Andro-Simnet: Android Malware Family Classification using Social Network Analysis

Hye Min Kim, Hyun Min Song, Jae Woo Seo, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.

Original languageEnglish
Title of host publication2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
EditorsRobert H. Deng, Stephen Marsh, Jason Nurse, Rongxing Lu, Sakir Sezer, Paul Miller, Liqun Chen, Kieran McLaughlin, Ali Ghorbani
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538674932
DOIs
Publication statusPublished - 2018 Oct 29
Event16th Annual Conference on Privacy, Security and Trust, PST 2018 - Belfast, Northern Ireland, United Kingdom
Duration: 2018 Aug 282018 Aug 30

Publication series

Name2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

Conference

Conference16th Annual Conference on Privacy, Security and Trust, PST 2018
CountryUnited Kingdom
CityBelfast, Northern Ireland
Period18/8/2818/8/30

Keywords

  • machine learning
  • malware classification
  • malware similarity
  • social network analysis

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Andro-Simnet: Android Malware Family Classification using Social Network Analysis'. Together they form a unique fingerprint.

  • Cite this

    Kim, H. M., Song, H. M., Seo, J. W., & Kim, H. K. (2018). Andro-Simnet: Android Malware Family Classification using Social Network Analysis. In R. H. Deng, S. Marsh, J. Nurse, R. Lu, S. Sezer, P. Miller, L. Chen, K. McLaughlin, & A. Ghorbani (Eds.), 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018 [8514216] (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2018.8514216