PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Adapting text categorization for manifest based android malware detection

Treść / Zawartość
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Malware is a shorthand of malicious software that are created with the intent of damaging hardware systems, stealing data, and causing a mess to make money, protest something, or even make war between governments. Malware is often spread by downloading some applications for your hardware from some download platforms. It is highly probable to face with a malware while you try to load some applications for your smart phones nowadays. Therefore it is very important that some tools are needed to detect malware before loading them to the hardware systems. There are mainly three different approaches to detect malware: i) static, ii) dynamic, and iii) hybrid. Static approach analyzes the suspicious program without executing it. Dynamic approach, on the other hand, executes the program in a controlled environment and obtains information from operating system during runtime. Hybrid approach, as its name implies, is the combination of these two approaches. Although static approach may seem to have some disadvantages, it is highly preferred because of its lower cost. In this paper, our aim is to develop a static malware detection system by using text categorization techniques. To reach our goal, we apply text mining techniques like feature extraction by using bag-of-words, n-grams, etc. from manifest content of suspicious programs, then apply text classification methods to detect malware. Our experimental results revealed that our approach is capable of detecting malicious applications with an accuracy between 94.0% and 99.3%.
Wydawca
Czasopismo
Rocznik
Strony
305--327
Opis fizyczny
Bibliogr. 61 poz., rys., tab.
Twórcy
autor
  • Cukurova University, Department of Computer Engineering, Adana, Turkey
  • Cukurova University, Department of Computer Engineering, Adana, Turkey
Bibliografia
  • [1] Aafer Y., Du W., Yin H.: Droidapiminer: Mining API-level Features for Robust Malware Detection in Android. In: International Conference on Security and Privacy in Communication Systems, pp. 86-103. Springer, 2013.
  • [2] Alam S., Qu Z., Riley R., Chen Y., Rastogi V.: DroidNative: Automating and optimizing detection of android native code malware variants. In: computers & security, vol. 65, pp. 230-246, 2017.
  • [3] Amamra A., Talhi C., Robert J.M.: Smartphone malware detection: From a survey towards taxonomy. In: 2012 7th International Conference on Malicious and Unwanted Software, pp. 79-86. IEEE, 2012.
  • [4] Arp D., Spreitzenbarth M., Hubner M., Gascon H., Rieck K., Siemens C.: Drebin: Effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23-26. 2014.
  • [5] Arshad S., Shah M.A., Khan A., Ahmed M.: Android malware detection & protection: a survey. In: Int. J. Adv. Comput. Sci. Appl, vol. 7(2), pp. 463-475, 2016.
  • [6] Arslan R.S., Dogru I.A., Barisci N.: Permission-Based Malware Detection System for Android Using Machine Learning Techniques. In: International Journal of Software Engineering and Knowledge Engineering, vol. 29(01), pp. 43-61, 2019.
  • [7] Barsiya T.K., Gyanchandani M., Wadhwani R.: Android Malware Analysis: A Survey Paper. In: International Journal of Control, Automation, Communication and Systems (IJCACS), vol. 1(1), pp. 35-42, 2016.
  • [8] Bhattacharya A., Goswami R.T.: DMDAM: data mining based detection of android malware. In: Proceedings of the First International Conference on Intelligent Computing and Communication, pp. 187-194. Springer, 2017.
  • [9] Burguera I., Zurutuza U., Nadjm-Tehrani S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp. 15-26. ACM, 2011.
  • [10] Cai H., Meng N., Ryder B., Yao D.: Droidcat: Unified dynamic detection of Android malware. Tech. rep., Department of Computer Science, Virginia Polytechnic Institute & State, 2016.
  • [11] Chakradeo S., Reaves B., Traynor P., Enck W.: Mast: Triage for market-scale mobile malware analysis. In: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pp. 13-24. ACM, 2013.
  • [12] Chan P.P., Song W.K.: Static detection of Android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics, vol. 1, pp. 82-87. IEEE, 2014.
  • [13] Coban O., Ozyer B., Ozyer G.T.: A comparison of similarity metrics for sentiment analysis on Turkish twitter feeds. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), pp. 333-338. IEEE, 2015.
  • [14] Cortes C., Vapnik V.: Support-vector networks. In: Machine learning, vol. 20(3), pp. 273-297, 1995.
  • [15] Cuong N.V., Ha N.T.T.L., Thuy Q., Hieu P.X.: A Maximum Entropy Model for Text Classification. In: The International Conference on Internet Information Retrieval 2006, pp. 134-139. 2006.
  • [16] Dalal M.K., Zaveri M.A.: Automatic text classification: a technical review. In: International Journal of Computer Applications, vol. 28(2), pp. 37-40, 2011.
  • [17] Damshenas M., Dehghantanha A., Choo K.K.R., Mahmud R.: M0droid: An android behavioral-based malware detection model. In: Journal of Information Privacy and Security, vol. 11(3), pp. 141-157, 2015.
  • [18] Dash S.K., Suarez-Tangil G., Khan S., Tam K., Ahmadi M., Kinder J., Cavallaro L.: Droidscribe: Classifying android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252-261. IEEE, 2016.
  • [19] Enck W., Gilbert P., Han S., Tendulkar V., Chun B.G., Cox L.P., Jung J., Mc- Daniel P., Sheth A.N.: TaintDroid: an information-ow tracking system for realtime privacy monitoring on smartphones. In: ACM Transactions on Computer Systems (TOCS), vol. 32(2), p. 5, 2014.
  • [20] Faruki P., Ganmoor V., Laxmi V., Gaur M.S., Bharmal A.: AndroSimilar: robust statistical feature signature for Android malware detection. In: Proceedings of the 6th International Conference on Security of Information and Networks, pp. 152-159. ACM, 2013.
  • [21] Felt A.P., Finifter M., Chin E., Hanna S., Wagner D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp. 3-14. ACM, 2011.
  • [22] Fereidooni H., Conti M., Yao D., Sperduti A.: ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1-5. IEEE, 2016.
  • [23] Hall M.A.: Correlation-based feature selection for machine learning. Ph.D. thesis, University of Waikato Hamilton, New Zealand, 1999.
  • [24] Joachims T.: A Probabilistic Analysis of the Rocchio Algorithm with TFIDF for Text Categorization. Tech. rep., Carnegie-Mellon Univ Pittsburgh PA Department of Computer Science, 1996.
  • [25] Kanaris I., Kanaris K., Houvardas I., Stamatatos E.: Words versus character n-grams for anti-spam Filtering. In: International Journal on Artificial Intelligence Tools, vol. 16(06), pp. 1047-1067, 2007.
  • [26] Kang H.J., Jang J.w., Mohaisen A., Kim H.K.: Androtracker: Creator information based android malware classification system. In: Information Security Applications-15th International Workshop, WISA, vol. 8909. 2014.
  • [27] Kim J., Yoon Y., Yi K., Shin J., Center S.: ScanDal: Static analyzer for detecting privacy leaks in android applications. In: MoST, vol. 12, p. 110, 2012.
  • [28] Kim T., Kang B., Rho M., Sezer S., Im E.G.: A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. In: IEEE Transactions on Information Forensics and Security, vol. 14(3), pp. 773-788, 2019.
  • [29] Kohavi R., et al.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: Proceedinds of the 14 International Joint Conference on Artificial Intelligence, vol. 2, pp. 1137-1145. Montreal, Canada, 1995.
  • [30] Kowsari K., Jafari Meimandi K., Heidarysafa M., Mendu S., Barnes L., Brown D.: Text classification algorithms: A survey. In: Information, vol. 10(4), p. 150, 2019.
  • [31] Lindorfer M., Neugschwandtner M., Weichselbaum L., Fratantonio Y., Van Der Veen V., Platzer C.: Andrubis -1,000,000 apps later: A view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3-17. IEEE, 2014.
  • [32] Lodhi H., Saunders C., Shawe-Taylor J., Cristianini N., Watkins C.: Text classification using string kernels. In: Journal of Machine Learning Research, vol. 2(Feb), pp. 419-444, 2002.
  • [33] Malhotra A., Bajaj K.: A hybrid pattern based text mining approach for malware detection using DBScan. In: CSI transactions on ICT, vol. 4(2-4), pp. 141-149, 2016.
  • [34] Malhotra A., Bajaj K.: A survey on various malware detection techniques on mobile platform. In: Int J Comput Appl, vol. 139(5), pp. 15-20, 2016.
  • [35] Martin A., Calleja A., Menendez H.D., Tapiador J., Camacho D.: ADROIT: Android malware detection using meta-information. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1-8. IEEE, 2016.
  • [36] Martin A., Lara-Cabrera R., Camacho D.: Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. In: Information Fusion, vol. 52, pp. 128-142, 2019.
  • [37] Mas' ud M.Z., Sahib S., Abdollah M.F., Selamat S.R., Huoy C.Y.: A Comparative Study on Feature Selection Method for N-gram Mobile Malware Detection. In: IJ Network Security, vol. 19(5), pp. 727-733, 2017.
  • [38] Mayer R., Neumayer R., Rauber A.: Combination of audio and lyrics features for genre classification in digital audio collections. In: Proceedings of the 16th ACM international conference on Multimedia, pp. 159-168. ACM, 2008.
  • [39] McCallum A., Nigam K., et al.: A comparison of event models for naive bayes text classification. In: AAAI-98 workshop on learning for text categorization, vol. 752, pp. 41-48. Citeseer, 1998.
  • [40] Milosevic N., Dehghantanha A., Choo K.K.R.: Machine learning aided Android malware classification. In: Computers & Electrical Engineering, vol. 61, pp. 266-274, 2017.
  • [41] Quinlan J.R.: C4. 5: programs for machine learning. Elsevier, 2014.
  • [42] Rovelli P., Vigfusson Y.: PMDS: Permission-based malware detection system. In: International Conference on Information Systems Security, pp. 338-357. Springer, 2014.
  • [43] Salton G., Buckley C.: Term-weighting approaches in automatic text retrieval. In: Information processing & management, vol. 24(5), pp. 513-523, 1988.
  • [44] Santos I., Penya Y.K., Devesa J., Bringas P.G.: N-grams-based File Signatures for Malware Detection. In: ICEIS (2), vol. 9, pp. 317-320, 2009.
  • [45] Sanz B., Santos I., Laorden C., Ugarte-Pedrero X., Bringas P.G., Alvarez G.: Puma: Permission usage to detect malware in android. In: International Joint Conference CISIS'12-ICEUTE'12-SOCO'12 Special Sessions, pp. 289-298. Springer, 2013.
  • [46] Sanz B., Santos I., Laorden C., Ugarte-Pedrero X., Nieves J., Bringas P.G., Alvarez G.: MAMA: manifest analysis for malware detection in android. In: Cybernetics and Systems, vol. 44(6-7), pp. 469-488, 2013.
  • [47] Shabtai A., Fledel Y., Elovici Y.: Automated static code analysis for classifying android applications using machine learning. In: 2010 International Conference on Computational Intelligence and Security, pp. 329-333. IEEE, 2010.
  • [48] Shabtai A., Kanonov U., Elovici Y., Glezer C.,Weiss Y.: Andromaly: a behavioral malware detection framework for android devices. In: Journal of Intelligent Information Systems, vol. 38(1), pp. 161-190, 2012
  • [49] Spreitzenbarth M., Freiling F., Echtler F., Schreck T., Hoffmann J.: Mobilesandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1808-1815. ACM, 2013.
  • [50] Stamatatos E., Fakotakis N., Kokkinakis G.: Automatic text categorization in terms of genre and author. In: Computational Linguistics, vol. 26(4), pp. 471-495, 2000.
  • [51] Suarez-Tangil G., Tapiador J.E., Peris-Lopez P., Blasco J.: Dendroid: A text mining approach to analyzing and classifying code structures in android malware families. In: Expert Systems with Applications, vol. 41(4), pp. 1104-1117, 2014.
  • [52] Sun M., Li X., Lui J.C., Ma R.T., Liang Z.: Monet: a user-oriented behaviorbased malware variants detection system for android. In: IEEE Transactions on Information Forensics and Security, vol. 12(5), pp. 1103-1112, 2017.
  • [53] Varsha M., Vinod P., Dhanya K.: Heterogeneous feature space for Android malware detection. In: 2015 Eighth International Conference on Contemporary Computing (IC3), pp. 383-388. IEEE, 2015.
  • [54] Wang S., Yan Q., Chen Z., Yang B., Zhao C., Conti M.: TextDroid: Semanticsbased detection of mobile malware using network ows. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 18-23. IEEE, 2017.
  • [55] Wang S., Yan Q., Chen Z., Yang B., Zhao C., Conti M.: Detecting android malware leveraging text semantics of network ows. In: IEEE Transactions on Information Forensics and Security, vol. 13(5), pp. 1096-1109, 2018.
  • [56] Wu D.J., Mao C.H., Wei T.E., Lee H.M., Wu K.P.: Droidmat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, pp. 62-69. IEEE, 2012.
  • [57] Yan L.K., Yin H.: DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 569-584. 2012.
  • [58] Zhang S., Xiao X.: CSCdroid: Accurately Detect Android Malware via Contribution-Level-Based System Call Categorization. In: 2017 IEEE Trust- com/BigDataSE/ICESS, pp. 193-200. IEEE, 2017.
  • [59] Zhao M., Ge F., Zhang T., Yuan Z.: Antimaldroid: An eficient SVM-based malware detection framework for android. In: International Conference on Information Computing and Applications, pp. 158-166. Springer, 2011.
  • [60] Zheng M., Sun M., Lui J.C.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 163-171. IEEE, 2013.
  • [61] Zhou Y., Wang Z., Zhou W., Jiang X.: Hey, you, get o of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25, pp. 50-52. 2012.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-cde6a27e-35f3-4f52-82fc-8fcf3f599606
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.