Detecting and classifying android malware using static analysis along with creator information

Hyunjae Kang, Jae Wook Jang, Aziz Mohaisen, Huy Kang Kim

Research output: Contribution to journalArticle

44 Citations (Scopus)

Abstract

Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy, respectively.

Original languageEnglish
Article number479174
JournalInternational Journal of Distributed Sensor Networks
Volume2015
DOIs
Publication statusPublished - 2015

Fingerprint

Static analysis
Mobile devices
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Engineering(all)

Cite this

Detecting and classifying android malware using static analysis along with creator information. / Kang, Hyunjae; Jang, Jae Wook; Mohaisen, Aziz; Kim, Huy Kang.

In: International Journal of Distributed Sensor Networks, Vol. 2015, 479174, 2015.

Research output: Contribution to journalArticle

@article{d6398e38e069482e9136176982058de6,
title = "Detecting and classifying android malware using static analysis along with creator information",
abstract = "Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98{\%} and 90{\%} accuracy, respectively.",
author = "Hyunjae Kang and Jang, {Jae Wook} and Aziz Mohaisen and Kim, {Huy Kang}",
year = "2015",
doi = "10.1155/2015/479174",
language = "English",
volume = "2015",
journal = "International Journal of Distributed Sensor Networks",
issn = "1550-1329",
publisher = "SAGE Publications Inc.",

}

TY - JOUR

T1 - Detecting and classifying android malware using static analysis along with creator information

AU - Kang, Hyunjae

AU - Jang, Jae Wook

AU - Mohaisen, Aziz

AU - Kim, Huy Kang

PY - 2015

Y1 - 2015

N2 - Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy, respectively.

AB - Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors; however previous studies overlooked such information as a feature in detecting and classifying malware and in attributing malware to creators. Guided by this insight, we propose a method to improve the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy, respectively.

UR - http://www.scopus.com/inward/record.url?scp=84935006694&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84935006694&partnerID=8YFLogxK

U2 - 10.1155/2015/479174

DO - 10.1155/2015/479174

M3 - Article

VL - 2015

JO - International Journal of Distributed Sensor Networks

JF - International Journal of Distributed Sensor Networks

SN - 1550-1329

M1 - 479174

ER -