Title :
Detect Android Malware Variants Using Component Based Topology Graph
Author :
Tong Shen ; Yibing Zhongyang ; Zhi Xin ; Bing Mao ; Hao Huang
Author_Institution :
Dept. of Comput. Sci. & Technol., Nanjing Univ., Nanjing, China
Abstract :
Smartphone has experienced explosive growth recently. At present, Android system is the most popular mobile platform and attracts lots of developers as well as malware authors. In order to evade detection, malware authors often apply obfuscation techniques to morph malware. Since traditional malware detectors are based on pure syntax, they may fail to detect obfuscated malware variants. We present a novel signature, topology graph based on Android components, which could model malicious payloads properly and resist against common obfuscation used by hackers. We performe stress test on security tools provided by Virus total with ten kinds of malware families from Android Malware Genome Project. Unfortunately, the result is not optimistic that obfuscated malware samples evade most of security tools. Nevertheless, 86.36% of obfuscated malware samples we tested are caught by our detector with tolerable false positive. The evaluation demonstrates that our approach is able to detect malware variants generated by common obfuscation techniques.
Keywords :
graph theory; invasive software; program testing; smart phones; Android Malware Genome Project; Android components; Android malware variants detection; component based topology graph; malicious payloads; obfuscated malware; security tools; stress test; Androids; Humanoid robots; Malware; Payloads; Receivers; Smart phones; Topology; component; malware; obfuscation; topology graph;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.52
