Preprints‎ > ‎

Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection by G. Canfora, E. Medvet, F. Mercaldo and C. A. Visaggio

pubblicato 19 feb 2016, 11:06 da Gerardo Canfora
Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature pro- vides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls.
In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more diffi- cult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experiment- ing on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.
International Workshop on Security And Privacy Analytics (IWSPA 2016) - New Orleans, USA
Gerardo Canfora,
19 feb 2016, 11:07