Identifying Unknown Android Malware with Feature Extractions and Classification Techniques

Ludovic Apvrille 1, 2 Axelle Apvrille
1 LabSoC - System on Chip
LTCI - Laboratoire Traitement et Communication de l'Information
Abstract :

ndroid malware unfortunately have little dif- ficulty to sneak in marketplaces. While known malware and their variants are nowadays quite well detected by anti-virus scanners, new unknown malware, which are fundamentally different from others (e.g. ”0-day”), remain an issue. To discover such new malware, the SherlockDroid framework filters masses of applications and only keeps the most likely to be malicious for future inspection by anti-virus teams. Apart from crawling applications from marketplaces, SherlockDroid extracts code-level features, and then classifies unknown applications with Alligator. Alligator is a classification tool that efficiently and automatically combines several classification algorithms. To demonstrate the efficiency of our approach, we have extracted properties and classified over 600,000 applications during two crawling campaigns in July 2014 and October 2014, with the detection of one new malware, Android/Odpa.A!tr.spy, and two new riskware. With other findings, this increases SherlockDroid’s ”Hall of Shame” to 9 totally unknown malware and potentially unwanted applications.

Complete list of metadatas

https://hal.telecom-paristech.fr/hal-02287142
Contributor : Telecomparis Hal <>
Submitted on : Friday, September 13, 2019 - 4:38:36 PM
Last modification on : Thursday, October 17, 2019 - 12:37:00 PM

Identifiers

  • HAL Id : hal-02287142, version 1

Citation

Ludovic Apvrille, Axelle Apvrille. Identifying Unknown Android Malware with Feature Extractions and Classification Techniques. The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Aug 2015, Helsinki, Finland. ⟨hal-02287142⟩

Share

Metrics

Record views

3