DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware
作者: Zhiqiang Li , Lichao Sun , Qiben Yan , Witawas Srisa-an , Zhenxiang Chen
DOI: 10.1007/978-3-319-59608-2_33
关键词:
摘要: A recent report has shown that there are more than 5,000 malicious applications created for Android devices each day. This creates a need researchers to develop effective and efficient malware classification detection approaches. To address this need, we introduce DroidClassifier: systematic framework classifying network traffic generated by mobile malware. Our approach utilizes analysis construct multiple models in an automated fashion using supervised method over set of labeled (the training dataset). Each model is built extracting common identifiers from HTTP header fields. Adaptive thresholds designed capture the disparate characteristics different families. Clustering then used improve efficiency. Finally, aggregate holistic conduct cluster-level classification. We perform comprehensive evaluation DroidClassifier 706 samples as 657 5,215 benign apps testing set. Collectively, these generate 17,949 flows. The results show successfully identifies 90% families with accuracy accessible computational cost. Thus, can facilitate management large network, enable unobtrusive By focusing on analyzing behaviors, expect work reasonable other platforms such iOS Windows Mobile well.
springer.com
sci-hub.st 参考文章(31)
Nizar Kheir, Analyzing HTTP User Agent Anomalies for Malware Detection DPM/SETOP. pp. 187- 200 ,(2012) , 10.1007/978-3-642-35890-6_14
Qiang Xu, Yong Liao, Stanislav Miskovic, Z. Morley Mao, Mario Baldi, Antonio Nucci, Thomas Andrews, Automatic generation of mobile app signatures from traffic observations 2015 IEEE Conference on Computer Communications (INFOCOM). pp. 1481- 1489 ,(2015) , 10.1109/INFOCOM.2015.7218526
M. Zubair Rafique, Juan Caballero, FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors recent advances in intrusion detection. pp. 144- 163 ,(2013) , 10.1007/978-3-642-41284-4_8
Jialong Zhang, Sabyasachi Saha, Guofei Gu, Sung-Ju Lee, Marco Mellia, Systematic Mining of Associated Server Herds for Malware Campaign Discovery international conference on distributed computing systems. pp. 630- 641 ,(2015) , 10.1109/ICDCS.2015.70
Dan Pelleg, Andrew W. Moore, X-means: Extending K-means with Efficient Estimation of the Number of Clusters international conference on machine learning. pp. 727- 734 ,(2000)
Roberto Perdisci, Nick Feamster, Wenke Lee, Behavioral clustering of HTTP-based malware and signature generation using malicious network traces networked systems design and implementation. pp. 26- 26 ,(2010) , 10.5555/1855711.1855737
Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda, Automatically generating models for botnet detection european symposium on research in computer security. pp. 232- 249 ,(2009) , 10.1007/978-3-642-04444-1_15
Asaf Shabtai, Uri Kanonov, Yuval Elovici, Chanan Glezer, Yael Weiss, Andromaly: a behavioral malware detection framework for android devices intelligent information systems. ,vol. 38, pp. 161- 190 ,(2012) , 10.1007/S10844-010-0148-X
S. Nari, A. A. Ghorbani, Automated malware classification based on network behavior 2013 International Conference on Computing, Networking and Communications (ICNC). pp. 642- 647 ,(2013) , 10.1109/ICCNC.2013.6504162
Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, Binyu Zang, Vetting undesirable behaviors in android apps with permission use analysis computer and communications security. pp. 611- 622 ,(2013) , 10.1145/2508859.2516689