基于随机决策森林的移动恶意软件快速权限检测与分析

W. Glodek, Richard E. Harang
{"title":"基于随机决策森林的移动恶意软件快速权限检测与分析","authors":"W. Glodek, Richard E. Harang","doi":"10.1109/MILCOM.2013.170","DOIUrl":null,"url":null,"abstract":"The explosion in mobile malware has led to the need for early, rapid detection mechanisms that can detect malware and identify risky applications prior to their deployment on end-user devices without the high cost of manual static and dynamic analysis. Previous work has shown that specific combinations of Android permissions, intents, broadcast receivers, native code and embedded applications can be effectively used to identify potentially malicious applications. We extend this work by using frequent combinations of such attributes as training features for random decision forest classification of malicious and benign applications. We demonstrate that using combinations of frequently-occuring permissions in this manner significantly improves previous results, and provides true positive rates in excess of 90% while maintaining tractable false positive rates. This is true even with novel malware that is not reliably detected at the time of release by conventional anti-malware tools. In addition, the auxiliary information generated by the random decision forest algorithm provides useful insights into the key indicators of malicious activity and the functionality of the associated malware.","PeriodicalId":379382,"journal":{"name":"MILCOM 2013 - 2013 IEEE Military Communications Conference","volume":"99 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":"{\"title\":\"Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests\",\"authors\":\"W. Glodek, Richard E. Harang\",\"doi\":\"10.1109/MILCOM.2013.170\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The explosion in mobile malware has led to the need for early, rapid detection mechanisms that can detect malware and identify risky applications prior to their deployment on end-user devices without the high cost of manual static and dynamic analysis. Previous work has shown that specific combinations of Android permissions, intents, broadcast receivers, native code and embedded applications can be effectively used to identify potentially malicious applications. We extend this work by using frequent combinations of such attributes as training features for random decision forest classification of malicious and benign applications. We demonstrate that using combinations of frequently-occuring permissions in this manner significantly improves previous results, and provides true positive rates in excess of 90% while maintaining tractable false positive rates. This is true even with novel malware that is not reliably detected at the time of release by conventional anti-malware tools. In addition, the auxiliary information generated by the random decision forest algorithm provides useful insights into the key indicators of malicious activity and the functionality of the associated malware.\",\"PeriodicalId\":379382,\"journal\":{\"name\":\"MILCOM 2013 - 2013 IEEE Military Communications Conference\",\"volume\":\"99 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"39\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2013 - 2013 IEEE Military Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2013.170\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2013 - 2013 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2013.170","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 39

摘要

移动恶意软件的激增导致了对早期快速检测机制的需求,这种机制可以在最终用户设备上部署之前检测恶意软件并识别有风险的应用程序,而无需手动静态和动态分析的高成本。先前的研究表明,Android权限、意图、广播接收器、本地代码和嵌入式应用程序的特定组合可以有效地用于识别潜在的恶意应用程序。我们通过使用这些属性的频繁组合作为训练特征来扩展这项工作,用于恶意和良性应用程序的随机决策森林分类。我们证明,以这种方式使用频繁出现的权限组合可以显著改善先前的结果,并提供超过90%的真阳性率,同时保持可处理的假阳性率。即使是在传统反恶意软件工具发布时无法可靠检测到的新型恶意软件也是如此。此外,随机决策森林算法生成的辅助信息为恶意活动的关键指标和相关恶意软件的功能提供了有用的见解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests
The explosion in mobile malware has led to the need for early, rapid detection mechanisms that can detect malware and identify risky applications prior to their deployment on end-user devices without the high cost of manual static and dynamic analysis. Previous work has shown that specific combinations of Android permissions, intents, broadcast receivers, native code and embedded applications can be effectively used to identify potentially malicious applications. We extend this work by using frequent combinations of such attributes as training features for random decision forest classification of malicious and benign applications. We demonstrate that using combinations of frequently-occuring permissions in this manner significantly improves previous results, and provides true positive rates in excess of 90% while maintaining tractable false positive rates. This is true even with novel malware that is not reliably detected at the time of release by conventional anti-malware tools. In addition, the auxiliary information generated by the random decision forest algorithm provides useful insights into the key indicators of malicious activity and the functionality of the associated malware.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信