Profiling user-trigger dependence for Android malware detection

Elish, Karim O.; Shu, Xiaokui; Yao, Danfeng; Ryder, Barbara G.; Jiang, Xuxian

doi:10.1016/j.cose.2014.11.001

Cited by 102 publications

(54 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As a result, techniques for detecting Android malware are readily available [17,30]. These can be categorised into two main groups: static and dynamic.…”

Section: Related Workmentioning

confidence: 99%

Automated generation of colluding apps for experimental research

Blasco

2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and noncolluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.

show abstract

“…As a result, techniques for detecting Android malware are readily available [17,30]. These can be categorised into two main groups: static and dynamic.…”

Section: Related Workmentioning

confidence: 99%

Automated generation of colluding apps for experimental research

Blasco

2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

show abstract

“…As a result techniques for detecting Android malware are largely available [4,5], but most of them target single malicious apps. The notion of collusion has recently been discussed in many research papers.…”

Section: Related Workmentioning

confidence: 99%

“…The use of examples thus elevates the need to explicitly state the rules for the classification by the user [37]. Here we use Bayesian fusion -well known log likelihood model 4 for this purpose. Bayesian fusion has been widely used in intrusion detection [39,40].…”

Section: Data Drivenmentioning

confidence: 99%

Towards a threat assessment framework for apps collusion

2017

View full text Add to dashboard Cite

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel Security TM .

show abstract

“…Experiments show that DroidSIFT's method can achieve high accuracy on both known and zero-day malicious applications. In [22], the authors extracted data-flow features for users' trigger sensitive APIs and built a program called TriggerMetric that captures the data dependence relations between a user's actions and sensitive operations. The values of TriggerMetric reflect the degree of sensitive operations that are triggered or intended by the users.…”

Section: Static Detectionmentioning

confidence: 99%

Computing Adaptive Feature Weights with PSO to Improve Android Malware Detection

Zheng

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Android malware detection is a complex and crucial issue. In this paper, we propose a malware detection model using a support vector machine (SVM) method based on feature weights that are computed by information gain (IG) and particle swarm optimization (PSO) algorithms. The IG weights are evaluated based on the relevance between features and class labels, and the PSO weights are adaptively calculated to result in the best fitness (the performance of the SVM classification model). Moreover, to overcome the defects of basic PSO, we propose a new adaptive inertia weight method called fitness-based and chaotic adaptive inertia weight-PSO (FCAIW-PSO) that improves on basic PSO and is based on the fitness and a chaotic term. The goal is to assign suitable weights to the features to ensure the best Android malware detection performance. The results of experiments indicate that the IG weights and PSO weights both improve the performance of SVM and that the performance of the PSO weights is better than that of the IG weights.

show abstract

Profiling user-trigger dependence for Android malware detection

Cited by 102 publications

References 3 publications

Automated generation of colluding apps for experimental research

Automated generation of colluding apps for experimental research

Towards a threat assessment framework for apps collusion

Computing Adaptive Feature Weights with PSO to Improve Android Malware Detection

Contact Info

Product

Resources

About