Pre-filtering Mobile Malware with Heuristic Techniques - Télécom Paris Accéder directement au contenu
Communication Dans Un Congrès Année : 2013

Pre-filtering Mobile Malware with Heuristic Techniques

Résumé

With huge amounts of new Android applications released every day, in dozens of different marketplaces, Android malware unfor- tunately have no difficulty to sneak in and silently spread, and put a high pressure on antivirus teams. To try and spot them more easily, we built an infrastructure, named SherlockDroid, whose goal is to filter out the mass of applications and only keep those which are the most likely to be malicious for future inspection by anti-virus teams. SherlockDroid is made of marketplace crawlers, code-level property extractors and a data mining software which decides whether the sample looks malicious or not. This data mining part is named Alligator, and is the main focus of the paper. Alligator classifies samples using clustering techniques. It first relies on a learning phase that determines the intermediate scores to apply to clustering algorithms of Alligator. Second, an operational phase classifies new samples using previously selected algorithms and scores. Alligator has been trained over an extensive set of both genuine Android applications and known malware. Then, it was tested for proactiveness, over new and more recent applications. The results are very encouraging and demonstrate the efficiency of this first heuristics engine for efficiently pre-filtering Android malware.
Fichier non déposé

Dates et versions

hal-02286857 , version 1 (13-09-2019)

Identifiants

  • HAL Id : hal-02286857 , version 1

Citer

Ludovic Apvrille, Axelle Apvrille. Pre-filtering Mobile Malware with Heuristic Techniques. GreHaCk'2013, Nov 2013, Grenoble, France. ⟨hal-02286857⟩
35 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More