TY - GEN
T1 - DroidGraph
T2 - 2014 IEEE Conference on Communications and Network Security, CNS 2014
AU - Kwon, Jonghoon
AU - Jeong, Jihwan
AU - Lee, Jehyun
AU - Lee, Heejo
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/23
Y1 - 2014/12/23
N2 - Mobile malware has been recently recognized as a significant problem in accordance with the rapid growth of the market share for smartphones. Despite of the numerous efforts to thwart the growth of mobile malware, the number of mobile malware is getting increased by evolving themselves. By applying, for example, code obfuscation or junk code insertion, mobile malware is able to manipulate its appearance while maintains the same functionality, thus mobile malware can easily evade the existing anti-mobile-malware solutions. In this paper, we focus on Android malware and propose a new method called DroidGraph to discover the evolved Android malware. DroidGraph leverages the semantics of Android malware. More precisely, we transform an APK file for Android malware to hierarchical behavior graphs that represent with 136 identical nodes based on the semantics of Android API calls. Then, we select unique behavior graphs as semantic signatures describing common behaviors for Android malware. In evaluation, DroidGraph shows approximately 87% of detection accuracy with only 40 semantic signatures against 260 real-world Android malware, and no false positives for 3,623 benign applications.
AB - Mobile malware has been recently recognized as a significant problem in accordance with the rapid growth of the market share for smartphones. Despite of the numerous efforts to thwart the growth of mobile malware, the number of mobile malware is getting increased by evolving themselves. By applying, for example, code obfuscation or junk code insertion, mobile malware is able to manipulate its appearance while maintains the same functionality, thus mobile malware can easily evade the existing anti-mobile-malware solutions. In this paper, we focus on Android malware and propose a new method called DroidGraph to discover the evolved Android malware. DroidGraph leverages the semantics of Android malware. More precisely, we transform an APK file for Android malware to hierarchical behavior graphs that represent with 136 identical nodes based on the semantics of Android API calls. Then, we select unique behavior graphs as semantic signatures describing common behaviors for Android malware. In evaluation, DroidGraph shows approximately 87% of detection accuracy with only 40 semantic signatures against 260 real-world Android malware, and no false positives for 3,623 benign applications.
KW - Android Malware
KW - Semantic Analysis
UR - http://www.scopus.com/inward/record.url?scp=84921447157&partnerID=8YFLogxK
U2 - 10.1109/CNS.2014.6997523
DO - 10.1109/CNS.2014.6997523
M3 - Conference contribution
AN - SCOPUS:84921447157
T3 - 2014 IEEE Conference on Communications and Network Security, CNS 2014
SP - 498
EP - 499
BT - 2014 IEEE Conference on Communications and Network Security, CNS 2014
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 29 October 2014 through 31 October 2014
ER -