Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
11-2014
Abstract
The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-based approaches can be easily evaded by bytecode-level transformation attacks. Prior learning-based works extract features from application syntax, rather than program semantics, and are also subject to evasion. In this paper, we propose a novel semantic-based approach that classifies Android malware via dependency graphs. To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to construct feature sets. To fight against malware variants and zero-day malware, we introduce graph similarity metrics to uncover homogeneous application behaviors while tolerating minor implementation differences. We implement a prototype system, DroidSIFT, in 23 thousand lines of Java code. We evaluate our system using 2200 malware samples and 13500 benign samples. Experiments show that our signature detection can correctly label 93% of malware instances; our anomaly detector is capable of detecting zero-day malware with a low false negative rate (2%) and an acceptable false positive rate (5.15%) for a vetting purpose.
Keywords
Android, Anomaly detection, Graph similarity, Malware classification, Semantics-aware, Signature detection
Discipline
Information Security
Research Areas
Cybersecurity; Information Systems and Management
Publication
Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, USA, 2014 November 3-7
First Page
1105
Last Page
1116
Identifier
10.1145/2660267.2660359
Publisher
ACM
City or Country
New York
Citation
ZHANG, Mu; DUAN, Yue; YIN, Heng; and ZHAO, Zhiruo.
Semantics-aware Android malware classification using weighted contextual API dependency graphs. (2014). Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, USA, 2014 November 3-7. 1105-1116.
Available at: https://ink.library.smu.edu.sg/sis_research/8176
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
http://doi.org/10.1145/2660267.2660359