Key features for the characterization of Android malware families

Sedano, Javier; González, Silvia; Chira, Camelia; Herrero, Álvaro; Corchado, Emilio; Villar, José R.

doi:10.1093/jigpal/jzw046

Cited by 9 publications

(8 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Results from present paper are consistent with those obtained in previous work [30] when applying Feature Selection (FS) to the same dataset. Installation-Repackaging, Activation-SMS, Activation-Boot, Remote Control-NET, and Financial Charges-SMS were identified as the 5 most relevant features in order to characterize malware families, according to a given method of filter-based FS: Minimum-Redundancy Maximum Relevance.…”

Section: Complexitysupporting

confidence: 92%

“…In the later, different pieces of information are analysed, including nodes related to the package name of the application, the Android components that has called the API call, and the names of functions and methods invoked by the application. Differentiating from previous work, in present paper, a novel neural projection technique is applied for the first time to the characterization of Android malware [8,24,30]. Apps are not analysed one by one, but family-level is considered instead.…”

Section: Introduction and Previous Workmentioning

confidence: 99%

See 1 more Smart Citation

Delving into Android Malware Families with a Novel Neural Projection Method

et al. 2019

Self Cite

View full text Add to dashboard Cite

Present research proposes the application of unsupervised and supervised machine-learning techniques to characterize Android malware families. More precisely, a novel unsupervised neural-projection method for dimensionality-reduction, namely, Beta Hebbian Learning (BHL), is applied to visually analyze such malware. Additionally, well-known supervised Decision Trees (DTs) are also applied for the first time in order to improve characterization of such families and compare the original features that are identified as the most important ones. The proposed techniques are validated when facing real-life Android malware data by means of the well-known and publicly available Malgenome dataset. Obtained results support the proposed approach, confirming the validity of BHL and DTs to gain deep knowledge on Android malware.

show abstract

Section: Complexitysupporting

confidence: 92%

Section: Introduction and Previous Workmentioning

confidence: 99%

Delving into Android Malware Families with a Novel Neural Projection Method

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…In addition, other malware use an obfuscation technique or encrypted methods which cannot be read or decrypted unless the app is executed. A set of papers [28][29][30][31][32][33][34][35][36][37][38][39]42,[46][47][48]50,52,53,[55][56][57]59,62,63,[65][66][67] used static analysis. Details on the static features used by the papers were discussed in Section 4, Features.…”

Section: Static Analysismentioning

confidence: 99%

“…A set of papers [33,34,48,52,55] uses features that are related to malware installation such as repackage and update, payload activation such as on booting and receiving calls, and privilege escalation attack such as asroot and exploid families [71]. Moreover, in [33,34,52], they include other features related to financial charges such as SMS and phone calls. Vega et al in [33,34], also include features related to personal information stealing such as phone number.…”

Section: Static Featuresmentioning

confidence: 99%

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

“…Fourth, the performance of typical windowing methods (SNM or MPN) depends strongly on the size of sliding window [21], but they often employ a fixed window size. The larger the fixed window size, the more comparisons are executed, and the lower the overall efficiency gets, however, small size may lead to a high number of missed matches (e.g., the closest entities are not placed in the same window) and to low effectiveness [2,[21][22][23].…”

Section: Introductionmentioning

confidence: 99%

A Type-Based Blocking Technique for Efficient Entity Resolution over Large-Scale Data

Zhu

Jiang

et al. 2018

Journal of Sensors

View full text Add to dashboard Cite

In data integration, entity resolution is an important technique to improve data quality. Existing researches typically assume that the target dataset only contain string-type data and use single similarity metric. For larger high-dimensional dataset, redundant information needs to be verified using traditional blocking or windowing techniques. In this work, we propose a novel ER-resolving method using a hybrid approach, including type-based multiblocks, varying window size, and more flexible similarity metrics. In our new ER workflow, we reduce the searching space for entity pairs by the constraint of redundant attributes and matching likelihood. We develop a reference implementation of our proposed approach and validate its performance using real-life dataset from one Internet of Things project. We evaluate the data processing system using five standard metrics including effectiveness, efficiency, accuracy, recall, and precision. Experimental results indicate that the proposed approach could be a promising alternative for entity resolution and could be feasibly applied in real-world data cleaning for large datasets.

show abstract

Key features for the characterization of Android malware families

Cited by 9 publications

References 21 publications

Delving into Android Malware Families with a Novel Neural Projection Method

Delving into Android Malware Families with a Novel Neural Projection Method

Android Malware Family Classification and Analysis: Current Status and Future Directions

A Type-Based Blocking Technique for Efficient Entity Resolution over Large-Scale Data

Contact Info

Product

Resources

About