TY - GEN
T1 - Identifying unknown android malware with feature extractions and classification techniques
AU - Apvrille, Ludovic
AU - Apvrille, Axelle
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/12/2
Y1 - 2015/12/2
N2 - Android malware unfortunately have little difficulty to sneak in marketplaces. While known malware and their variants are nowadays quite well detected by antivirus scanners, new unknown malware, which are fundamentally different from others (e.g. '0-day'), remain an issue. To discover such new malware, the SherlockDroid framework filters masses of applications and only keeps the most likely to be malicious for future inspection by antivirus teams. Apart from crawling applications from marketplaces, SherlockDroid extracts code-level features, and then classifies unknown applications with Alligator. Alligator is a classification tool that efficiently and automatically combines several classification algorithms. To demonstrate the efficiency of our approach, we have extracted properties and classified over 600,000 applications during two crawling campaigns in July 2014 and October 2014, with the detection of one new malware, Android/Odpa.A!tr.spy, and two new riskware. With other findings, this increases SherlockDroid's 'Hall of Shame' to 9 totally unknown malware and potentially unwanted applications.
AB - Android malware unfortunately have little difficulty to sneak in marketplaces. While known malware and their variants are nowadays quite well detected by antivirus scanners, new unknown malware, which are fundamentally different from others (e.g. '0-day'), remain an issue. To discover such new malware, the SherlockDroid framework filters masses of applications and only keeps the most likely to be malicious for future inspection by antivirus teams. Apart from crawling applications from marketplaces, SherlockDroid extracts code-level features, and then classifies unknown applications with Alligator. Alligator is a classification tool that efficiently and automatically combines several classification algorithms. To demonstrate the efficiency of our approach, we have extracted properties and classified over 600,000 applications during two crawling campaigns in July 2014 and October 2014, with the detection of one new malware, Android/Odpa.A!tr.spy, and two new riskware. With other findings, this increases SherlockDroid's 'Hall of Shame' to 9 totally unknown malware and potentially unwanted applications.
KW - Android
KW - Classification
KW - Malware
KW - Privacy
KW - Security
KW - Static analysis
U2 - 10.1109/Trustcom.2015.373
DO - 10.1109/Trustcom.2015.373
M3 - Conference contribution
AN - SCOPUS:84966731106
T3 - Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
SP - 182
EP - 189
BT - Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
Y2 - 20 August 2015 through 22 August 2015
ER -