Using opcode-sequences to detect malicious Android applications

2014 IEEE International Conference on Communications, ICC 2014

Volumn , Issue , 2014, Pages 914-919

  Jerome, Quentin ^a   Allix, Kevin ^a   State, Radu ^a   Engel, Thomas ^a  

^a UNIVERSITY OF LUXEMBOURG   (Luxembourg)

Author keywords

Android malware; machine learning; opcode sequences

Indexed keywords

APPLICATION PROGRAMS; ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; LEARNING SYSTEMS; MALWARE;

ANDROID APPLICATIONS; ANDROID MALWARE; ANTIVIRUS SOFTWARES; FEATURE BASED DETECTION; MACHINE LEARNING TECHNIQUES; MALICIOUS ANDROID APPLICATIONS; OPCODE-SEQUENCES; SIGNATURE DETECTION;

ANDROID (OPERATING SYSTEM);

EID: 84906994678     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICC.2014.6883436     Document Type: Conference Paper

References (32)

1. Android Devices Statistics. http://news.cnet.com/8301-1035 3-57510994-94/google-500-million-android-devices-activated/. [Online; accessed 29-September-2013].
2. Kaspersky security bulletin 2012. http://www.securelist.com/en/analysis/ 204792255/Kaspersky Security Bulletin 2012 The overall statistics for 2012. [Online; accessed 29-September-2013].
3. F-secure report. http://thehackernews.com/2013/03/google-f-secure-can- say-that-anything.html. [Online; Accessed 29-September-2013
4. J. Oberheide and C. Miller, "Dissecting the android bouncer," Summer-Con2012, New York, 2012.
5. M. Egele, T. Scholte, E. Kirda, and C. Kruegel, "A survey on automated dynamic malware-analysis techniques and tools," ACM Comput. Surv., no. 2, pp. 6:1-6:42, Mar. 2008. [Online]. Available: http://doi.acm.org/ 10.1145/2089125.2089126
6. Dalvik bytecode obfuscation on Android. http://dexlabs.org/blog/bytecode- obfuscation. [Online; accessed 29-September-2013].
7. I. Santos, Y. Penya, J. Devesa, and P. Bringas, "N-grams-based file signatures for malware detection," in Proceedings of the 11th International Conference on Enterprise Information Systems (ICEIS), Volume AIDSS, 2009, pp. 317-320.
8. R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, and Y. Elovici, "Unknown malcode detection using opcode representation," Intelligence and Security Informatics, pp. 204-215, 2008.
9. J. Sahs and L. Khan, "A machine learning approach to android malware detection," in Intelligence and Security Informatics Conference (EISIC), 2012 European. IEEE, 2012, pp. 141-147.
10. I. Santos, F. Brezo, J. Nieves, J. K Penya, B. Sanz, C. Laorden, and P. G Bringas, Opcode-sequence-based Malware Detection. The Institute of Electrical and Electronics Engineers, Inc, 2010, vol. 5965, pp. 35-43.
11. I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "Opcode sequences as representation of executables for datamining-based unknown malware detection," Information Sciences, 2011. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/S0020025511004336
12. I. Santos, B. Sanz, C. Laorden, F. Brezo, and P. G. Bringas, Opcodesequence-based Semi-supervised Unknown Malware Detection, 2011, vol. 6694, pp. 50-57.
13. D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu, "Droidmat: Android malware detection through manifest and api calls tracing," in Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, 2012, pp. 62-69.
14. C. Chang and C. Lin, "Libsvm: A library for support vector machines," ACM Transactions on Intelligent Systems and Technology (TIST), no. 3, p. 27, 2011.
15. C5.0 Machine Learning Algorithm. http://www.rulequest.com/see5-info.html. [Online; accessed 29-September-2013].
16. R. Fan, K. Chang, C. Hsieh, X. Wang, and C. Lin, "Liblinear: A library for large linear classification," The Journal of Machine Learning Research, pp. 1871-1874, 2008.
17. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets," of the 19th Annual Network and, no. 2, 2012. [Online]. Available: http://www.csd.uoc.gr/?hy558/papers/mal apps.pdf
18. Virustotal. https://www.virustotal.com. [Online; accessed 29-September-2013].
19. S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, "Juxtapp: A scalable system for detecting code reuse among android applications."
20. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting repackaged smartphone applications in third-party android marketplaces," in Proceedings of the second ACM conference on Data and Application Security and Privacy, ser. CODASPY '12. New York, NY, USA: ACM, 2012, pp. 317-326. [Online]. Available: http://doi.acm.org/10. 1145/2133601.2133640
21. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM '11. New York, NY, USA: ACM, 2011, pp. 3-14. [Online]. Available: http://doi.acm.org.proxy. bnl.lu/10.1145/2046614.2046618
22. Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," in Proceedings of the 2012 IEEE Symposium on Security and Privacy, ser. SP '12. Washington, DC, USA: IEEE Computer Society, 2012, pp. 95-109. [Online]. Available: http://dx.doi.org/10.1109/SP.2012.16
23. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, "Andromaly: A behavioral malware detection framework for android devices," Journal of Intelligent Information Systems, no. 1, pp. 161-190, 2011. [Online]. Available: http://www.springerlink.com/index/10. 1007/s10844-010-0148-x
24. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: Scalable and accurate zero-day android malware detection," in Proceedings of the 10th international conference on Mobile systems, applications, and services, ser. MobiSys '12. New York, NY, USA: ACM, 2012, pp. 281-294. [Online]. Available: http://doi.acm.org. proxy.bnl.lu/10.1145/2307636.2307663
25. T. Isohara, K. Takemori, and A. Kubota, "Kernel-based behavior analysis for android malware detection," pp. 1011-1015, 2011. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper. htm?arnumber=6128277
26. L. Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A.-D. Schmidt, and S. Albayrak, "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications," Malicious and Unwanted Software, International Conference on, pp. 66-72, 2011.
27. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: behaviorbased malware detection system for android," Science, pp. 15-25, 2011. [Online]. Available: http://dl.acm.org/citation.cfm?id=2046619
28. C. Kilinc, T. Booth, and K. Andersson, "Walldroid: Cloud assisted virtualized application specific firewalls for the android os," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012, pp. 877-883.
29. M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, "Unsafe exposure analysis of mobile in-app advertisements," in Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, ser. WISEC '12. New York, NY, USA: ACM, 2012, pp. 101-112. [Online]. Available: http://doi.acm.org.proxy.bnl.lu/10.1145/2185448.2185464
30. P. Pearce, A. P. Felt, G. Nunez, and D. Wagner, "Addroid: Privilege separation for applications and advertisers in android," in Proceedings of AsiaCCS, 2012.
31. S. Patrick, "Code protection in android," Rheinische Friedrich-Wilhelms-Universität Bonn, Germany, Tech. Rep., 2012.
32. M. Zheng, P. P. Lee, and J. C. Lui, "ADAM: An automatic and extensible platform to stress test Android anti-virus systems," in Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2013, pp. 82-101.