Proceedings of the 34th Annual Computer Security Applications Conference 2018
DOI: 10.1145/3274694.3274731
|View full text |Cite
|
Sign up to set email alerts
|

Using Loops For Malware Classification Resilient to Feature-unaware Perturbations

Abstract: In the past few years, both the industry and the academic communities have developed several approaches to detect malicious Android apps. State-of-the-art research approaches achieve very high accuracy when performing malware detection on existing datasets. These approaches perform their malware classication tasks in an "oine" scenario, where malware authors cannot learn from and adapt their malicious apps to these systems. In real-world deployments, however, adversaries get feedback about whether their app wa… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
10
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 19 publications
(10 citation statements)
references
References 30 publications
0
10
0
Order By: Relevance
“…In order to maintain high effectiveness on detecting Android malware, researchers [18,22,25,29,31,36,38,41,42,54,[57][58][59][60][61] conduct program analysis to extract different types of app semantics. For example, MaMaDroid [42] first performs static analysis to obtain the graph representation of an app, then all the sequences are obtained from the graph and are abstracted into the corresponding packages to model the app's invocation behaviors.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…In order to maintain high effectiveness on detecting Android malware, researchers [18,22,25,29,31,36,38,41,42,54,[57][58][59][60][61] conduct program analysis to extract different types of app semantics. For example, MaMaDroid [42] first performs static analysis to obtain the graph representation of an app, then all the sequences are obtained from the graph and are abstracted into the corresponding packages to model the app's invocation behaviors.…”
Section: Related Workmentioning
confidence: 99%
“…In general, existing mobile malware detection approaches can be classified into two categories, namely syntax-based approaches [17,20,46,51,55,62] and semantics-based systems [18,22,31,41,42,[58][59][60]. As for syntax-based methods, they ignore the program semantics of apps to achieve high efficient Android malware detection.…”
Section: Introductionmentioning
confidence: 99%
“…Further, even organic workers tend to use their devices in a manner that distinguishes them from regular users. Related efforts also include extensive work to detect malware Android apps, e.g., [29,41,54,60,61,[69][70][71]95]. Notably, Yang et al [91] differentiate malware from benign apps based on the contexts that trigger security-sensitive behaviors.…”
Section: Related Workmentioning
confidence: 99%
“…DeepRefiner [46] employs LSTM units to analyse Android bytecode, however there may be a complexity issue in that approach with the model containing at least 18 million parameters. [25] uses semantic labels for classification determined from API methods specifically invoked within loops from an app's code. This is tested against control flow graph obfuscation and reflection.…”
Section: Obfuscation Resiliencementioning
confidence: 99%
“…Similarly, authors in [25] use expert-derived loop features and a conventional Random Forest (RF) classifier. Furthermore, they conduct an obfuscation test across their whole dataset by using reflection on all their malicious and benign apps.…”
Section: State-of-the-art Comparisonmentioning
confidence: 99%