ICCDetector: ICC-based malware detection on Android

ICCDetector: ICC-based malware detection on Android

Most existing mobile malware detection methods (e.g., Kirin and DroidMat) are designed based on the resources required by malwares (e.g., permissions, application programming interface (API) calls, and system calls). These methods capture the interactions between mobile apps and Android system, but...

Full description

Saved in:
Bibliographic Details
Main Authors: KE, Xu, Yingjiu LI, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2016
Subjects:
ICC
malware detection
Android
Computer Sciences
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/3296
https://ink.library.smu.edu.sg/context/sis_research/article/4298/viewcontent/ICCDetectorAndroid_2016_IEEETIFS.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4298
record_format dspace
spelling sg-smu-ink.sis_research-42982020-01-10T01:22:17Z ICCDetector: ICC-based malware detection on Android KE, Xu Yingjiu LI, DENG, Robert H. Most existing mobile malware detection methods (e.g., Kirin and DroidMat) are designed based on the resources required by malwares (e.g., permissions, application programming interface (API) calls, and system calls). These methods capture the interactions between mobile apps and Android system, but ignore the communications among components within or cross application boundaries. As a consequence, the majority of the existing methods are less effective in identifying many typical malwares, which require a few or no suspicious resources, but leverage on inter-component communication (ICC) mechanism when launching stealthy attacks. To address this challenge, we propose a new malware detection method, named ICCDetector. ICCDetector outputs a detection model after training with a set of benign apps and a set of malwares, and employs the trained model for malware detection. The performance of ICCDetector is evaluated with 5264 malwares, and 12 026 benign apps. Compared with our benchmark, which is a permission-based method proposed by Peng et al. in 2012 with an accuracy up to 88.2%, ICCDetector achieves an accuracy of 97.4%, roughly 10% higher than the benchmark, with a lower false positive rate of 0.67%, which is only about a half of the benchmark. After manually analyzing false positives, we discover 43 new malwares from the benign data set, and reduce the number of false positives to seven. More importantly, ICCDetector discovers 1708 more advanced malwares than the benchmark, while it misses 220 obvious malwares, which can be easily detected by the benchmark. For the detected malwares, ICCDetector further classifies them into five newly defined malware categories, which help understand the relationship between malicious behaviors and ICC characteristics. We also provide a systemic analysis of ICC patterns of benign apps and malwares. 2016-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3296 info:doi/10.1109/TIFS.2016.2523912 https://ink.library.smu.edu.sg/context/sis_research/article/4298/viewcontent/ICCDetectorAndroid_2016_IEEETIFS.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University ICC malware detection Android Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic ICC
malware detection
Android
Computer Sciences
Information Security
spellingShingle ICC
malware detection
Android
Computer Sciences
Information Security
KE, Xu
Yingjiu LI,
DENG, Robert H.
ICCDetector: ICC-based malware detection on Android
description Most existing mobile malware detection methods (e.g., Kirin and DroidMat) are designed based on the resources required by malwares (e.g., permissions, application programming interface (API) calls, and system calls). These methods capture the interactions between mobile apps and Android system, but ignore the communications among components within or cross application boundaries. As a consequence, the majority of the existing methods are less effective in identifying many typical malwares, which require a few or no suspicious resources, but leverage on inter-component communication (ICC) mechanism when launching stealthy attacks. To address this challenge, we propose a new malware detection method, named ICCDetector. ICCDetector outputs a detection model after training with a set of benign apps and a set of malwares, and employs the trained model for malware detection. The performance of ICCDetector is evaluated with 5264 malwares, and 12 026 benign apps. Compared with our benchmark, which is a permission-based method proposed by Peng et al. in 2012 with an accuracy up to 88.2%, ICCDetector achieves an accuracy of 97.4%, roughly 10% higher than the benchmark, with a lower false positive rate of 0.67%, which is only about a half of the benchmark. After manually analyzing false positives, we discover 43 new malwares from the benign data set, and reduce the number of false positives to seven. More importantly, ICCDetector discovers 1708 more advanced malwares than the benchmark, while it misses 220 obvious malwares, which can be easily detected by the benchmark. For the detected malwares, ICCDetector further classifies them into five newly defined malware categories, which help understand the relationship between malicious behaviors and ICC characteristics. We also provide a systemic analysis of ICC patterns of benign apps and malwares.
format text
author KE, Xu
Yingjiu LI,
DENG, Robert H.
author_facet KE, Xu
Yingjiu LI,
DENG, Robert H.
author_sort KE, Xu
title ICCDetector: ICC-based malware detection on Android
title_short ICCDetector: ICC-based malware detection on Android
title_full ICCDetector: ICC-based malware detection on Android
title_fullStr ICCDetector: ICC-based malware detection on Android
title_full_unstemmed ICCDetector: ICC-based malware detection on Android
title_sort iccdetector: icc-based malware detection on android
publisher Institutional Knowledge at Singapore Management University
publishDate 2016
url https://ink.library.smu.edu.sg/sis_research/3296
https://ink.library.smu.edu.sg/context/sis_research/article/4298/viewcontent/ICCDetectorAndroid_2016_IEEETIFS.pdf
_version_ 1770573078213951488

Similar Items