A multi-view context-aware approach to Android malware detection and malicious code localization

摘要: Many existing Machine Learning (ML) based Android malware detection approaches use a variety of features such as security-sensitive APIs, system calls, control-flow structures and information flows in conjunction with ML classifiers to achieve accurate detection. Each these feature sets provides unique semantic perspective (or view) apps’ behaviors inherent strengths limitations. Meaning, some views are more amenable detect certain attacks but may not be suitable characterize several other attacks. Most the only one selected few) aforementioned which prevents them from detecting vast majority Addressing this limitation, we propose MKLDroid, unified framework that systematically integrates multiple apps for performing comprehensive malicious code localization. The rationale is that, while app can disguise itself views, disguising every view maintaining intent will much harder. MKLDroid uses graph kernel capture structural contextual dependency graphs identify malice patterns each view. Subsequently, it employs Multiple Kernel (MKL) find weighted combination yields best accuracy. Besides multi-view learning, MKLDroid’s salient trait its ability locate fine-grained portions (e.g., methods/classes). Malicious localization caters important applications supporting human analysts studying behaviors, engineering signatures, counter-measures. Through our large-scale experiments on datasets (incl. wild apps), demonstrate outperforms three state-of-the-art techniques consistently, terms accuracy comparable efficiency. In dataset repackaged malware, was able all classes 94% average recall. Our work opens up two new avenues research: (i) enables research community elegantly look at perspectives simultaneously, (ii) precise scalable