• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Annual Conference on Privacy, Security and Trust >Automated Static Analysis and Classification of Android Malware using Permission and API Calls Models
【24h】

Automated Static Analysis and Classification of Android Malware using Permission and API Calls Models

机译:使用权限和API调用模型对Android恶意软件进行自动静态分析和分类

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper we propose a heuristic approach to static analysis of Android applications based on matching suspicious applications with the predefined malware models. Static models are built from Android capabilities and Android Framework API call chains used by the application. All of the analysis steps and model construction are fully automated. Therefore, the method can be easily deployed as one of the automated checks provided by mobile application marketplaces or other interested organizations. Using the proposed method we analyzed the Drebin and ISCX malware collections in order to find possible relationships and dependencies between samples in collections, and a large fraction of Google Play apps collected between 2013 and 2016 representing benign data. Analysis results show that a combination of relatively simple static features represented by permissions and API call chains is enough to perform binary classification between malware and benign apps, and even find the corresponding malware family, with an appropriate false positive rate of about 3% (less than 1% in case of filtering adware). Malware collections exploration results show that Android malware rarely uses obfuscation or encryption techniques to make static analysis more difficult, which is quite the opposite of what we see in the case of the 'Wintel' endpoint platform family. We also provide the experiment-based comparison with the previously proposed state-of-the-art Android malware detection method adagio.
机译:在本文中,我们提出了一种启发式方法,该方法基于将可疑应用程序与预定义的恶意软件模型进行匹配,从而对Android应用程序进行静态分析。静态模型是根据应用程序使用的Android功能和Android Framework API调用链构建的。所有分析步骤和模型构建都是完全自动化的。因此,该方法可以容易地部署为由移动应用程序市场或其他感兴趣的组织提供的自动检查之一。使用提议的方法,我们分析了Drebin和ISCX恶意软件集合,以发现集合中样本之间的可能关系和依赖性,以及在2013年至2016年之间收集的代表良性数据的大部分Google Play应用。分析结果表明,由权限和API调用链表示的相对简单的静态功能的组合足以在恶意软件和良性应用之间执行二进制分类,甚至找到相应的恶意软件家族,其误报率约为3%(如果过滤广告软件,则小于1%。恶意软件集合的探索结果表明,Android恶意软件很少使用混淆或加密技术来增加静态分析的难度,这与我们在“ Wintel”端点平台系列中看到的情况完全相反。我们还提供了与之前提出的最新Android恶意软件检测方法adagio的基于实验的比较。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号