Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information

Jae Wook Jang, Hyunjae Kang, Jiyoung Woo, Aziz Mohaisen, Huy Kang Kim

Research output: Contribution to journalArticle

27 Citations (Scopus)

Abstract

With the fast growth in mobile technologies and the accompanied rise of the integration of such technologies into our everyday life, mobile security is viewed as one of the most prominent areas and is being addressed accordingly. For that, and especially to address the threat associated with malware, various malware-centric analysis methods are developed in the literature to identify, classify, and defend against mobile threats and malicious actors. However, along with this development, anti-malware analysis techniques, such as packing, dynamic loading, and dex encryption, have seen wide adoption, making existing malware-centric analysis methods less effective. In this paper, we propose a feature-rich hybrid anti-malware system, called Andro-Dumpsys, which leverages volatile memory acquisition for accurate malware detection and classification. Andro-Dumpsys is based on similarity matching of malware creator-centric and malware-centric information. Using Andro-Dumpsys, we detect and classify malware samples into similar behavior groups by exploiting their footprints, which are equivalent to unique behavior characteristics. Our experimental results demonstrate that Andro-Dumpsys is scalable, and performs well in detecting malware and classifying malware families with low false positives and false negatives, and is capable of responding zero-day threats.

Original languageEnglish
Pages (from-to)125-138
Number of pages14
JournalComputers and Security
Volume58
DOIs
Publication statusPublished - 2016 May 1

Keywords

  • Android
  • Malware creator centric information
  • Mobile malware
  • Similarity
  • Volatile memory acquisition

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Fingerprint Dive into the research topics of 'Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information'. Together they form a unique fingerprint.

  • Cite this