https://scholars.lib.ntu.edu.tw/handle/123456789/456050
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.author | YEALI SUN | en_US |
dc.contributor.author | Chen, C.-C. | en_US |
dc.contributor.author | Hsiao, S.-W. | en_US |
dc.contributor.author | Chen, M.C. | en_US |
dc.creator | Sun, Y.S.;Chen, C.-C.;Hsiao, S.-W.;Chen, M.C. | - |
dc.date.accessioned | 2020-02-10T02:43:28Z | - |
dc.date.available | 2020-02-10T02:43:28Z | - |
dc.date.issued | 2018 | - |
dc.identifier.uri | https://scholars.lib.ntu.edu.tw/handle/123456789/456050 | - |
dc.description.abstract | Malware developers often use various obfuscation techniques to generate polymorphic and metamorphic versions of malwares. Keeping up with new variants and creating signatures for each individuals in a timely fashion has been an important problem but tedious works that anti-virus companies face all the time. It motivates us the idea of no more dancing with variants. In this paper, we aim to find a malware family’s main characteristic operations directly related to its intent. We propose global execution sequence alignment and segmentation algorithms to generate the execution stage chart of a malware family which presents a simple and easy-to-understand overview of the lifecycle as well as common and different operations that individual variants perform at a stage. We also present an automated dynamic Android malware profiling and family security analysis system in which we focus on the execution sequences of sensitive and permission-related API calls referred to as motifs of variants of malware family. To achieve the goal, we modify Android Debug Bridge (ADB) tool to add on several new features including enabling the recording of parameters and return value of an API call, the support of UID-based profiling to capture all the processes and threads to gain complete understanding of the activities of target malware app, and per thread trace generation. Finally, we use real-world dataset to validate the proposed system and methods. The generated family stage chart and motifs can provide security analysts semantics-rich understanding of what and how a malware family is designed and implemented. The main characteristic API call sequences of malware families can be used as signatures for effective and efficient malware detection in the future. © Springer International Publishing AG, part of Springer Nature 2018. | - |
dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | - |
dc.subject | Android malware family behaviour analysis; Android security; Dynamic analysis; Execution sequence alignment and segmentation | - |
dc.subject.classification | [SDGs]SDG16 | - |
dc.subject.other | Android (operating system); Computer crime; Dynamic analysis; Malware; Network security; Program debugging; Semantics; Viruses; Android securities; Behaviour analysis; Execution sequences; Malware detection; Malware families; Metamorphic versions; Security analysis; Trace generation; Mobile security | - |
dc.title | ANTSdroid: Automatic malware family behaviour generation and analysis for Android apps | en_US |
dc.type | conference paper | en |
dc.identifier.doi | 10.1007/978-3-319-93638-3_48 | - |
dc.identifier.scopus | 2-s2.0-85049808858 | - |
dc.identifier.url | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85049808858&doi=10.1007%2f978-3-319-93638-3_48&partnerID=40&md5=c9cf13be82297781ae514c92aa75233c | - |
dc.relation.pages | 796-804 | - |
dc.relation.journalvolume | 10946 LNCS | - |
item.openairecristype | http://purl.org/coar/resource_type/c_5794 | - |
item.openairetype | conference paper | - |
item.grantfulltext | none | - |
item.cerifentitytype | Publications | - |
item.fulltext | no fulltext | - |
crisitem.author.dept | Information Management | - |
crisitem.author.parentorg | College of Management | - |
顯示於: | 資訊管理學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。