Using opcode-sequences to detect malicious Android applications

Jérôme, Quentin; Allix, Kevin; State, Radu; Engel, Thomas

doi:10.1109/icc.2014.6883436

Cited by 70 publications

(75 citation statements)

References 22 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the table shows that, in order to achieve the same accuracy value, greater values of n need greater values of k. This aspect is consistent with the findings of [22]. A possible interpretation of this finding is that ngrams greater than 2 may be too specific and thus the classifier tends to overfit.…”

Section: B Experimental Procedures and Resultssupporting

confidence: 80%

See 1 more Smart Citation

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

Canfora

Lorenzo

Medvet

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-With the wide diffusion of smartphones and their usage in a plethora of processes and activities, these devices have been handling an increasing variety of sensitive resources. Attackers are hence producing a large number of malware applications for Android (the most spread mobile platform), often by slightly modifying existing applications, which results in malware being organized in families.Some works in the literature showed that opcodes are informative for detecting malware, not only in the Android platform. In this paper, we investigate if frequencies of ngrams of opcodes are effective in detecting Android malware and if there is some significant malware family for which they are more or less effective. To this end, we designed a method based on state-of-the-art classifiers applied to frequencies of opcodes ngrams. Then, we experimentally evaluated it on a recent dataset composed of 11120 applications, 5560 of which are malware belonging to several different families.Results show that an accuracy of 97% can be obtained on the average, whereas perfect detection rate is achieved for more than one malware family.

show abstract

Section: B Experimental Procedures and Resultssupporting

confidence: 80%

“…Jerome and colleagues [22] proposed a detection mechanism relying on opcode sequences combined with machine learning techniques. They obtain lower performances of detection than our technique and with sequences longer than bi-grams.…”

Section: Related Workmentioning

confidence: 99%

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

Canfora

Lorenzo

Medvet

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…They tested libsvm and SVM classifier with the reduced data set (11,960 malware and 12,905 benign applications) and obtained 0.89% F-measure. However, their approach is not capable to detect completely different malware [15]. Kevin Allix et al [3] devised classifiers that depend on the features set that are designed from the apps control flow graphs.…”

Section: Detection Of Android Malicious Appsmentioning

confidence: 99%

A Survey on the Detection of Android Malicious Apps

Sahay

Sharma

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Android-based smart devices are exponentially growing, and due to the ubiquity of the Internet, these devices are globally connected to the different devices/networks. Its popularity, attractive features, and mobility make malware creator to put number of malicious apps in the market to disrupt and annoy the victims. Although to identify the malicious apps, time-to-time various techniques are proposed. However, it appears that malware developers are always ahead of the anti-malware group, and the proposed techniques by the anti-malware groups are not sufficient to counter the advanced malicious apps. Therefore, to understand the various techniques proposed/used for the identification of Android malicious apps, in this paper, we present a survey conducted by us on the work done by the researchers in this field.

show abstract

“…Applications are often attributed to their developers using certificates tied to the developer's signing credentials, although investigating certificate's information has not been actively studied yet. Very recently, Jerome et al [23] used certificates signing malware to isolate applications as a potential malware set, which showed the possibility of filtering malware with a predefined list of malicious certificates. We hypothesized that certain developers have a significant role in the creation and distribution of malicious apps.…”

Section: Introductionmentioning

confidence: 99%

Detecting and Classifying Android Malware Using Static Analysis along with Creator Information

Kang

Jang

Mohaisen³

et al. 2015

International Journal of Distributed Sensor Networks

116

View full text Add to dashboard Cite

Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy, respectively.

show abstract

Using opcode-sequences to detect malicious Android applications

Cited by 70 publications

References 22 publications

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

A Survey on the Detection of Android Malicious Apps

Detecting and Classifying Android Malware Using Static Analysis along with Creator Information

Contact Info

Product

Resources

About