MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. / Saracino, Andrea; Sgandurra, Daniele; Dini, Gianluca; Martinelli, Fabio.

In: IEEE Transactions on Dependable and Secure Computing, 01.03.2016, p. 1-14.

Research output: Contribution to journalArticle

Published

Standard

MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. / Saracino, Andrea; Sgandurra, Daniele; Dini, Gianluca; Martinelli, Fabio.

In: IEEE Transactions on Dependable and Secure Computing, 01.03.2016, p. 1-14.

Research output: Contribution to journalArticle

Harvard

Saracino, A, Sgandurra, D, Dini, G & Martinelli, F 2016, 'MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention', IEEE Transactions on Dependable and Secure Computing, pp. 1-14. https://doi.org/10.1109/TDSC.2016.2536605

APA

Saracino, A., Sgandurra, D., Dini, G., & Martinelli, F. (2016). MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. IEEE Transactions on Dependable and Secure Computing, 1-14. https://doi.org/10.1109/TDSC.2016.2536605

Vancouver

Saracino A, Sgandurra D, Dini G, Martinelli F. MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. IEEE Transactions on Dependable and Secure Computing. 2016 Mar 1;1-14. https://doi.org/10.1109/TDSC.2016.2536605

Author

Saracino, Andrea ; Sgandurra, Daniele ; Dini, Gianluca ; Martinelli, Fabio. / MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. In: IEEE Transactions on Dependable and Secure Computing. 2016 ; pp. 1-14.

BibTeX

@article{252440c0e82b48ec8a95ce44f7372c47,
title = "MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention",
abstract = "Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been designed to take into account those behaviors characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption.",
author = "Andrea Saracino and Daniele Sgandurra and Gianluca Dini and Fabio Martinelli",
year = "2016",
month = mar
day = "1",
doi = "10.1109/TDSC.2016.2536605",
language = "English",
pages = "1--14",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

RIS

TY - JOUR

T1 - MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention

AU - Saracino, Andrea

AU - Sgandurra, Daniele

AU - Dini, Gianluca

AU - Martinelli, Fabio

PY - 2016/3/1

Y1 - 2016/3/1

N2 - Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been designed to take into account those behaviors characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption.

AB - Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been designed to take into account those behaviors characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption.

U2 - 10.1109/TDSC.2016.2536605

DO - 10.1109/TDSC.2016.2536605

M3 - Article

SP - 1

EP - 14

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

ER -