Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection

Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI:10.1145/2875475.2875481

G. Canfora, Eric Medvet, F. Mercaldo, C. A. Visaggio

{"title":"Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection","authors":"G. Canfora, Eric Medvet, F. Mercaldo, C. A. Visaggio","doi":"10.1145/2875475.2875481","DOIUrl":null,"url":null,"abstract":"Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature provides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls. In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more difficult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experimenting on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"56","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2875475.2875481","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 56

Abstract

Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature provides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls. In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more difficult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experimenting on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.

查看原文本刊更多论文

获取和分析有效移动恶意软件检测的应用参数

Android恶意软件在躲避检测技术方面变得非常有效，而传统的恶意软件检测技术正在显示出它们的弱点。基于签名的检测至少有两个缺点:首先，只有在恶意软件被识别之后才能进行检测，并且生成和分发签名所需的时间为攻击者提供了在野外传播恶意软件的机会窗口。为了解决这个问题，出现了尝试通过调用系统和API来描述恶意行为的不同方法。不幸的是，一些规避技术已经被证明可以有效地规避基于系统和API调用的检测。在本文中，我们提出了一种根据设备资源消耗(使用一组完整的特征)捕获恶意行为的方法，这种方法更难以伪装。我们描述了一个过程，以及相应的实际设置，用于提取这些特征，目的是最大化它们的判别能力。最后，我们描述了我们在2000多个应用中获得的有希望的结果，在这些应用中，我们的方法显示出超过99%的精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics

自引率

0.00%

发文量