Title :
Detection of repackaged Android Malware
Author :
Shahriar, Hossain ; Clincy, Victor
Author_Institution :
Dept. of Comput. Sci., Kennesaw State Univ., Kennesaw, GA, USA
Abstract :
Android applications are widely used by millions of users to perform many activities. Unfortunately, legitimate and popular applications are targeted by malware authors and they repackage the existing applications by injecting additional code intended to perform malicious activities without the knowledge of end users. Thus, it is important to validate applications for possible repackaging before their installation to safeguard end users. This paper presents the detection of repackaged malware application based on Kullback-Leibler Divergence (KLD) metric. Our approach builds the population distribution of a legitimate and suspected repackaged malware application based on a set of Small opcode. A high KLD value indicates that an application is dissimilar compared to an original application, hence likely a repackaged application. The approach has been validated based on real-world malware samples and repackaging them to a legitimate application. The results indicate that KLD values remain high for all the malware when repackaged within a legitimate application, and hence can be used as a suitable metric for detection of new malware.
Keywords :
Android (operating system); invasive software; KLD metric; KLD value; Kullback-Leibler divergence metric; Smali opcode; legitimate repackaged malware application; repackaged Android malware detection; suspected repackaged malware application; Internet; Java; Malware; Servers; Smart phones; Sociology; Statistics; Android malware; Kullback-Leibler divergence; Small opcode; decompliler; information theory; repackaging;
Conference_Titel :
Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for
Conference_Location :
London
DOI :
10.1109/ICITST.2014.7038835
