Behavior grouping of Android malware family

Hsiao, Shun-Wen; Sun, Yeali S.; Chen, Meng Chang

doi:10.1109/icc.2016.7511424

Cited by 15 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, it requires a priori knowledge of the malware technique to monitor. Several papers have applied dynamic analysis such as [43,44,49,54,58,61]. Details on the dynamic features used by the papers were discussed in Section 4, Features.…”

Section: Dynamic Analysismentioning

confidence: 99%

“…Martin et al [44] depend on the features that are generated by a DroidBox [102] tool, an Android sandbox for dynamic analysis, which is represented as operations and function of time. In [54], the authors record the API calls that are performed during application execution. In [49], resources' consumption is utilized as features for their classification.…”

Section: Dynamic Featuresmentioning

confidence: 99%

See 1 more Smart Citation

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

Section: Dynamic Analysismentioning

confidence: 99%

Section: Dynamic Featuresmentioning

confidence: 99%

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

show abstract

“…They evaluated the system with 7,520 apps and obtained a detection rate of 96.66%. Hsiao et al [141] conducted malapp detection using API call sequence. Somarriba et al [154] extracted six types of APIs, such as APIs for accessing sensitive data and APIs communicating over the network.…”

Section: ) Apimentioning

confidence: 99%

Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions

et al. 2019

View full text Add to dashboard Cite

The number of applications (apps) available for smart devices or Android based IoT (Internet of Things) has surged dramatically over the past few years. Meanwhile, the volume of ill-designed or malicious apps (malapps) has been growing explosively. To ensure the quality and security of the apps in the markets, many approaches have been proposed in recent years to discriminate malapps from benign ones. Machine learning is usually utilized in classification process. Accurately characterizing apps' behaviors, or so-called features, directly affects the detection results with machine learning algorithms. Android apps evolve very fast. The size of current apps has become increasingly large and the behaviors of apps have become increasingly complicated. The extracting effective and representative features from apps is thus an ongoing challenge. Although many types of features have been extracted in existing work, to the best of our knowledge, no work has systematically surveyed the features constructed for detecting Android malapps. In this paper, we are motivated to provide a clear and comprehensive survey of the state-of-the-art work that detects malapps by characterizing behaviors of apps with various types of features. Through the designed criteria, we collect a total of 1947 papers in which 236 papers are used for the survey with four dimensions: the features extracted, the feature selection methods employed if any, the detection methods used, and the scale of evaluation performed. Based on our in-depth survey, we highlight the issues of exploring effective features from apps, provide the taxonomy of these features and indicate the future directions.

show abstract

“…In the face of the endless stream of Android malicious App families, how to implement a family classification for most common malicious Apps becomes a problem: as the number of malicious families increases, the malicious behaviors of different families overlap [12]. Different malware families with higher malicious similarity are more difficult to distinguish, and the accuracy of the classifier will also decrease.…”

Section: Related Workmentioning

confidence: 99%

“…Using machine learning methods to classify Android malicious Apps has achieved high accuracy [7][8][9][10][11][12]. However, due to its feature generation engineering that relies on expert knowledge, it is difficult for the above-mentioned classifiers to maintain a high accuracy rate after the changes of the malware behavior trigger method.…”

Section: Introductionmentioning

confidence: 99%

A Multiclass Detection System for Android Malicious Apps Based on Color Image Features

Zhang

Qin

Zhang

et al. 2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The visual recognition of Android malicious applications (Apps) is mainly focused on the binary classification using grayscale images, while the multiclassification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multiclassifier for the Android malicious App families is implemented, which can classify 10 common malicious App families. In order to better understand the behavioral characteristics of malicious Apps, we conduct a comprehensive manual analysis for a large number of malicious Apps and summarize 1695 malicious behavior characteristics as customized features. Compared with the App classifier based on the grayscale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. We use four types of Android App features: classes.dex file, sets of class names, APIs, and customized features as input for App visualization. According to the experimental results, we find out that using the customized features as the color visualization input features can achieve the highest detection accuracy rate, which is 96% in the ten malicious families.

show abstract

Behavior grouping of Android malware family

Cited by 15 publications

References 11 publications

Android Malware Family Classification and Analysis: Current Status and Future Directions

Android Malware Family Classification and Analysis: Current Status and Future Directions

Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions

A Multiclass Detection System for Android Malicious Apps Based on Color Image Features

Contact Info

Product

Resources

About