Loading...
Please wait, while we are loading the content...
Similar Documents
DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications
| Content Provider | CiteSeerX |
|---|---|
| Author | Yang, Chao Xu, Zhaoyan Gu, Guofei Yegneswaran, Vinod Porras, Phillip |
| Abstract | Abstract Most existing malicious Android app detection approaches rely on manually selected detection heuristics, features, and models. In this paper, we describe a new, complementary system, called DroidMiner, which uses static analysis to automatically mine malicious program logic from known Android malware, abstracts this logic into a sequence of threat modalities, and then seeks out these threat modality patterns in other unknown (or newly published) An-droid apps. We formalize a two-level behavioral graph representation used to capture Android app program logic, and design new techniques to identify and label elements of the graph that capture malicious behavioral patterns (or ma-licious modalities). After the automatic learning of these malicious behavioral models, DroidMiner can scan a new Android app to (i) determine whether it con-tains malicious modalities, (ii) diagnose the malware family to which it is most closely associated, (iii) and provide further evidence as to why the app is con-sidered to be malicious by including a concise description of identified malicious behaviors. We evaluate DroidMiner using 2,466 malicious apps, identified from a corpus of over 67,000 third-party market Android apps, plus an additional set of over 10,000 official market Android apps. Using this set of real-world apps, we demonstrate that DroidMiner achieves a 95.3 % detection rate, with only a 0.4% false positive rate. We further evaluate DroidMiner’s ability to classify malicious apps under their proper family labels, and measure its label accuracy at 92%. |
| File Format | |
| Access Restriction | Open |
| Subject Keyword | Fine-grained Malicious Behavior Android Application Malicious Apps Automatic Learning Malware Family New Android App Malicious Behavior Additional Set Capture Malicious Behavioral Pattern Malicious Android App Detection Ma-licious Modality An-droid Apps Malicious Behavioral Model Threat Modality Pattern Malicious Modality Two-level Behavioral Graph Representation Android App Program Logic Android Malware Official Market Android Apps New Technique Threat Modality False Positive Rate Proper Family Label Detection Heuristic Droidminer Ability Malicious Program Logic Real-world Apps Third-party Market Android Apps Static Analysis Label Accuracy Complementary System Concise Description Detection Rate |
| Content Type | Text |
