Andro-Simnet: Android Malware Family Classification using Social Network Analysis

Hye Min Kim, Hyun Min Song, Jae Woo Seo, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.

Original languageEnglish
Title of host publication2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
EditorsRobert H. Deng, Stephen Marsh, Jason Nurse, Rongxing Lu, Sakir Sezer, Paul Miller, Liqun Chen, Kieran McLaughlin, Ali Ghorbani
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538674932
DOIs
Publication statusPublished - 2018 Oct 29
Event16th Annual Conference on Privacy, Security and Trust, PST 2018 - Belfast, Northern Ireland, United Kingdom
Duration: 2018 Aug 282018 Aug 30

Publication series

Name2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

Conference

Conference16th Annual Conference on Privacy, Security and Trust, PST 2018
CountryUnited Kingdom
CityBelfast, Northern Ireland
Period18/8/2818/8/30

Fingerprint

Electric network analysis
Malware
Social network analysis
Mobile devices
Computer systems
Similarity measure

Keywords

  • machine learning
  • malware classification
  • malware similarity
  • social network analysis

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Kim, H. M., Song, H. M., Seo, J. W., & Kim, H. K. (2018). Andro-Simnet: Android Malware Family Classification using Social Network Analysis. In R. H. Deng, S. Marsh, J. Nurse, R. Lu, S. Sezer, P. Miller, L. Chen, K. McLaughlin, ... A. Ghorbani (Eds.), 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018 [8514216] (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2018.8514216

Andro-Simnet : Android Malware Family Classification using Social Network Analysis. / Kim, Hye Min; Song, Hyun Min; Seo, Jae Woo; Kim, Huy Kang.

2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. ed. / Robert H. Deng; Stephen Marsh; Jason Nurse; Rongxing Lu; Sakir Sezer; Paul Miller; Liqun Chen; Kieran McLaughlin; Ali Ghorbani. Institute of Electrical and Electronics Engineers Inc., 2018. 8514216 (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, HM, Song, HM, Seo, JW & Kim, HK 2018, Andro-Simnet: Android Malware Family Classification using Social Network Analysis. in RH Deng, S Marsh, J Nurse, R Lu, S Sezer, P Miller, L Chen, K McLaughlin & A Ghorbani (eds), 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018., 8514216, 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018, Institute of Electrical and Electronics Engineers Inc., 16th Annual Conference on Privacy, Security and Trust, PST 2018, Belfast, Northern Ireland, United Kingdom, 18/8/28. https://doi.org/10.1109/PST.2018.8514216
Kim HM, Song HM, Seo JW, Kim HK. Andro-Simnet: Android Malware Family Classification using Social Network Analysis. In Deng RH, Marsh S, Nurse J, Lu R, Sezer S, Miller P, Chen L, McLaughlin K, Ghorbani A, editors, 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. Institute of Electrical and Electronics Engineers Inc. 2018. 8514216. (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018). https://doi.org/10.1109/PST.2018.8514216
Kim, Hye Min ; Song, Hyun Min ; Seo, Jae Woo ; Kim, Huy Kang. / Andro-Simnet : Android Malware Family Classification using Social Network Analysis. 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. editor / Robert H. Deng ; Stephen Marsh ; Jason Nurse ; Rongxing Lu ; Sakir Sezer ; Paul Miller ; Liqun Chen ; Kieran McLaughlin ; Ali Ghorbani. Institute of Electrical and Electronics Engineers Inc., 2018. (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018).
@inproceedings{254a2fe6ffae4981be7b481d125b608f,
title = "Andro-Simnet: Android Malware Family Classification using Social Network Analysis",
abstract = "While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97{\%} accuracy for malware classification and 95{\%} accuracy for prediction by K-fold cross-validation using the real malware dataset.",
keywords = "machine learning, malware classification, malware similarity, social network analysis",
author = "Kim, {Hye Min} and Song, {Hyun Min} and Seo, {Jae Woo} and Kim, {Huy Kang}",
year = "2018",
month = "10",
day = "29",
doi = "10.1109/PST.2018.8514216",
language = "English",
series = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
editor = "Deng, {Robert H.} and Stephen Marsh and Jason Nurse and Rongxing Lu and Sakir Sezer and Paul Miller and Liqun Chen and Kieran McLaughlin and Ali Ghorbani",
booktitle = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",

}

TY - GEN

T1 - Andro-Simnet

T2 - Android Malware Family Classification using Social Network Analysis

AU - Kim, Hye Min

AU - Song, Hyun Min

AU - Seo, Jae Woo

AU - Kim, Huy Kang

PY - 2018/10/29

Y1 - 2018/10/29

N2 - While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.

AB - While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.

KW - machine learning

KW - malware classification

KW - malware similarity

KW - social network analysis

UR - http://www.scopus.com/inward/record.url?scp=85063471053&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063471053&partnerID=8YFLogxK

U2 - 10.1109/PST.2018.8514216

DO - 10.1109/PST.2018.8514216

M3 - Conference contribution

AN - SCOPUS:85063471053

T3 - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

BT - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

A2 - Deng, Robert H.

A2 - Marsh, Stephen

A2 - Nurse, Jason

A2 - Lu, Rongxing

A2 - Sezer, Sakir

A2 - Miller, Paul

A2 - Chen, Liqun

A2 - McLaughlin, Kieran

A2 - Ghorbani, Ali

PB - Institute of Electrical and Electronics Engineers Inc.

ER -