• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >EC2: Ensemble Clustering and Classification for Predicting Android Malware Families
【24h】

EC2: Ensemble Clustering and Classification for Predicting Android Malware Families

机译:EC2:Ensemble群集和分类,用于预测Android恶意软件系列

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

As the most widely used mobile platform, Android is also the biggest target for mobile malware. Given the increasing number of Android malware variants, detecting malware families is crucial so that security analysts can identify situations where signatures of a known malware family can be adapted as opposed to manually inspecting behavior of all samples. We present EC2 (Ensemble Clustering and Classification), a novel algorithm for discovering Android malware families of varying sizes-ranging from very large to very small families (even if previously unseen). We present a performance comparison of several traditional classification and clustering algorithms for Android malware family identification on DREBIN, the largest public Android malware dataset with labeled families. We use the output of both supervised classifiers and unsupervised clustering to design EC2. Experimental results on both the DREBIN and the more recent Koodous malware datasets show that EC2 accurately detects both small and large families, outperforming several comparative baselines. Furthermore, we show how to automatically characterize and explain unique behaviors of specific malware families, such as FakeInstaller, MobileTx, Geinimi. In short, EC2 presents an early warning system for emerging new malware families, as well as a robust predictor of the family (when it is not new) to which a new malware sample belongs, and the design of novel strategies for data-driven understanding of malware behaviors.
机译:作为最广泛使用的移动平台,Android也是移动恶意软件的最大目标。鉴于越来越多的Android恶意软件变体,检测恶意软件系列是至关重要的,因此安全分析师可以识别可以调整已知恶意软件系列的签名的情况,而不是手动检查所有样本的行为。我们呈现EC2(集群聚类和分类),这是一种用于发现Android恶意软件系列的新型算法,从非常大到非常小的家庭(即使以前看过)。我们展示了多个传统分类和聚类算法的绩效比较,在Drebin上是一个具有标有标签家庭的最大的公共Android恶意软件数据集的Android Malware系列识别。我们使用监督分类器的输出和无监督的聚类来设计EC2。 DRebin和最近的古老恶意软件数据集的实验结果表明,EC2精确地检测到小型和大型家庭,优于几种比较基线​​。此外,我们展示了如何自动表征和解释特定恶意软件系列的独特行为,例如伪劣的Mobiletx,Geinimi。简而言之,EC2提出了一个用于新兴恶意软件系列的预警系统,以及新的恶意软件样本所属的家庭(当不是新的),以及数据驱动理解的新策略的设计恶意软件行为。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号