Fingerprinting Android malware families

Nannan XIE; Xing WANG; Wei WANG; Jiqiang LIU

doi:10.1007/s11704-017-6493-y

PDF(331 KB)

Front. Comput. Sci. ›› 2019, Vol. 13 ›› Issue (3) : 637-646. DOI: 10.1007/s11704-017-6493-y

RESEARCH ARTICLE

Fingerprinting Android malware families

Author information +

History +

Abstract

The domination of the Android operating system in the market share of smart terminals has engendered increasing threats of malicious applications (apps). Research on Android malware detection has received considerable attention in academia and the industry. In particular, studies on malware families have been beneficial to malware detection and behavior analysis. However, identifying the characteristics of malware families and the features that can describe a particular family have been less frequently discussed in existing work. In this paper, we are motivated to explore the key features that can classify and describe the behaviors of Android malware families to enable fingerprinting the malware families with these features.We present a framework for signature-based key feature construction. In addition, we propose a frequency-based feature elimination algorithm to select the key features. Finally, we construct the fingerprints of ten malware families, including twenty key features in three categories. Results of extensive experiments using Support Vector Machine demonstrate that the malware family classification achieves an accuracy of 92% to 99%. The typical behaviors of malware families are analyzed based on the selected key features. The results demonstrate the feasibility and effectiveness of the presented algorithm and fingerprinting method.

Keywords

Android malware / malware family / feature selection / behavior analysis

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Nannan XIE, Xing WANG, Wei WANG, Jiqiang LIU. Fingerprinting Android malware families. Front. Comput. Sci., 2019, 13(3): 637‒646 https://doi.org/10.1007/s11704-017-6493-y

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Wang W, Zhang X L, Gombault S. Constructing attribute weights from computer audit data for effective intrusion detection. Journal of Systems and Software, 2009, 82(12): 1974–1981 CrossRef Google scholar

[2]	Guan X H, Wang W, Zhang X L. Fast intrusion detection based on a non-negative matrix factorization model. Journal of Network and Computer Applications, 2009, 32(1): 31–44 CrossRef Google scholar

[3]	Wang W, Guan X H, Zhang X L, Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Computers & Security, 2006, 25(7): 539–550 CrossRef Google scholar

[4]	Wang W, Guan X, Zhang X L. Processing of massive audit data streams for real-time anomaly intrusion detection. Computer Communications, 2008, 31(1): 58–72 CrossRef Google scholar

[5]	Wang W, Liu J Q, Pitsilis G, Zhang X L. Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences, 2018, 433: 417–430 CrossRef Google scholar

[6]	Zhang X L, T Lee, Pitsilis G. Securing recommender systems against shilling attacks using social-based clustering. Journal of Computer Science and Technology, 2013, 28(4): 616–624 CrossRef Google scholar

[7]	Wang W, Guyet T, Quiniou R, Cordier M O, Masseglia F, Zhang X L. Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowledge-Based Systems, 2014, 70: 103–117 CrossRef Google scholar

[8]	Wang W, Battiti R. Identifying intrusions in computer networks with principal component analysis. In: Proceedings of the 1st International Conference on Availability, Reliability and Security. 2006, 1–8 CrossRef Google scholar

[9]	Zhang X L, Furtlehner C, Germain-Renaud C, Sebag M. Data stream clustering with affinity propagation. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(7): 1644–1656 CrossRef Google scholar

[10]	Li J, Li J W, Chen X F, Lou W. Identity-based encryption with outsourced revocation in cloud computing. IEEE Transactions on Computers, 2015, 64(2): 425–437 CrossRef Google scholar

[11]	Li J, Li Y K, Chen X F, Lee P, Lou W. A hybrid cloud approach for secure authorized deduplication. IEEE Transactions on Parallel & Distributed Systems, 2015, 26(5): 1206–1216 CrossRef Google scholar

[12]	Zhou Y, Jiang X. Detecting Android malware: characterization and evolution. In: Proceedings of IEEE Symposium on Security and Privacy. 2012, 95–109

[13]	Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009, 235–245 CrossRef Google scholar

[14]	Chan P F, Hui L K, Yiu S M. Droidchecker: analyzing Android applications for capability leak. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 2012, 125–136 CrossRef Google scholar

[15]	Lu L, Li Z, Wu Z, Lee W, Jiang G. Chex: statically vetting Android apps for component hijacking vulnerabilities. In: Proceedings of ACM Conference on Computer and Communications Security. 2012, 229–240 CrossRef Google scholar

[16]	Felt A P, Chin E, Hanna S, Song D, Wagner D. Android permissions demystified. In: Proceedings of the ACM Conference on Computer and Communications Security. 2011, 627–638 CrossRef Google scholar

[17]	Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach D S. Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX Conference of Security. 2011, 23–24

[18]	Huang J J, Zhang X Y, Tan L, Wang P, Liang B. AsDroid: detecting stealthy behaviors in Android applications by user interface and program behaviors contradiction. In: Proceedings of the 36th International Conference on Software Engineering. 2014, 1036–1046 CrossRef Google scholar

[19]	Wang W, Wang X, Feng D, Liu J. Exploring permission-induced risk in Android applications for malicious application detection. IEEE Transactions on Information Forensics and Security. 2014, 9(11): 1869–1882 CrossRef Google scholar

[20]	Liu X, Liu J, Wang W, He Y, Zhang X. Discovering and understanding Android sensor usage behaviors with data flow analysis. World Wide Web, 2018, 21(1): 105–126 CrossRef Google scholar

[21]	Liu X, Zhu S, Wang W, Liu J. Alde: privacy risk analysis of analytics libraries in the Android ecosystem. In: Proceedings of the 12th EAI International Conference on Security and Privacy in Communication Networks. 2016, 10–12

[22]	Wang W, Li Y, Wang X, Liu J Q, Zhang X L. Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers. Future Generation Computer Systems, 2018, 78: 987–994 CrossRef Google scholar

[23]	Barrera D, Oorschot P, Somayaji A. A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of ACM Conference on Computer and Communications Security. 2010, 73–84 CrossRef Google scholar

[24]	Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y. “Andromaly”: a behavioral malware detection framework for Android devices. Journal of Intelligent Information Systems, 2012, 38(1): 161–190 CrossRef Google scholar

[25]	Munoz A, Martin I, Guzman A, Hernandez J. Android malware detection from Google Play meta-data: selection of important features. In: Proceedings of IEEE Conference on Communications & Network Security. 2015, 701–702 CrossRef Google scholar

[26]	Qing S H. Research progress on Android security. Journal of Software, 2016, 27(1): 45–71

[27]	Jang J W, Yun J, Mohaisen A, Woo J, Kim H K. Detecting and classifying method based on similarity matching of Android malware behavior with profile. Spingerplus, 2016, 5(1): 1–23 CrossRef Google scholar

[28]	Chen J, Alalfi M H, Dean T R, Zou Y. Detecting Android malware using clone detection. Journal of Computer Science and Technology, 2015, 30(5): 942–956 CrossRef Google scholar

[29]	Dunham K, Hartman S, Morales J A, Quintans M, Strazzere T. Android Malware and Analysis. Boca Raion, Florida: CRC Press, 2014 CrossRef Google scholar

[30]	Liu H, Yu L. Toward integrating feature selection algorithms for classification and clustering. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(4): 491–502 CrossRef Google scholar

[31]	Cheng Z D, Zhang Y J, Fan X, Zhu B. Study on discriminant matrices of commonly-used fisher discriminant functions. Acta Automatica Sinica, 2010, 36(10): 1361–1370 CrossRef Google scholar

[32]	Yang J, Ye H. Theory of fisher discriminant analysis and its application. Acta Automatica Sinica, 2003, 29(4): 481–493

RIGHTS & PERMISSIONS

2018 Higher Education Press and Springer-Verlag GmbH Germany, part of Springer Nature

AI Summary AI Mindmap

PDF(331 KB)

Accesses

Citations

Detail

Sections

Recommended

Received	Accepted	Published
07 Oct 2016	07 Apr 2017	15 Jun 2019
Just Accepted Date	Online First Date	Issue Date
03 May 2017	06 Jul 2018	24 Apr 2019

About the journal

Aims & scope

Description

Editorial board

Abstracting / Indexing

Contact us

Browse

Just accepted

Online first

Latest issue

All volumes and issues

Collections

Featured articles

Most accessed

Most cited

Collections

Multimedia collections

Authors & reviewers

Online submisson

Call for papers

Guidelines for authors

Download templates