4,315 research outputs found
Andro-Simnet: Android Malware Family Classification Using Social Network Analysis
While the rapid adaptation of mobile devices changes our daily life more
conveniently, the threat derived from malware is also increased. There are lots
of research to detect malware to protect mobile devices, but most of them adopt
only signature-based malware detection method that can be easily bypassed by
polymorphic and metamorphic malware. To detect malware and its variants, it is
essential to adopt behavior-based detection for efficient malware
classification. This paper presents a system that classifies malware by using
common behavioral characteristics along with malware families. We measure the
similarity between malware families with carefully chosen features commonly
appeared in the same family. With the proposed similarity measure, we can
classify malware by malware's attack behavior pattern and tactical
characteristics. Also, we apply a community detection algorithm to increase the
modularity within each malware family network aggregation. To maintain high
classification accuracy, we propose a process to derive the optimal weights of
the selected features in the proposed similarity measure. During this process,
we find out which features are significant for representing the similarity
between malware samples. Finally, we provide an intuitive graph visualization
of malware samples which is helpful to understand the distribution and likeness
of the malware networks. In the experiment, the proposed system achieved 97%
accuracy for malware classification and 95% accuracy for prediction by K-fold
cross-validation using the real malware dataset.Comment: 13 pages, 11 figures, dataset link:
http://ocslab.hksecurity.net/Datasets/andro-simnet , demo video:
https://youtu.be/JmfS-ZtCbg4 , In Proceedings of the 16th Annual Conference
on Privacy, Security and Trust (PST), 201
Advanced Techniques to Detect Complex Android Malware
Android is currently the most popular operating system for mobile devices in the world. However, its openness is the main reason for the majority of malware to be targeting Android devices. Various approaches have been developed to detect malware.
Unfortunately, new breeds of malware utilize sophisticated techniques to defeat malware detectors. For example, to defeat signature-based detectors, malware authors change the malware’s signatures to avoid detection. As such, a more effective approach to detect malware is by leveraging malware’s behavioral characteristics. However, if a behavior-based detector is based on static analysis, its reported results may contain a large number of false positives. In real-world usage, completing static analysis within a short time budget can also be challenging.
Because of the time constraint, analysts adopt approaches based on dynamic analyses to detect malware. However, dynamic analysis is inherently unsound as it only reports analysis results of the executed paths. Besides, recently discovered malware also employs structure-changing obfuscation techniques to evade detection by state-of-the-art systems. Obfuscation allows malware authors to redistribute known malware samples by changing their structures. These factors motivate a need for malware detection systems that are efficient, effective, and resilient when faced with such evasive tactics.
In this dissertation, we describe the developments of three malware detection systems to detect complex malware: DroidClassifier, GranDroid, and Obfusifier. DroidClassifier is a systematic framework for classifying network traffic generated by mobile malware. GranDroid is a graph-based malware detection system that combines dynamic analysis, incremental and partial static analysis, and machine learning to provide time-sensitive malicious network behavior detection with high accuracy. Obfusifier is a highly effective machine-learning-based malware detection system that can sustain its effectiveness even when malware authors obfuscate these malicious apps using complex and composite techniques.
Our empirical evaluations reveal that DroidClassifier can successfully identify different families of malware with 94.33% accuracy on average. We have also shown GranDroid is quite effective in detecting network-related malware. It achieves 93.0% accuracy, which outperforms other related systems. Lastly, we demonstrate that Obfusifier can achieve 95% precision, recall, and F-measure, collaborating its resilience to complex obfuscation techniques.
Adviser: Qiben Yan and Witawas Srisa-a
Malware detection techniques for mobile devices
Mobile devices have become very popular nowadays, due to its portability and
high performance, a mobile device became a must device for persons using
information and communication technologies. In addition to hardware rapid
evolution, mobile applications are also increasing in their complexity and
performance to cover most needs of their users. Both software and hardware
design focused on increasing performance and the working hours of a mobile
device. Different mobile operating systems are being used today with different
platforms and different market shares. Like all information systems, mobile
systems are prone to malware attacks. Due to the personality feature of mobile
devices, malware detection is very important and is a must tool in each device
to protect private data and mitigate attacks. In this paper, analysis of
different malware detection techniques used for mobile operating systems is
provides. The focus of the analysis will be on the to two competing mobile
operating systems - Android and iOS. Finally, an assessment of each technique
and a summary of its advantages and disadvantages is provided. The aim of the
work is to establish a basis for developing a mobile malware detection tool
based on user profiling.Comment: 11 pages, 6 figure
Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey
Malwares are big threat to digital world and evolving with high complexity.
It can penetrate networks, steal confidential information from computers, bring
down servers and can cripple infrastructures etc. To combat the threat/attacks
from the malwares, anti- malwares have been developed. The existing
anti-malwares are mostly based on the assumption that the malware structure
does not changes appreciably. But the recent advancement in second generation
malwares can create variants and hence posed a challenge to anti-malwares
developers. To combat the threat/attacks from the second generation malwares
with low false alarm we present our survey on malwares and its detection
techniques.Comment: 5 Page
Android Malware Family Classification Based on Resource Consumption over Time
The vast majority of today's mobile malware targets Android devices. This has
pushed the research effort in Android malware analysis in the last years. An
important task of malware analysis is the classification of malware samples
into known families. Static malware analysis is known to fall short against
techniques that change static characteristics of the malware (e.g. code
obfuscation), while dynamic analysis has proven effective against such
techniques. To the best of our knowledge, the most notable work on Android
malware family classification purely based on dynamic analysis is DroidScribe.
With respect to DroidScribe, our approach is easier to reproduce. Our
methodology only employs publicly available tools, does not require any
modification to the emulated environment or Android OS, and can collect data
from physical devices. The latter is a key factor, since modern mobile malware
can detect the emulated environment and hide their malicious behavior. Our
approach relies on resource consumption metrics available from the proc file
system. Features are extracted through detrended fluctuation analysis and
correlation. Finally, a SVM is employed to classify malware into families. We
provide an experimental evaluation on malware samples from the Drebin dataset,
where we obtain a classification accuracy of 82%, proving that our methodology
achieves an accuracy comparable to that of DroidScribe. Furthermore, we make
the software we developed publicly available, to ease the reproducibility of
our results.Comment: Extended Versio
- …