DroidScribe: Classifying Android Malware Based on Runtime Behavior. / Dash, Santanu; Suarez-Tangil, Guillermo; Khan, Salahuddin; Tam, Kimberly; Ahmadi, Mansour; Kinder, Johannes; Cavallaro, Lorenzo.

Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016). IEEE, 2016. p. 252-261.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

DroidScribe: Classifying Android Malware Based on Runtime Behavior. / Dash, Santanu; Suarez-Tangil, Guillermo; Khan, Salahuddin; Tam, Kimberly; Ahmadi, Mansour; Kinder, Johannes; Cavallaro, Lorenzo.

Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016). IEEE, 2016. p. 252-261.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Dash, S, Suarez-Tangil, G, Khan, S, Tam, K, Ahmadi, M, Kinder, J & Cavallaro, L 2016, DroidScribe: Classifying Android Malware Based on Runtime Behavior. in Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016). IEEE, pp. 252-261, Mobile Security Technologies (MoST 2016), San José, United States, 26/05/16. https://doi.org/10.1109/SPW.2016.25

APA

Dash, S., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., & Cavallaro, L. (2016). DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016) (pp. 252-261). IEEE. https://doi.org/10.1109/SPW.2016.25

Vancouver

Dash S, Suarez-Tangil G, Khan S, Tam K, Ahmadi M, Kinder J et al. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016). IEEE. 2016. p. 252-261 https://doi.org/10.1109/SPW.2016.25

Author

Dash, Santanu ; Suarez-Tangil, Guillermo ; Khan, Salahuddin ; Tam, Kimberly ; Ahmadi, Mansour ; Kinder, Johannes ; Cavallaro, Lorenzo. / DroidScribe: Classifying Android Malware Based on Runtime Behavior. Security and Privacy Workshops (SPW), 2016 IEEE: Mobile Security Technologies (MoST 2016). IEEE, 2016. pp. 252-261

BibTeX

@inproceedings{aa0df639998f45b7ba185cb98b5566f6,
title = "DroidScribe: Classifying Android Malware Based on Runtime Behavior",
abstract = "The Android ecosystem has witnessed a surge in malware, which not only puts mobile devices at risk but also increases the burden on malware analysts assessing and catego- rizing threats. In this paper, we show how to use machine learning to automatically classify Android malware samples into families with high accuracy, while observing only their runtime behavior. We focus exclusively on dynamic analysis of runtime behavior to provide a clean point of comparison that is dual to static approaches. Specific challenges in the use of dynamic analysis on Android are the limited information gained from tracking low-level events and the imperfect coverage when testing apps, e.g., due to inactive command and control servers. We observe that on Android, pure system calls do not carry enough semantic content for classification and instead rely on lightweight virtual machine introspection to also reconstruct Android-level inter- process communication. To address the sparsity of data resulting from low coverage, we introduce a novel classification method that fuses Support Vector Machines with Conformal Prediction to generate high-accuracy prediction sets where the information is insufficient to pinpoint a single family.",
author = "Santanu Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro",
year = "2016",
month = aug,
day = "4",
doi = "10.1109/SPW.2016.25",
language = "English",
pages = "252--261",
booktitle = "Security and Privacy Workshops (SPW), 2016 IEEE",
publisher = "IEEE",
note = "Mobile Security Technologies (MoST 2016) ; Conference date: 26-05-2016",

}

RIS

TY - GEN

T1 - DroidScribe: Classifying Android Malware Based on Runtime Behavior

AU - Dash, Santanu

AU - Suarez-Tangil, Guillermo

AU - Khan, Salahuddin

AU - Tam, Kimberly

AU - Ahmadi, Mansour

AU - Kinder, Johannes

AU - Cavallaro, Lorenzo

PY - 2016/8/4

Y1 - 2016/8/4

N2 - The Android ecosystem has witnessed a surge in malware, which not only puts mobile devices at risk but also increases the burden on malware analysts assessing and catego- rizing threats. In this paper, we show how to use machine learning to automatically classify Android malware samples into families with high accuracy, while observing only their runtime behavior. We focus exclusively on dynamic analysis of runtime behavior to provide a clean point of comparison that is dual to static approaches. Specific challenges in the use of dynamic analysis on Android are the limited information gained from tracking low-level events and the imperfect coverage when testing apps, e.g., due to inactive command and control servers. We observe that on Android, pure system calls do not carry enough semantic content for classification and instead rely on lightweight virtual machine introspection to also reconstruct Android-level inter- process communication. To address the sparsity of data resulting from low coverage, we introduce a novel classification method that fuses Support Vector Machines with Conformal Prediction to generate high-accuracy prediction sets where the information is insufficient to pinpoint a single family.

AB - The Android ecosystem has witnessed a surge in malware, which not only puts mobile devices at risk but also increases the burden on malware analysts assessing and catego- rizing threats. In this paper, we show how to use machine learning to automatically classify Android malware samples into families with high accuracy, while observing only their runtime behavior. We focus exclusively on dynamic analysis of runtime behavior to provide a clean point of comparison that is dual to static approaches. Specific challenges in the use of dynamic analysis on Android are the limited information gained from tracking low-level events and the imperfect coverage when testing apps, e.g., due to inactive command and control servers. We observe that on Android, pure system calls do not carry enough semantic content for classification and instead rely on lightweight virtual machine introspection to also reconstruct Android-level inter- process communication. To address the sparsity of data resulting from low coverage, we introduce a novel classification method that fuses Support Vector Machines with Conformal Prediction to generate high-accuracy prediction sets where the information is insufficient to pinpoint a single family.

U2 - 10.1109/SPW.2016.25

DO - 10.1109/SPW.2016.25

M3 - Conference contribution

SP - 252

EP - 261

BT - Security and Privacy Workshops (SPW), 2016 IEEE

PB - IEEE

T2 - Mobile Security Technologies (MoST 2016)

Y2 - 26 May 2016

ER -