https://scholars.lib.ntu.edu.tw/handle/123456789/456046
標題: | ANTSdroid: Using RasMMA algorithm to generate malware behavior characteristics of android malware family | 作者: | Chang, S.-C. YEALI SUN Chuang, W.-L. Chen, M.-C. Sun, B. Takahashi, T. |
關鍵字: | Android malware family signature generation; Android security; dynamic analysis; runtime behavior analysis | 公開日期: | 2019 | 卷: | 2018-December | 起(迄)頁: | 257-262 | 來源出版物: | IEEE Pacific Rim International Symposium on Dependable Computing | 摘要: | Malware developers often use various obfuscation techniques to generate polymorphic and metamorphic versions of malicious programs. As a result, variants of a malware family generally exhibit resembling behavior, and most importantly, they possess certain common essential codes so to achieve the same designed purpose. Meantime, keeping up with new variants and generating signatures for each individual in a timely fashion has been costly and inefficient for anti-virus software companies. It motivates us the idea of no more dancing with variants. In this paper, we aim to find a malware family's main characteristic operations or activities directly related to its intent. We propose a novel automatic dynamic Android profiling system and malware family runtime behavior signature generation method called Runtime API sequence Motif Mining Algorithm (RasMMA) based on the analysis of the sensitive and permission-related execution traces of the threads and processes of a set of variant APKs of a malware family. We show the effectiveness of using the generated family signature to detect new variants using real-world dataset. Moreover, current anti-malware tools usually treat detection models as a black box for classification and offer little explanations on how malwares behave and how they proceed step by step to infiltrate targeted system and achieve the goal. We take malware family DroidKungFu as a case study to illustrate that the generated family signature indeed captures key malicious activities of the family. © 2018 IEEE. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/456046 | DOI: | 10.1109/PRDC.2018.00047 | SDG/關鍵字: | Android (operating system); Computer crime; Dynamic analysis; Network security; Android securities; Antivirus softwares; Malicious activities; Malware behaviors; Metamorphic versions; Mining algorithms; Runtime behaviors; Signature generation; Malware |
顯示於: | 資訊管理學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。