TY - GEN
T1 - Frequent Subgraph Based Familial Classification of Android Malware
AU - Fan, Ming
AU - Liu, Jun
AU - Luo, Xiapu
AU - Chen, Kai
AU - Chen, Tianyi
AU - Tian, Zhenzhou
AU - Zhang, Xiaodong
AU - Zheng, Qinghua
AU - Liu, Ting
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/5
Y1 - 2016/12/5
N2 - The rapid growth of Android malware poses great challenges to anti-malware systems because the sheer number of malware samples overwhelm malware analysis systems. A promising approach for speeding up malware analysis is to classify malware samples into families so that the common features in malwares belonging to the same family can be exploited for malware detection and inspection. However, the accuracy of existing classification solutions is limited because of two reasons. First, since the majority of Android malware is constructed by inserting malicious components into popular apps, the malware's legitimate part may misguide the classification algorithms. Second, the polymorphic variants of Android malware could evade the detection by employing transformation attacks. In this paper, we propose a novel approach that constructs frequent subgraph (fregraph) to represent the common behaviors of malwares in the same family for familial classification of Android malware. Moreover, we propose and develop FalDroid, an automatic system for classifying Android malware according to fregraph, and apply it to 6,565 malware samples from 30 families. The experimental results show that FalDroid can correctly classify 94.5% malwares into their families using around 4.4s per app.
AB - The rapid growth of Android malware poses great challenges to anti-malware systems because the sheer number of malware samples overwhelm malware analysis systems. A promising approach for speeding up malware analysis is to classify malware samples into families so that the common features in malwares belonging to the same family can be exploited for malware detection and inspection. However, the accuracy of existing classification solutions is limited because of two reasons. First, since the majority of Android malware is constructed by inserting malicious components into popular apps, the malware's legitimate part may misguide the classification algorithms. Second, the polymorphic variants of Android malware could evade the detection by employing transformation attacks. In this paper, we propose a novel approach that constructs frequent subgraph (fregraph) to represent the common behaviors of malwares in the same family for familial classification of Android malware. Moreover, we propose and develop FalDroid, an automatic system for classifying Android malware according to fregraph, and apply it to 6,565 malware samples from 30 families. The experimental results show that FalDroid can correctly classify 94.5% malwares into their families using around 4.4s per app.
KW - Android malware
KW - clustering
KW - familial classification
KW - frequent subgraph
KW - sensitive API
UR - https://www.scopus.com/pages/publications/85013347530
U2 - 10.1109/ISSRE.2016.14
DO - 10.1109/ISSRE.2016.14
M3 - 会议稿件
AN - SCOPUS:85013347530
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 24
EP - 35
BT - Proceedings - 2016 IEEE 27th International Symposium on Software Reliability Engineering, ISSRE 2016
PB - IEEE Computer Society
T2 - 27th IEEE International Symposium on Software Reliability Engineering, ISSRE 2016
Y2 - 23 October 2016 through 27 October 2016
ER -