Characterizing malicious Android apps by mining topic-specific data flow signatures
Context: State-of-the-art works on automated detection of Android malware have leveraged app descriptions to spot anomalies w.r.t the functionality implemented, or have used data flow information as a feature to discriminate malicious from benign apps. Although these works have yielded promising per...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3675 https://ink.library.smu.edu.sg/context/sis_research/article/4677/viewcontent/1_s20_S095058491730366X_main.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4677 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-46772020-01-15T06:24:26Z Characterizing malicious Android apps by mining topic-specific data flow signatures YANG, Xinli LO, David LI, Li XIA, Xin BISSYANDE, Tegawendé F. KLEIN, Jacques Context: State-of-the-art works on automated detection of Android malware have leveraged app descriptions to spot anomalies w.r.t the functionality implemented, or have used data flow information as a feature to discriminate malicious from benign apps. Although these works have yielded promising performance,we hypothesize that these performances can be improved by a better understanding of malicious behavior. Objective: To characterize malicious apps, we take into account both information on app descriptions,which are indicative of apps’ topics, and information on sensitive data flow, which can be relevant todiscriminate malware from benign apps. Method: In this paper, we propose a topic-specific approach to malware comprehension based on app descriptions and data-flow information. First, we use an advanced topic model, adaptive LDA with GA, tocluster apps according to their descriptions. Then, we use information gain ratio of sensitive data flowinformation to build so-called “topic-specific data flow signatures”. Results: We conduct an empirical study on 3691 benign and 1612 malicious apps. We group them into 118 topics and generate topic-specific data flow signature. We verify the effectiveness of the topic-specific data flow signatures by comparing them with the overall data flow signature. In addition, we perform a deeper analysis on 25 representative topic-specific signatures and yield several implications. Conclusion: Topic-specific data flow signatures are efficient in highlighting the malicious behavior, and thus can help in characterizing malware. 2017-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3675 info:doi/10.1016/j.infsof.2017.04.007 https://ink.library.smu.edu.sg/context/sis_research/article/4677/viewcontent/1_s20_S095058491730366X_main.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Malware characterization Topic-specific Data flow signature Empirical study Information Security Numerical Analysis and Scientific Computing Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Malware characterization Topic-specific Data flow signature Empirical study Information Security Numerical Analysis and Scientific Computing Software Engineering |
| spellingShingle |
Malware characterization Topic-specific Data flow signature Empirical study Information Security Numerical Analysis and Scientific Computing Software Engineering YANG, Xinli LO, David LI, Li XIA, Xin BISSYANDE, Tegawendé F. KLEIN, Jacques Characterizing malicious Android apps by mining topic-specific data flow signatures |
| description |
Context: State-of-the-art works on automated detection of Android malware have leveraged app descriptions to spot anomalies w.r.t the functionality implemented, or have used data flow information as a feature to discriminate malicious from benign apps. Although these works have yielded promising performance,we hypothesize that these performances can be improved by a better understanding of malicious behavior. Objective: To characterize malicious apps, we take into account both information on app descriptions,which are indicative of apps’ topics, and information on sensitive data flow, which can be relevant todiscriminate malware from benign apps. Method: In this paper, we propose a topic-specific approach to malware comprehension based on app descriptions and data-flow information. First, we use an advanced topic model, adaptive LDA with GA, tocluster apps according to their descriptions. Then, we use information gain ratio of sensitive data flowinformation to build so-called “topic-specific data flow signatures”. Results: We conduct an empirical study on 3691 benign and 1612 malicious apps. We group them into 118 topics and generate topic-specific data flow signature. We verify the effectiveness of the topic-specific data flow signatures by comparing them with the overall data flow signature. In addition, we perform a deeper analysis on 25 representative topic-specific signatures and yield several implications. Conclusion: Topic-specific data flow signatures are efficient in highlighting the malicious behavior, and thus can help in characterizing malware. |
| format |
text |
| author |
YANG, Xinli LO, David LI, Li XIA, Xin BISSYANDE, Tegawendé F. KLEIN, Jacques |
| author_facet |
YANG, Xinli LO, David LI, Li XIA, Xin BISSYANDE, Tegawendé F. KLEIN, Jacques |
| author_sort |
YANG, Xinli |
| title |
Characterizing malicious Android apps by mining topic-specific data flow signatures |
| title_short |
Characterizing malicious Android apps by mining topic-specific data flow signatures |
| title_full |
Characterizing malicious Android apps by mining topic-specific data flow signatures |
| title_fullStr |
Characterizing malicious Android apps by mining topic-specific data flow signatures |
| title_full_unstemmed |
Characterizing malicious Android apps by mining topic-specific data flow signatures |
| title_sort |
characterizing malicious android apps by mining topic-specific data flow signatures |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/3675 https://ink.library.smu.edu.sg/context/sis_research/article/4677/viewcontent/1_s20_S095058491730366X_main.pdf |
| _version_ |
1770573637524389888 |