http://iet.metastore.ingenta.com
1887

Analysis of Bayesian classification-based approaches for Android malware detection

Analysis of Bayesian classification-based approaches for Android malware detection

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.

References

    1. 1)
      • 1. http://www.theregister.co.uk/2012/09/26/google_play_25bn_downloads/, Accessed June 2013.
    2. 2)
      • 2. Apvrille, A., Strazzere, T.: ‘Reducing the window of opportunity for Android malware Gotta catch'em all’, J. Comput. Virol., 2012, 8, (1–2), pp. 6171 (doi: 10.1007/s11416-012-0162-3).
    3. 3)
      • 3. Zhou, Y., Jiang, X.: ‘Dissecting android malware: characterization and evolution’. Proc. IEEE Symp. Security and Privacy (SP), San Francisco, CA, USA, May 2012, pp. 95109.
    4. 4)
      • 4. Oberheide, J., Miller, C.: ‘Dissecting the android bouncer’. SummerCon 2012, Brooklyn, NY, USA, June 2012.
    5. 5)
      • 5. Oberheide, J., Cooke, E., Jahanian, F.: ‘Cloudav: N-version antivirus in the network cloud’. Proc. 17th USENIX Security Symposium (Security ’08), July 2008, pp. 91106.
    6. 6)
      • 6. Bose, A., Hu, X., Shin, K.G., Park, T.: ‘Behavioral detection of malware on mobile handsets’. Proc. Sixth Int. Conf. Mobile Systems, Applications and Services (MobiSys ’08) ACM, Breckenridge, CO, USA, June 2008, pp. 225238.
    7. 7)
      • 7. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: ‘Crowdroid: behavior-based malware detection system for Android’. Proc. First ACM Workshop on Security and Privacy in Smartphones and Mobile devices (SPSM ’11), New York, NY, USA, 2011, pp. 1526.
    8. 8)
      • 8. Schmidt, A.-D., Peters, F., Lamour, F., Albayrak, S.: ‘Monitoring smartphones for anomaly detection’. Proc. Int. Conf. Mobile Wireless Middleware, Operating Systems, and Applications (MOBILWARE 2008), Innsbruck, Austria, February 2008.
    9. 9)
      • 9. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: ‘Analyzing inter-application communication in Android’. Proc. Ninth Int. Conf. Mobile Systems, Applications, and Services (MobiSys ’11). ACM, Washington, DC, USA, June 2011, pp. 239252.
    10. 10)
      • 10. Chan, P.P.F., Hui, L.C.K., Yiu, S.M.: ‘DroidChecker: analyzing android applications for capability leak’. Proc. Fifth ACM Conf. Security and Privacy in Wireless and Mobile Networks (WISEC ’12), Tucson, AZ, USA, April 2012, pp. 125136.
    11. 11)
      • 11. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: ‘ProfileDroid: multi-layer profiling of android applications’. Proc. 18th Int. Conf. Mobile Computing and Networking (Mobicom ’12). ACM, Istanbul, Turkey, August 2012, pp. 137148.
    12. 12)
      • 12. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: ‘RiskRanker: scalable and accurate zero-day android malware detection’. Proc. Tenth Int. Conf. Mobile Systems, Applications, and Services (MobiSys ’12) ACM, Low Wood Bay, Lake District, UK, June 2012, pp. 281294.
    13. 13)
      • 13. Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A., Albayrak, S.: ‘Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications’. Sixth Int. Conf. Malicious and Unwanted Software (MALWARE 2011), Fajardo, PR, USA, October 2011, pp. 6672.
    14. 14)
      • 14. Kim, J., Yoon, Y., Yi, K., Shin, J.: ‘SCANDAL: Static analyzer for detecting privacy leaks in Android applications’. Mobile Security Technologies, MoST 2012, San Francisco, May 2012.
    15. 15)
      • 15. Gibler, C., Crussell, J., Erickson, J., Chen, H.: ‘AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale’. Proc. Fifth Int. Conf. Trust and Trustworthy Computing (TRUST 2012), Vienna, Austria, June 2012, pp. 291307.
    16. 16)
      • 16. Mann, C., Starostin, A.: ‘A framework for static detection of privacy leaks in android applications’. Proc. 27th Annual ACM Symp. Applied Computing (SAC’12), Trento, Italy, March 2012, pp. 14571462.
    17. 17)
      • 17. Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: ‘An Android application sandbox system for suspicious software detection’. Fifth Int. Conf. Malicious and Unwanted Software (MALWARE 2010), Nancy, France, October 2010, pp. 5562.
    18. 18)
      • 18. Schmidt, A.-D., Bye, R., Schmidt, H.-G., et al: ‘Static analysis of executables for collaborative malware detection on android’. IEEE Int. Conf. Communications (ICC '09), Dresden, Germany, June 2009, pp. 15.
    19. 19)
      • 19. Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: ‘Data mining methods for detection of new malicious executables’. Proc. 2001 IEEE Symposium on Security and Privacy (SP ’01), Oakland, CA, USA, May 2001, pp. 3849.
    20. 20)
      • 20. Wang, T.-Y., Wu, C.-H., Hsieh, C.-C.: ‘A virus prevention model based on static analysis and data mining methods’. Proc. IEEE Eighth Int. Conf. Computer and Information Technology Workshops, Sydney, July 2008, pp. 288293.
    21. 21)
      • 21. Santos, I., Brezo, F., Sanz, B., Laorden, C., Bringas, P.G.: ‘Using opcode sequences in single-class learning to detect unknown malware’, IET Inf. Secur., 2011, 5, (4), pp. 220227 (doi: 10.1049/iet-ifs.2010.0180).
    22. 22)
      • 22. Sahs, J., Khan, L.: ‘A machine learning approach to Android malware detection’. Proc. European Intelligence and Security Informatics Conf., Odense, Denmark, August 2012, pp. 141147.
    23. 23)
      • 23. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedro, X., Bringas, P.G., Alvarez, G.: ‘PUMA: permission usage to detect malware in Android’. Int. Joint Conf. CISIS'12-ICEUTÉ12-SOCÓ12 Special Sessions, in Advances in Intelligent Systems and Computing, Vol. 189, pp. 289298.
    24. 24)
      • 24. Android Application Fundamentals: http://developer.android.com/guide/components/fundamentals.html, Accessed June 2013.
    25. 25)
      • 25. Baksmali: http://code.google.com/p/smali, Accessed June 2013.
    26. 26)
      • 26. Muttik, I.: ‘Malware mining’. Proc. 21st Virus Bulletin Int. Conf., VB2011, Barcelona, Spain, 57October 2011.
    27. 27)
      • 27. Cover, T.M., Thomas, J.A.: ‘Elements of information theory’ (Wiley, 1991).
    28. 28)
      • 28. Enck, W., Ongtang, M., McDaniel, P.: ‘On lightweight mobile phone application certification’. Proc. 16th ACM Conf. Computer and Communications Security (CCS ’09), Chicago, IL, USA, November 2009, pp. 235245.
    29. 29)
      • 29. Castillo, C.A.: ‘Android malware past, present, and future’. McAfee White Paper, 2011, Accessed June 2013http://www.mcafee.com/us/resources/white-papers/wp-android-malware-past-present-future.pdf.
    30. 30)
      • 30. Strazzere, T.: ‘LeNa technical tear down’. Accessed June 2013, https://blog.lookout.com/wp-content/uploads/2011/10/LeNa-Legacy-Native-Teardown_Lookout-Mobile-Security1.pdf.
    31. 31)
      • 31. Contagio mobile. http://contagiominidump.blogspot.com/, Accessed June 2013.
    32. 32)
      • 32. Andoid Malware Genome Project: http://www.malgenomeproject.org/, Accessed June 2013.
    33. 33)
      • 33. Dong-Jie, W., Ching-Hao, M., Te-En, W., Hahn-Ming, L., Kuo-Ping, W.: ‘DroidMat: Android malware detection through manifest and API calls tracing’. Proc. Seventh Asia Joint Conf.Information Security (Asia JCIS), 2012, pp. 6269.
    34. 34)
      • 34. Peng, H., Gates, C., Sarma, B., et al: ‘Using probabilistic generative models for ranking risks of android apps’. Proc. 19th ACM Conf. Computer and Communications Security (CCS 2012), Raleigh, NC, USA, October 2012, pp. 241252.
    35. 35)
      • 35. Sarma, B., Gates, C., Li, N., Potharaju, R., Nita-Rotaru, C., Molloy, I.: ‘Android permissions: a perspective combining risks and benefits’. Proc. 17th ACM Symp. Access Control Models and Technologies (SACMAT ’12), June 2012, pp. 1322.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2013.0095
Loading

Related content

content/journals/10.1049/iet-ifs.2013.0095
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address