www.virusshare.com/.

https://www.virustotal.com.

Aafer Y, Du W, Yin H (2013) Droidapiminer: mining api-level features for robust malware detection in android. Security and privacy in communication networks. Springer, Berlin, pp 86–103CrossRef

Arp D, Spreitzenbarth M, Hübner M, Gascon H, Rieck K, Siemens CERT (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of the annual symposium on network and distributed system security (NDSS)

Aung Z, Zaw W (2013) Permission-based android malware detection. Int J Sci Technol Res 2(3):228–234

Aycock J (2006) Computer viruses and malware, vol 22. Springer, Berlin

Bello-Orgaz G, Jung JJ, Camacho D (2016) Social big data: recent achievements and new challenges. Inf Fusion 28:45–59CrossRef

Bello-Orgaz G, Menéndez HD, Camacho D (2012) Adaptive k-means algorithm for overlapped graph clustering. Int J Neural Syst 22(05):1250018CrossRef

Brock G, Pihur V, Datta S, Datta S (2008) clValid: an R package for cluster validation. J Stat Softw 25(1):1–22

Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscating transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand

Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering. ACM, pp 1025–1035

Idika N, Mathur AP (2007) A survey of malware detection techniques. Purdue University, pp 48

Isohara T, Takemori K, Kubota A (2011) Kernel-based behavior analysis for android malware detection. In: Computational intelligence and security (CIS), 2011 seventh international conference on. IEEE, pp 1011–1015

Kang B, Kang B, Kim J, Im EG (2013) Android malware classification method: Dalvik bytecode frequency analysis. In: Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13. ACM, New York, pp 349–350

Larose DT (2014) Discovering knowledge in data: an introduction to data mining. Wiley, New YorkCrossRefMATH

Martín A, Menéndez HD, Camacho D (2016) String-based malware detection for android environments. In: Intelligent distributed computing X—proceedings of the 10th international symposium on intelligent distributed computing—IDC’2016, Paris (in press)

Martín A, Menéndez HD, Camacho D (2016) Studying the influence of static api call for hiding malware. In: MAEB 2016 (XI Congreso Espaol de Metaheursticas, Algoritmos Evolutivos y Bioinspirados (MAEB 2016) (in press)

Martín A, Menéndez HD, Camacho D (2016) Genetic boosting classification for malware detection. In: Evolutionary computation (CEC), 2016 IEEE congress on. IEEE

Mas’ ud MZ, Sahib S, Abdollah MF, Selamat SR, Yusof R (2014) Analysis of features selection and machine learning classifier in android malware detection. In: Information science and applications (ICISA), 2014 international conference on. IEEE, pp 1–5

Menendez HD, Barrero DF, Camacho D (2014) A genetic graph-based approach for partitional clustering. Int J Neural Syst 24(03):1430008CrossRef

Meyer D, Hornik K, Feinerer I (2008) Text mining infrastructure in R. J Stat Soft 25(5):1–54

Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual. IEEE, pp 421–430

Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the seventh European workshop on system security. ACM, p 5

Rastogi V, Chen Y, Jiang X (2013) Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, ASIA CCS ’13. ACM, New York, pp 329–334

Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: Intelligence and security informatics conference (EISIC), 2012 European, pp 141–147

Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) Andromaly: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190CrossRef

Sharma M, Chawla M, Gajrani J (2016) A survey of android malware detection strategy and techniques. In: Proceedings of international conference on ICT for sustainable development. Springer, Berlin, pp 39–51

Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No starch press, San Francisco

Suarez-Tangil G, Tapiador JE, Lombardi F, Di Pietro R (2016) ALTERDROID: differential fault analysis of obfuscated smartphone malware. IEEE Trans Mob Comput 15(4):789–802

Tam K, Khan SJ, Fattori A, Cavallaro L (2015) Copperdroid: automatic reconstruction of android malware behaviors. In: Proceedings of the symposium on network and distributed system security (NDSS)

You I, Yim K (2010) Malware obfuscation techniques: a brief survey. In: 2010 International conference on broadband, wireless computing, communication and applications. IEEE, pp 297–300

Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, pp 1105–1116

Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy, pp 95–109

Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS

Zitzler E, Laumanns M, Thiele L (2001) SPEA2: improving the strength Pareto evolutionary algorithm. In: Eurogen, vol 3242, no 103, pp 95–100

Titel: MOCDroid: multi-objective evolutionary classifier for Android malware detection
verfasst von: Alejandro Martín
Héctor D. Menéndez
David Camacho
Publikationsdatum: 25.07.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 24/2017
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-016-2283-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 24/2017

Statistical learning based fully homomorphic encryption on encrypted data

An empirical study of some software fault prediction techniques for the number of faults prediction

Algebraic solution of fuzzy linear system as:

Root system growth biomimicry for global optimization models and emergent behaviors

Evolutionary induction of a decision tree for large-scale data: a GPU-based approach

Cautious classification with nested dichotomies and imprecise probabilities

Premium Partner