Identifying Android malware using dynamically obtained features View Full Text


Ontology type: schema:ScholarlyArticle     


Article Info

DATE

2015-02

AUTHORS

Vitor Monte Afonso, Matheus Favero de Amorim, André Ricardo Abed Grégio, Glauco Barroso Junquera, Paulo Lício de Geus

ABSTRACT

The constant evolution of mobile devices’ resources and features turned ordinary phones into powerful and portable computers, leading their users to perform payments, store sensitive information and even to access other accounts on remote machines. This scenario has contributed to the rapid rise of new malware samples targeting mobile platforms. Given that Android is the most widespread mobile operating system and that it provides more options regarding application markets (official and alternative stores), it has been the main target for mobile malware. As such, markets that publish Android applications have been used as a point of infection for many users, who unknowingly download some popular applications that are in fact disguised malware. Hence, there is an urge for techniques to analyze and identify malicious applications before they are published and able to harm users. In this article, we present a system to dynamically identify whether an Android application is malicious or not, based on machine learning and features extracted from Android API calls and system call traces. We evaluated our system with 7,520 apps, 3,780 for training and 3,740 for testing, and obtained a detection rate of 96.66 %. More... »

PAGES

9-17

References to SciGraph publications

  • 2013. PUMA: Permission Usage to Detect Malware in Android in INTERNATIONAL JOINT CONFERENCE CISIS’12-ICEUTE´12-SOCO´12 SPECIAL SESSIONS
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s11416-014-0226-7

    DOI

    http://dx.doi.org/10.1007/s11416-014-0226-7

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1019956480


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/1005", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Communications Technologies", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/10", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Technology", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "State University of Campinas", 
              "id": "https://www.grid.ac/institutes/grid.411087.b", 
              "name": [
                "University of Campinas, Campinas, SP, Brazil"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Afonso", 
            "givenName": "Vitor Monte", 
            "id": "sg:person.010336470207.20", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010336470207.20"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "State University of Campinas", 
              "id": "https://www.grid.ac/institutes/grid.411087.b", 
              "name": [
                "University of Campinas, Campinas, SP, Brazil"
              ], 
              "type": "Organization"
            }, 
            "familyName": "de Amorim", 
            "givenName": "Matheus Favero", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "State University of Campinas", 
              "id": "https://www.grid.ac/institutes/grid.411087.b", 
              "name": [
                "University of Campinas, Campinas, SP, Brazil"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Gr\u00e9gio", 
            "givenName": "Andr\u00e9 Ricardo Abed", 
            "id": "sg:person.013601035005.37", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013601035005.37"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "name": [
                "Samsung Institute for Informatics Development (SIDI), Campinas, SP, Brazil"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Junquera", 
            "givenName": "Glauco Barroso", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "State University of Campinas", 
              "id": "https://www.grid.ac/institutes/grid.411087.b", 
              "name": [
                "University of Campinas, Campinas, SP, Brazil"
              ], 
              "type": "Organization"
            }, 
            "familyName": "de Geus", 
            "givenName": "Paulo L\u00edcio", 
            "id": "sg:person.011761136731.35", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011761136731.35"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "https://doi.org/10.1145/2046614.2046618", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1004604643"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/2307636.2307663", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1008463837"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/2381934.2381950", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1008630506"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-33018-6_30", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1024617733", 
              "https://doi.org/10.1007/978-3-642-33018-6_30"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/1656274.1656278", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1028526411"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/2480362.2480701", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1033547244"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/acsac.2007.21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1093515115"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/malware.2010.5665792", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1094002064"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/sp.2012.16", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1094209237"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/msn.2012.43", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1094434630"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/trustcom.2013.25", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1095474597"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/asiajcis.2012.18", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1095607224"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.14722/ndss.2014.23247", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1095872940"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.14722/ndss.2014.23328", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1095872955"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2015-02", 
        "datePublishedReg": "2015-02-01", 
        "description": "The constant evolution of mobile devices\u2019 resources and features turned ordinary phones into powerful and portable computers, leading their users to perform payments, store sensitive information and even to access other accounts on remote machines. This scenario has contributed to the rapid rise of new malware samples targeting mobile platforms. Given that Android is the most widespread mobile operating system and that it provides more options regarding application markets (official and alternative stores), it has been the main target for mobile malware. As such, markets that publish Android applications have been used as a point of infection for many users, who unknowingly download some popular applications that are in fact disguised malware. Hence, there is an urge for techniques to analyze and identify malicious applications before they are published and able to harm users. In this article, we present a system to dynamically identify whether an Android application is malicious or not, based on machine learning and features extracted from Android API calls and system call traces. We evaluated our system with 7,520 apps, 3,780 for training and 3,740 for testing, and obtained a detection rate of 96.66 %.", 
        "genre": "research_article", 
        "id": "sg:pub.10.1007/s11416-014-0226-7", 
        "inLanguage": [
          "en"
        ], 
        "isAccessibleForFree": false, 
        "isPartOf": [
          {
            "id": "sg:journal.1136175", 
            "issn": [
              "2274-2042", 
              "1772-9904"
            ], 
            "name": "Journal of Computer Virology and Hacking Techniques", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "1", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "11"
          }
        ], 
        "name": "Identifying Android malware using dynamically obtained features", 
        "pagination": "9-17", 
        "productId": [
          {
            "name": "readcube_id", 
            "type": "PropertyValue", 
            "value": [
              "5f15b6e81700c0ae92da8909261f1601694c1143f5810b36ae6b8a248f93459a"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s11416-014-0226-7"
            ]
          }, 
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1019956480"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s11416-014-0226-7", 
          "https://app.dimensions.ai/details/publication/pub.1019956480"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2019-04-10T18:22", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8675_00000521.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "http://link.springer.com/10.1007%2Fs11416-014-0226-7"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s11416-014-0226-7'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s11416-014-0226-7'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s11416-014-0226-7'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s11416-014-0226-7'


     

    This table displays all metadata directly associated to this object as RDF triples.

    132 TRIPLES      21 PREDICATES      41 URIs      19 LITERALS      7 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s11416-014-0226-7 schema:about anzsrc-for:10
    2 anzsrc-for:1005
    3 schema:author N8f7d53cf5d6941638e475cfa62698073
    4 schema:citation sg:pub.10.1007/978-3-642-33018-6_30
    5 https://doi.org/10.1109/acsac.2007.21
    6 https://doi.org/10.1109/asiajcis.2012.18
    7 https://doi.org/10.1109/malware.2010.5665792
    8 https://doi.org/10.1109/msn.2012.43
    9 https://doi.org/10.1109/sp.2012.16
    10 https://doi.org/10.1109/trustcom.2013.25
    11 https://doi.org/10.1145/1656274.1656278
    12 https://doi.org/10.1145/2046614.2046618
    13 https://doi.org/10.1145/2307636.2307663
    14 https://doi.org/10.1145/2381934.2381950
    15 https://doi.org/10.1145/2480362.2480701
    16 https://doi.org/10.14722/ndss.2014.23247
    17 https://doi.org/10.14722/ndss.2014.23328
    18 schema:datePublished 2015-02
    19 schema:datePublishedReg 2015-02-01
    20 schema:description The constant evolution of mobile devices’ resources and features turned ordinary phones into powerful and portable computers, leading their users to perform payments, store sensitive information and even to access other accounts on remote machines. This scenario has contributed to the rapid rise of new malware samples targeting mobile platforms. Given that Android is the most widespread mobile operating system and that it provides more options regarding application markets (official and alternative stores), it has been the main target for mobile malware. As such, markets that publish Android applications have been used as a point of infection for many users, who unknowingly download some popular applications that are in fact disguised malware. Hence, there is an urge for techniques to analyze and identify malicious applications before they are published and able to harm users. In this article, we present a system to dynamically identify whether an Android application is malicious or not, based on machine learning and features extracted from Android API calls and system call traces. We evaluated our system with 7,520 apps, 3,780 for training and 3,740 for testing, and obtained a detection rate of 96.66 %.
    21 schema:genre research_article
    22 schema:inLanguage en
    23 schema:isAccessibleForFree false
    24 schema:isPartOf N6dfe1c2d59294e61836c307957e5b8ae
    25 Nb76b6ac261f441648b0759b3ae1c820e
    26 sg:journal.1136175
    27 schema:name Identifying Android malware using dynamically obtained features
    28 schema:pagination 9-17
    29 schema:productId N23c210913ca742338fb8262e7c6f31a7
    30 N5b7cd2933a694f97a9e68da97b873445
    31 Na16d73722bf641fe97d3ee2806b06b3a
    32 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019956480
    33 https://doi.org/10.1007/s11416-014-0226-7
    34 schema:sdDatePublished 2019-04-10T18:22
    35 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    36 schema:sdPublisher N9765e3bd92ad45ffa2fdc74f10b15d3a
    37 schema:url http://link.springer.com/10.1007%2Fs11416-014-0226-7
    38 sgo:license sg:explorer/license/
    39 sgo:sdDataset articles
    40 rdf:type schema:ScholarlyArticle
    41 N083324ce17754652b5a450daff50948d rdf:first sg:person.013601035005.37
    42 rdf:rest Nd943db28818f47439f4664c05fcb9dc2
    43 N23c210913ca742338fb8262e7c6f31a7 schema:name readcube_id
    44 schema:value 5f15b6e81700c0ae92da8909261f1601694c1143f5810b36ae6b8a248f93459a
    45 rdf:type schema:PropertyValue
    46 N3da7df5491f44268990c74c924a163cd schema:affiliation https://www.grid.ac/institutes/grid.411087.b
    47 schema:familyName de Amorim
    48 schema:givenName Matheus Favero
    49 rdf:type schema:Person
    50 N5557b9e1d9e743ea9fc36f6254148426 rdf:first N3da7df5491f44268990c74c924a163cd
    51 rdf:rest N083324ce17754652b5a450daff50948d
    52 N5b7cd2933a694f97a9e68da97b873445 schema:name doi
    53 schema:value 10.1007/s11416-014-0226-7
    54 rdf:type schema:PropertyValue
    55 N6679a35646e143709b9d16d514425712 rdf:first sg:person.011761136731.35
    56 rdf:rest rdf:nil
    57 N6dfe1c2d59294e61836c307957e5b8ae schema:volumeNumber 11
    58 rdf:type schema:PublicationVolume
    59 N756d52df9aa04785882e32c5bd32c332 schema:affiliation Nf163c0c28399419a877f93479b6ad99f
    60 schema:familyName Junquera
    61 schema:givenName Glauco Barroso
    62 rdf:type schema:Person
    63 N8f7d53cf5d6941638e475cfa62698073 rdf:first sg:person.010336470207.20
    64 rdf:rest N5557b9e1d9e743ea9fc36f6254148426
    65 N9765e3bd92ad45ffa2fdc74f10b15d3a schema:name Springer Nature - SN SciGraph project
    66 rdf:type schema:Organization
    67 Na16d73722bf641fe97d3ee2806b06b3a schema:name dimensions_id
    68 schema:value pub.1019956480
    69 rdf:type schema:PropertyValue
    70 Nb76b6ac261f441648b0759b3ae1c820e schema:issueNumber 1
    71 rdf:type schema:PublicationIssue
    72 Nd943db28818f47439f4664c05fcb9dc2 rdf:first N756d52df9aa04785882e32c5bd32c332
    73 rdf:rest N6679a35646e143709b9d16d514425712
    74 Nf163c0c28399419a877f93479b6ad99f schema:name Samsung Institute for Informatics Development (SIDI), Campinas, SP, Brazil
    75 rdf:type schema:Organization
    76 anzsrc-for:10 schema:inDefinedTermSet anzsrc-for:
    77 schema:name Technology
    78 rdf:type schema:DefinedTerm
    79 anzsrc-for:1005 schema:inDefinedTermSet anzsrc-for:
    80 schema:name Communications Technologies
    81 rdf:type schema:DefinedTerm
    82 sg:journal.1136175 schema:issn 1772-9904
    83 2274-2042
    84 schema:name Journal of Computer Virology and Hacking Techniques
    85 rdf:type schema:Periodical
    86 sg:person.010336470207.20 schema:affiliation https://www.grid.ac/institutes/grid.411087.b
    87 schema:familyName Afonso
    88 schema:givenName Vitor Monte
    89 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010336470207.20
    90 rdf:type schema:Person
    91 sg:person.011761136731.35 schema:affiliation https://www.grid.ac/institutes/grid.411087.b
    92 schema:familyName de Geus
    93 schema:givenName Paulo Lício
    94 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011761136731.35
    95 rdf:type schema:Person
    96 sg:person.013601035005.37 schema:affiliation https://www.grid.ac/institutes/grid.411087.b
    97 schema:familyName Grégio
    98 schema:givenName André Ricardo Abed
    99 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013601035005.37
    100 rdf:type schema:Person
    101 sg:pub.10.1007/978-3-642-33018-6_30 schema:sameAs https://app.dimensions.ai/details/publication/pub.1024617733
    102 https://doi.org/10.1007/978-3-642-33018-6_30
    103 rdf:type schema:CreativeWork
    104 https://doi.org/10.1109/acsac.2007.21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093515115
    105 rdf:type schema:CreativeWork
    106 https://doi.org/10.1109/asiajcis.2012.18 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095607224
    107 rdf:type schema:CreativeWork
    108 https://doi.org/10.1109/malware.2010.5665792 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094002064
    109 rdf:type schema:CreativeWork
    110 https://doi.org/10.1109/msn.2012.43 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094434630
    111 rdf:type schema:CreativeWork
    112 https://doi.org/10.1109/sp.2012.16 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094209237
    113 rdf:type schema:CreativeWork
    114 https://doi.org/10.1109/trustcom.2013.25 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095474597
    115 rdf:type schema:CreativeWork
    116 https://doi.org/10.1145/1656274.1656278 schema:sameAs https://app.dimensions.ai/details/publication/pub.1028526411
    117 rdf:type schema:CreativeWork
    118 https://doi.org/10.1145/2046614.2046618 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004604643
    119 rdf:type schema:CreativeWork
    120 https://doi.org/10.1145/2307636.2307663 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008463837
    121 rdf:type schema:CreativeWork
    122 https://doi.org/10.1145/2381934.2381950 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008630506
    123 rdf:type schema:CreativeWork
    124 https://doi.org/10.1145/2480362.2480701 schema:sameAs https://app.dimensions.ai/details/publication/pub.1033547244
    125 rdf:type schema:CreativeWork
    126 https://doi.org/10.14722/ndss.2014.23247 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095872940
    127 rdf:type schema:CreativeWork
    128 https://doi.org/10.14722/ndss.2014.23328 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095872955
    129 rdf:type schema:CreativeWork
    130 https://www.grid.ac/institutes/grid.411087.b schema:alternateName State University of Campinas
    131 schema:name University of Campinas, Campinas, SP, Brazil
    132 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...