nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

MalProfiler: Automatic and Effective Classification of Android Malicious Apps in Behavioral Classes

verfasst von : Antonio La Marra, Fabio Martinelli, Andrea Saracino, Mina Sheikhalishahi

Erschienen in: Foundations and Practice of Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Android malicious apps are currently the main security threat for mobile devices. Due to their exponential growth in number of samples, it is vital to timely recognize and classify any new threat, to identify and effectively apply specific countermeasures. In this paper we propose MalProfiler, a framework which performs fast and effective analysis of Android malicious apps, based on the analysis of a set of static app features. The proposed approach exploits an algorithm named Categorical Clustering Tree (CCTree), which can be used both as a divisive clustering algorithm, or as a trainable classifier for supervised learning classification. Hence, the CCTree has been exploited to perform both homogeneous clustering, grouping similar malicious apps for simplified analysis, and to classify them in predefined behavioral classes. The approach has been tested on a set of 3500 real malicious apps belonging to more than 200 families, showing both an high clustering capability, measured through internal and external evaluation, together with an accuracy of 97% in classifying malicious apps according to their behavior.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Andrana: Quick and Accurate Malware Detection for Android

We made the software available at: www.android-security.it/RetrieveFeatures.jar.

http://contagiominidump.blogspot.com.

Sophos mobile security threat reports (2014). http://www.sophos.com/en-us/threat-center/mobile-security-threat-report.aspx. Accessed 21 July 2017

Alishahi, M.S., Mejri, M., Tawbi, N.: Clustering spam emails into campaigns. In: ICISSP 2015 - Proceedings of the 1st International Conference on Information Systems Security and Privacy, ESEO, Angers, Loire Valley, France, 9–11 February 2015, pp. 90–97 (2015)

Amigó, E., Gonzalo, J., Artiles, J., Verdejo, F.: A comparison of extrinsic clustering evaluation metrics based on formal constraints. Inf. Retr. 12(4), 461–486 (2009)CrossRef

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)

Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS, vol. 9, pp. 8–11. Citeseer (2009)

Canfora, G., Lorenzo, A.D., Medvet, E., Mercaldo, F., Visaggio, C.A.: Effectiveness of opcode ngrams for detection of multi family android malware. In: 10th International Conference on Availability, Reliability and Security, ARES 2015, Toulouse, France, 24–27 August 2015, pp. 333–340 (2015)

Christian Funk, M.G.: Kaspersky security bullettin 2013, December 2013. http://media.kaspersky.com/pdf/KSB_2013_EN.pdf

Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Evaluating the trust of android applications through an adaptive and distributed multi-criteria approach. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1541–1546, July 2013

Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for android malware. In: Proceedings of Computer Network Security - 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2012, St. Petersburg, Russia, 17–19 October 2012, pp. 240–253 (2012)

10.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, 17–21 October 2011, pp. 627–638 (2011)

11.

Garcia, S., Luengo, J., Saez, J.A., Lopez, V., Herrera, F.: A survey of discretization techniques: taxonomy and empirical analysis in supervised learning. IEEE Trans. Knowl. Data Eng. 25(4), 734–750 (2013)CrossRef

12.

Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd edn. Morgan Kaufmann Publishers Inc., San Francisco (2011)MATH

13.

Kerber, R.: Chimerge: discretization of numeric attributes. In: Proceedings of the Tenth National Conference on Artificial Intelligence, AAAI 1992, pp. 123–128. AAAI Press (1992)

14.

Kindsight Security Labs: Kindsight security labs malware report h1 2014 (2014). http://resources.alcatel-lucent.com/?cid=180437

15.

Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986). http://dx.doi.org/10.1023/A:1022643204877

16.

Salvador, S., Chan, P.: Determining the number of clusters/segments in hierarchical clustering/segmentation algorithms. In: Proceedings of the 16th IEEE International Conference on Tools with Artificial Intelligence, ICTAI 2004, pp. 576–584. IEEE Computer Society, Washington, DC (2004)

17.

Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Tran. Dependable Secure Comput. (2016)

18.

Sheikhalishahi, M., Saracino, A., Mejri, M., Tawbi, N., Martinelli, F.: Digital waste sorting: a goal-based, self-learning approach to label spam email campaigns. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 3–19. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24858-5_1 CrossRef

19.

Sheikhalishahi, M., Saracino, A., Mejri, M., Tawbi, N., Martinelli, F.: Fast and effective clustering of spam emails based on structural similarity. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 195–211. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30303-1_12 CrossRef

20.

Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, New York, NY, USA, pp. 1105–1116. ACM (2014)

21.

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 95–109. IEEE Computer Society, Washington, DC (2012)

Titel: MalProfiler: Automatic and Effective Classification of Android Malicious Apps in Behavioral Classes
verfasst von: Antonio La Marra
Fabio Martinelli
Andrea Saracino
Mina Sheikhalishahi
Verlag: Springer International Publishing
Buch: Foundations and Practice of Security
Print ISBN: 978-3-319-51965-4

Electronic ISBN: 978-3-319-51966-1

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-51966-1_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"