结合群体贡献和机器学习检测恶意移动应用程序

Dahai Yao, Hailong Sun, Xudong Liu
{"title":"结合群体贡献和机器学习检测恶意移动应用程序","authors":"Dahai Yao, Hailong Sun, Xudong Liu","doi":"10.1145/2875913.2875941","DOIUrl":null,"url":null,"abstract":"Android is undoubtedly becoming the most popular smartphone platform. The popularity of Android, unfortunately, has also made the devices become the target of malware. Most of existing malicious mobile apps feature stealthy operations such as collecting user privacy, sending premium SMS messages and making unauthorized http connections with no legal notice to the affected user. However, transmission of sensitive data cannot indicate malicious behavior because some benign applications also need sensitive data to improve the user experience. Existing malware detection approaches focus on static or dynamic analysis without crowd user contributions. In this paper, we propose a novel technique which combining crowd contributions with machine learning to detect malicious mobile apps. We model privacy transmission as user-determined and undetermined with the help of real user decisions based on crowdsourcing. We apply static analysis to extract application basic information such as permissions and suspicious API calls. Then we use dynamic instrumentation technique to trace real API calls at runtime and collect the crowd user decisions to the prompted sensitive data transmission. Finally, we employ several different learning-based algorithms, such as SVM, Bayesian Network, Decision Tree and KNN to detect malicious apps. Experiments with 100 real application samples show that our system was capable of detecting malicious mobile apps: our system can detect 85% to 97% of the malware with low false positive rate.","PeriodicalId":361135,"journal":{"name":"Proceedings of the 7th Asia-Pacific Symposium on Internetware","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Combining Crowd Contributions with Machine Learning to Detect Malicious Mobile Apps\",\"authors\":\"Dahai Yao, Hailong Sun, Xudong Liu\",\"doi\":\"10.1145/2875913.2875941\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android is undoubtedly becoming the most popular smartphone platform. The popularity of Android, unfortunately, has also made the devices become the target of malware. Most of existing malicious mobile apps feature stealthy operations such as collecting user privacy, sending premium SMS messages and making unauthorized http connections with no legal notice to the affected user. However, transmission of sensitive data cannot indicate malicious behavior because some benign applications also need sensitive data to improve the user experience. Existing malware detection approaches focus on static or dynamic analysis without crowd user contributions. In this paper, we propose a novel technique which combining crowd contributions with machine learning to detect malicious mobile apps. We model privacy transmission as user-determined and undetermined with the help of real user decisions based on crowdsourcing. We apply static analysis to extract application basic information such as permissions and suspicious API calls. Then we use dynamic instrumentation technique to trace real API calls at runtime and collect the crowd user decisions to the prompted sensitive data transmission. Finally, we employ several different learning-based algorithms, such as SVM, Bayesian Network, Decision Tree and KNN to detect malicious apps. Experiments with 100 real application samples show that our system was capable of detecting malicious mobile apps: our system can detect 85% to 97% of the malware with low false positive rate.\",\"PeriodicalId\":361135,\"journal\":{\"name\":\"Proceedings of the 7th Asia-Pacific Symposium on Internetware\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 7th Asia-Pacific Symposium on Internetware\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2875913.2875941\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Asia-Pacific Symposium on Internetware","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2875913.2875941","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

摘要

Android无疑正在成为最受欢迎的智能手机平台。不幸的是,Android的普及也使这些设备成为恶意软件的目标。大多数现有的恶意移动应用程序都具有隐秘的操作功能,例如收集用户隐私,发送付费短信以及在不向受影响用户发出法律通知的情况下进行未经授权的http连接。但是,传输敏感数据并不代表恶意行为,因为一些良性应用也需要敏感数据来改善用户体验。现有的恶意软件检测方法侧重于静态或动态分析,没有大量用户的贡献。在本文中,我们提出了一种结合群体贡献和机器学习的新技术来检测恶意移动应用程序。我们利用基于众包的真实用户决策,将隐私传输建模为用户决定的和不确定的。我们应用静态分析来提取应用程序的基本信息,如权限和可疑的API调用。然后利用动态检测技术在运行时跟踪真实的API调用,收集大量用户的决策以提示敏感数据的传输。最后,我们采用几种不同的基于学习的算法,如支持向量机,贝叶斯网络,决策树和KNN来检测恶意应用程序。通过对100个真实应用程序样本的实验表明,我们的系统能够检测出85% ~ 97%的恶意软件,并且误报率很低。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Combining Crowd Contributions with Machine Learning to Detect Malicious Mobile Apps
Android is undoubtedly becoming the most popular smartphone platform. The popularity of Android, unfortunately, has also made the devices become the target of malware. Most of existing malicious mobile apps feature stealthy operations such as collecting user privacy, sending premium SMS messages and making unauthorized http connections with no legal notice to the affected user. However, transmission of sensitive data cannot indicate malicious behavior because some benign applications also need sensitive data to improve the user experience. Existing malware detection approaches focus on static or dynamic analysis without crowd user contributions. In this paper, we propose a novel technique which combining crowd contributions with machine learning to detect malicious mobile apps. We model privacy transmission as user-determined and undetermined with the help of real user decisions based on crowdsourcing. We apply static analysis to extract application basic information such as permissions and suspicious API calls. Then we use dynamic instrumentation technique to trace real API calls at runtime and collect the crowd user decisions to the prompted sensitive data transmission. Finally, we employ several different learning-based algorithms, such as SVM, Bayesian Network, Decision Tree and KNN to detect malicious apps. Experiments with 100 real application samples show that our system was capable of detecting malicious mobile apps: our system can detect 85% to 97% of the malware with low false positive rate.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信