A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code

IEEE Transactions on Dependable and Secure Computing

Volumn 12, Issue 4, 2015, Pages 400-412

  Cen, Lei ^a   Gates, Christoher S ^a   Si, Luo ^a   Li, Ninghui ^a  

^a Purdue University   (United States)

Author keywords

Android; discriminative model; machine learning; malicious application

Indexed keywords

ANDROID (OPERATING SYSTEM); CODES (SYMBOLS); COMPUTER PROGRAMMING LANGUAGES; LEARNING SYSTEMS; MALWARE;

ANDROID; APPLICATION PERMISSIONS; CLASSIFICATION RESULTS; DISCRIMINATIVE LEARNING; DISCRIMINATIVE MODELS; EXPERIMENTAL EVALUATION; FEATURE REPRESENTATION; STATE-OF-THE-ART METHODS;

MOBILE SECURITY;

EID: 84975230776     PISSN: 15455971     EISSN: 19410018     Source Type: Journal    
DOI: 10.1109/TDSC.2014.2355839     Document Type: Article

References (32)

1. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification," in Proc. 16th ACM Conf. Comput. Commun. Security, 2009, pp. 235-245.
2. B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Android permissions: A perspective combining risks and benefits," in Proc. 17th ACM Symp. Access Control Models Technol., 2012, pp. 13-22.
3. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Using probabilistic generative models for ranking risks of Android apps," in Proc. ACM Conf. Comput. Commun. Security, 2012, pp. 241-252.
4. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified," in Proc. 18th ACM Conf. Comput. Commun. Security, 2011, pp. 627-638.
5. A. Genkin, D. D. Lewis, and D. Madigan, "Large-scale Bayesian logistic regression for text categorization," Technometrics, vol. 49, no. 3, pp. 291-304, 2007.
6. Q. Wang, L. Si, and D. Zhang, "A discriminative data-dependent mixture-model approach for multiple instance learning in image classification," in Proc. 12th Eur. Conf. Comput. Vis.-Vol. Part IV, 2012, pp. 660-673.
7. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: scalable and accurate zero-day Android malware detection," in Proc. 10th Int. Conf. Mobile Syst., Appl., Services, 2012, pp. 281-294.
8. A.-D. Schmidt, J. Clausen, A. Camtepe, and S. Albayrak, "Detecting symbian OS malware through static function call analysis," in Proc. 4th Int. Conf. Malicious Unwanted Softw., 2009, pp. 15-22.
9. H. He and E. A. Garcia, "Learning from imbalanced data," IEEE Trans. Knowl. Data Eng., vol. 21, no. 9, pp. 1263-1284, Sep. 2009.
10. J. Z. Kolter and M. A. Maloof, "Learning to detect and classify malicious executables in the wild," J. Mach. Learn. Res., vol. 7, pp. 2721-2744, Dec. 2006.
11. J. Jang, D. Brumley, and S. Venkataraman, "Bitshred: Feature hashing malware for scalable triage and semantic analysis," in Proc. 18th ACM Conf. Comput. Commun. Security, 2011, pp. 309-320.
12. A. Desnos, "Android: Static analysis using similarity distance," in Proc. 45th Hawaii Int. Conf. Syst. Sci., 2012, pp. 5394-5403.
13. A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. A. Yüksel, S. A. Camtepe, and S. Albayrak, "Static analysis of executables for collaborative malware detection on Android," in Proc. IEEE Int. Conf. Commun., 2009, pp. 1-5.
14. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A study of Android application security," in Proc. 20th USENIX Conf. Secur., 2011, p. 21.
15. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets," in Proc. 19th Annu. Netw. Distrib. Syst. Security Symp., Feb. 2012.
16. Y. Aafer, W. Du, and H. Yin, "Droidapiminer: Mining apilevel features for robust malware detection in android," in Proc. 9th Int. ICST Conf. Security Privacy Commun. Netw., 2013, pp. 86-103.
17. M. Christodorescu, S. Jha, and C. Kruegel, "Mining specifications of malicious behavior," in Proc. 6th Joint Meeting Eur. Softw. Eng. Conf. ACM SIGSOFT Symp. Found. Softw. Eng., 2007, pp. 5-14.
18. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, "Learning and classification of malware behavior," in Proc. 5th Int. Conf. Detection Intrusions Malware, Vulnerability Assessment, 2008, pp. 108-125.
19. M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian, and J. Nazario, "Automated classification and analysis of internet malware," in Proc. 10th Int. Conf. Recent Adv. Intrusion Detection, 2007, pp. 178-197.
20. A. Shabtai and Y. Elovici, "Applying behavioral detection on Android-based devices," in Proc. 3rd Int. Conf. Mobile Wireless Middleware, Operating Syst., Appl., 2010, pp. 235-249.
21. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid Android: Versatile protection for smartphones," in Proc. 26th Annu. Comput. Security Appl. Conf., 2010, pp. 347-356.
22. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavior-based malware detection system for Android," in Proc. 1st ACM Workshop Security Privacy Smartphones Mobile Devices, 2011, pp. 15-26.
23. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, "Pscout: Analyzing the Android permission specification," in Proc. ACM Conf. Comput. Commun. Security, 2012, pp. 217-228.
24. A. P. Felt, K. Greenwood, and D. Wagner, "The effectiveness of application permissions," in Proc. 2nd USENIX Conf. Web Appl. Develop., 2011, p. 7.
25. J. Davis and M. Goadrich, "The relationship between Precision-Recall and ROC curves," in Proc. 23rd Int. Conf. Mach. Learn., 2006, pp. 233-240.
26. Y. Yang and J. O. Pedersen, "A comparative study on feature selection in text categorization," in Proc. 14th Int. Conf. Mach. Learn., 1997, pp. 412-420.
27. S. Boyd and L. Vandenberghe, Convex Optimization. Cambridge, U.K.: Cambridge Univ. Press, 2004.
28. B. Quanz and J. Huan, "Aligned graph classification with regularized logistic regression," in Proc. SIAM Int. Conf. Data Mining, 2009, pp. 353-364.
29. Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," in Proc. IEEE Symp. Security Privacy, 2012, pp. 95-109.
30. T. Fawcett, "An introduction to ROC analysis," Pattern Recog. Lett., vol. 27, no. 8, pp. 861-874, Jun. 2006.
31. S. Axelsson, "The base-rate fallacy and the difficulty of intrusion detection," ACM Trans. Inf. Syst. Security, vol. 3, no. 3, pp. 186-205, 2000.
32. V. Rastogi, Y. Chen, and X. Jiang, "Droidchameleon: Evaluating android anti-malware against transformation attacks," in Proc. 8th ACM SIGSAC Symp. Inf., Comput. Commun. Security, 2013, pp. 329-334.