publication . Part of book or chapter of book . Preprint . 2017

Android Malware Clustering Through Malicious Payload Mining

Yuping Li; Jiyong Jang; Xin Hu; Xinming Ou;
Open Access
  • Published: 15 Jul 2017
  • Publisher: Springer International Publishing
Abstract
Clustering has been well studied for desktop malware analysis as an effective triage method. Conventional similarity-based clustering techniques, however, cannot be immediately applied to Android malware analysis due to the excessive use of third-party libraries in Android application development and the widespread use of repackaging in malware development. We design and implement an Android malware clustering system through iterative mining of malicious payload and checking whether malware samples share the same version of malicious payload. Our system utilizes a hierarchical clustering technique and an efficient bit-vector format to represent Android apps. Exp...
Persistent Identifiers
Subjects
ACM Computing Classification System: ComputingMethodologies_PATTERNRECOGNITIONComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS
free text keywords: Computer Science - Cryptography and Security, Malware, computer.software_genre, computer, Cluster analysis, Payload, Computer science, Malware analysis, Android (operating system), Data mining, Android malware, Android application, Hierarchical clustering
Related Organizations
Funded by
NSF| CAREER: Reasoning under Uncertainty in Cybersecurity
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1622402
,
NSF| TWC SBE TTP: Medium: Bringing Anthropology into Cybersecurity
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1314925
  • Funding stream: Directorate for Computer & Information Science & Engineering | Division of Computer and Network Systems
Download fromView all 2 versions
http://arxiv.org/pdf/1707.0479...
Part of book or chapter of book
Provider: UnpayWall
http://link.springer.com/conte...
Part of book or chapter of book . 2017
Provider: Crossref
33 references, page 1 of 3

1. Allix, K., Bissyande, T.F., Klein, J., Le Traon, Y.: Androzoo: Collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories. pp. 468{471. ACM (2016)

2. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS. vol. 9, pp. 8{11 (2009) [OpenAIRE]

3. Broder, A.Z.: On the resemblance and containment of documents. In: Compression and Complexity of Sequences 1997. Proceedings. pp. 21{29. IEEE (1997)

4. Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proceedings of the 36th International Conference on Software Engineering. pp. 175{186. ACM (2014)

5. Chen, K., Wang, P., Lee, Y., Wang, X., Zhang, N., Huang, H., Zou, W., Liu, P.: Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In: USENIX Security Symposium. vol. 15 (2015)

6. Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Computer Security{ESORICS 2012, pp. 37{54. Springer (2012) [OpenAIRE]

7. Dexdump. http://developer.android.com/tools/help/index.html (2015)

8. Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. pp. 73{84. ACM (2013) [OpenAIRE]

9. Glenn Fowler, Landon Curt Noll, K.P.V.: Fnv hash. http://www.isthe.com/ chongo/tech/comp/fnv/ (2015)

10. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on Mobile systems, applications, and services. pp. 281{294. ACM (2012)

11. Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A scalable system for detecting code reuse among android applications. In: Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 62{81. Springer (2013)

12. Hu, X., Shin, K.G.: DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles. In: Annual Computer Security Applications Conference (2013)

13. Hu, X., Shin, K.G., Bhatkar, S., Gri n, K.: Mutantx-s: Scalable malware clustering based on static features. In: USENIX Annual Technical Conference. pp. 187{198 (2013)

14. Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 309{320. ACM (2011)

15. Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 2007 ACM workshop on Recurring malcode. pp. 46{53. ACM (2007)

33 references, page 1 of 3
Abstract
Clustering has been well studied for desktop malware analysis as an effective triage method. Conventional similarity-based clustering techniques, however, cannot be immediately applied to Android malware analysis due to the excessive use of third-party libraries in Android application development and the widespread use of repackaging in malware development. We design and implement an Android malware clustering system through iterative mining of malicious payload and checking whether malware samples share the same version of malicious payload. Our system utilizes a hierarchical clustering technique and an efficient bit-vector format to represent Android apps. Exp...
Persistent Identifiers
Subjects
ACM Computing Classification System: ComputingMethodologies_PATTERNRECOGNITIONComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS
free text keywords: Computer Science - Cryptography and Security, Malware, computer.software_genre, computer, Cluster analysis, Payload, Computer science, Malware analysis, Android (operating system), Data mining, Android malware, Android application, Hierarchical clustering
Related Organizations
Funded by
NSF| CAREER: Reasoning under Uncertainty in Cybersecurity
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1622402
,
NSF| TWC SBE TTP: Medium: Bringing Anthropology into Cybersecurity
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1314925
  • Funding stream: Directorate for Computer & Information Science & Engineering | Division of Computer and Network Systems
Download fromView all 2 versions
http://arxiv.org/pdf/1707.0479...
Part of book or chapter of book
Provider: UnpayWall
http://link.springer.com/conte...
Part of book or chapter of book . 2017
Provider: Crossref
33 references, page 1 of 3

1. Allix, K., Bissyande, T.F., Klein, J., Le Traon, Y.: Androzoo: Collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories. pp. 468{471. ACM (2016)

2. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS. vol. 9, pp. 8{11 (2009) [OpenAIRE]

3. Broder, A.Z.: On the resemblance and containment of documents. In: Compression and Complexity of Sequences 1997. Proceedings. pp. 21{29. IEEE (1997)

4. Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proceedings of the 36th International Conference on Software Engineering. pp. 175{186. ACM (2014)

5. Chen, K., Wang, P., Lee, Y., Wang, X., Zhang, N., Huang, H., Zou, W., Liu, P.: Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In: USENIX Security Symposium. vol. 15 (2015)

6. Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Computer Security{ESORICS 2012, pp. 37{54. Springer (2012) [OpenAIRE]

7. Dexdump. http://developer.android.com/tools/help/index.html (2015)

8. Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. pp. 73{84. ACM (2013) [OpenAIRE]

9. Glenn Fowler, Landon Curt Noll, K.P.V.: Fnv hash. http://www.isthe.com/ chongo/tech/comp/fnv/ (2015)

10. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on Mobile systems, applications, and services. pp. 281{294. ACM (2012)

11. Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A scalable system for detecting code reuse among android applications. In: Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 62{81. Springer (2013)

12. Hu, X., Shin, K.G.: DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles. In: Annual Computer Security Applications Conference (2013)

13. Hu, X., Shin, K.G., Bhatkar, S., Gri n, K.: Mutantx-s: Scalable malware clustering based on static features. In: USENIX Annual Technical Conference. pp. 187{198 (2013)

14. Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 309{320. ACM (2011)

15. Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 2007 ACM workshop on Recurring malcode. pp. 46{53. ACM (2007)

33 references, page 1 of 3
Any information missing or wrong?Report an Issue