Visible to the public Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection

TitleAcquiring and Analyzing App Metrics for Effective Mobile Malware Detection
Publication TypeConference Paper
Year of Publication2016
AuthorsCanfora, Gerardo, Medvet, Eric, Mercaldo, Francesco, Visaggio, Corrado Aaron
Conference NameProceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics
Date PublishedMarch 2016
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4077-9
Keywordsandroid, android encryption, Big Data, big data security, big data security metrics, Human Behavior, learning, machine, Malware, Metrics, pubcrawl, Resiliency, Scalability, security
Abstract

Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature provides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls. In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more difficult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experimenting on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.

URLhttps://dl.acm.org/doi/10.1145/2875475.2875481
DOI10.1145/2875475.2875481
Citation Keycanfora_acquiring_2016