Semantics-aware Android malware classification using weighted contextual API dependency graphs

Semantics-aware Android malware classification using weighted contextual API dependency graphs

The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-b...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Mu, DUAN, Yue, YIN, Heng, ZHAO, Zhiruo
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
Android
Anomaly detection
Graph similarity
Malware classification
Semantics-aware
Signature detection
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/8176
https://ink.library.smu.edu.sg/context/sis_research/article/9179/viewcontent/Zhang_DroidSIFT_CCS14.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9179
record_format dspace
spelling sg-smu-ink.sis_research-91792023-09-26T10:29:02Z Semantics-aware Android malware classification using weighted contextual API dependency graphs ZHANG, Mu DUAN, Yue YIN, Heng ZHAO, Zhiruo The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-based approaches can be easily evaded by bytecode-level transformation attacks. Prior learning-based works extract features from application syntax, rather than program semantics, and are also subject to evasion. In this paper, we propose a novel semantic-based approach that classifies Android malware via dependency graphs. To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to construct feature sets. To fight against malware variants and zero-day malware, we introduce graph similarity metrics to uncover homogeneous application behaviors while tolerating minor implementation differences. We implement a prototype system, DroidSIFT, in 23 thousand lines of Java code. We evaluate our system using 2200 malware samples and 13500 benign samples. Experiments show that our signature detection can correctly label 93% of malware instances; our anomaly detector is capable of detecting zero-day malware with a low false negative rate (2%) and an acceptable false positive rate (5.15%) for a vetting purpose. 2014-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8176 info:doi/10.1145/2660267.2660359 https://ink.library.smu.edu.sg/context/sis_research/article/9179/viewcontent/Zhang_DroidSIFT_CCS14.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Anomaly detection Graph similarity Malware classification Semantics-aware Signature detection Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android
Anomaly detection
Graph similarity
Malware classification
Semantics-aware
Signature detection
Information Security
spellingShingle Android
Anomaly detection
Graph similarity
Malware classification
Semantics-aware
Signature detection
Information Security
ZHANG, Mu
DUAN, Yue
YIN, Heng
ZHAO, Zhiruo
Semantics-aware Android malware classification using weighted contextual API dependency graphs
description The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-based approaches can be easily evaded by bytecode-level transformation attacks. Prior learning-based works extract features from application syntax, rather than program semantics, and are also subject to evasion. In this paper, we propose a novel semantic-based approach that classifies Android malware via dependency graphs. To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to construct feature sets. To fight against malware variants and zero-day malware, we introduce graph similarity metrics to uncover homogeneous application behaviors while tolerating minor implementation differences. We implement a prototype system, DroidSIFT, in 23 thousand lines of Java code. We evaluate our system using 2200 malware samples and 13500 benign samples. Experiments show that our signature detection can correctly label 93% of malware instances; our anomaly detector is capable of detecting zero-day malware with a low false negative rate (2%) and an acceptable false positive rate (5.15%) for a vetting purpose.
format text
author ZHANG, Mu
DUAN, Yue
YIN, Heng
ZHAO, Zhiruo
author_facet ZHANG, Mu
DUAN, Yue
YIN, Heng
ZHAO, Zhiruo
author_sort ZHANG, Mu
title Semantics-aware Android malware classification using weighted contextual API dependency graphs
title_short Semantics-aware Android malware classification using weighted contextual API dependency graphs
title_full Semantics-aware Android malware classification using weighted contextual API dependency graphs
title_fullStr Semantics-aware Android malware classification using weighted contextual API dependency graphs
title_full_unstemmed Semantics-aware Android malware classification using weighted contextual API dependency graphs
title_sort semantics-aware android malware classification using weighted contextual api dependency graphs
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research/8176
https://ink.library.smu.edu.sg/context/sis_research/article/9179/viewcontent/Zhang_DroidSIFT_CCS14.pdf
_version_ 1779157191832371200

Similar Items