Android malware detection using multivariate time-series technique

Kim, Ki-Hyeon; Choi, Mi-Jung

doi:10.1109/apnoms.2015.7275426

Cited by 10 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As noted in [41], due to the nature of network traffic and their distributions, (auto-)regressive models struggle to accurately capture them. Kim et al [30] use a multi-variate time-series regression model on host-based resource consumption, such as CPU and memory usage (not network traffic) to identify Android malware. Conti et al [17] propose a method to detect the action performed by Android applications using raw sequential features.…”

Section: Challenges In Malware Behavior Modelingmentioning

confidence: 99%

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Nadeem

Hammerschmidt

Gañán

et al. 2020

Malware Analysis Using Artificial Intelligence and Deep Learning

View full text Add to dashboard Cite

Malware family labels are known to be inconsistent. They are also blackbox since they do not represent the capabilities of malware. The current state of the art in malware capability assessment includes mostly manual approaches, which are infeasible due to the ever-increasing volume of discovered malware samples. We propose a novel unsupervised machine learning-based method called MalPaCA, which automates capability assessment by clustering the temporal behavior in malware's network traces. MalPaCA provides meaningful behavioral clusters using only 20 packet headers. Behavioral profiles are generated based on the cluster membership of malware's network traces. A Directed Acyclic Graph shows the relationship between malwares according to their overlapping behaviors. The behavioral profiles together with the DAG provide more insightful characterization of malware than current family designations. We also propose a visualization-based evaluation method for the obtained clusters to assist practitioners in understanding the clustering results. We apply MalPaCA on a financial malware dataset collected in the wild that comprises 1.1 k malware samples resulting in 3.6 M packets. Our experiments show that (i) MalPaCA successfully identifies capabilities, such as port scans and reuse of Command and Control servers; (ii) It uncovers multiple discrepancies between behavioral clusters and malware family labels; and (iii) It demonstrates the effectiveness of clustering traces using temporal features by producing an error rate of 8.3%, compared to 57.5% obtained from statistical features.

show abstract

Section: Challenges In Malware Behavior Modelingmentioning

confidence: 99%

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Nadeem

Hammerschmidt

Gañán

et al. 2020

Malware Analysis Using Artificial Intelligence and Deep Learning

View full text Add to dashboard Cite

show abstract

“…However, to the best of our knowledge, very few multivariate-based malware detection proposals are deployed in the literature at present. So far, as a single example of this, we can cite [47], which is poor from the perspective of the actual capabilities argued for multivariate methodologies.…”

Section: Related Workmentioning

confidence: 99%

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

et al. 2018

View full text Add to dashboard Cite

show abstract

“…It deploys suitable monitors on Android systems to log traces and features that are used to look for malicious behaviours. Examples of these are [21], which keeps track of the network traffic or [24], which collects information about the usage of network usage, memory and CPU.…”

Section: Related Workmentioning

confidence: 99%

Automated generation of colluding apps for experimental research

Blasco

2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and noncolluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.

show abstract

Android malware detection using multivariate time-series technique

Cited by 10 publications

References 6 publications

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

Automated generation of colluding apps for experimental research

Contact Info

Product

Resources

About