Show simple item record

dc.contributor.authorCai, Haipengen_US
dc.contributor.authorMeng, Naen_US
dc.contributor.authorRyder, Barbaraen_US
dc.contributor.authorYao, Danfeng (Daphne)en_US
dc.description.abstractVarious dynamic approaches have been developed to detect or categorize Android malware. These approaches execute software, collect call traces, and then detect abnormal system calls or sensitive API usage. Consequently, attackers can evade these approaches by intentionally obfuscating those calls under focus. Additionally, existing approaches treat detection and categorization of malware as separate tasks, although intuitively both tasks are relevant and could be performed simultaneously. This paper presents DroidCat, the first unified dynamic malware detection approach, which not only detects malware, but also pinpoints the malware family. DroidCat leverages supervised machine learning to train a multi-class classifier using diverse behavioral profiles of benign apps and different kinds of malware. Compared with prior heuristics-based machine learning-based approaches, the feature set used in DroidCat is decided purely based on a systematic dynamic characterization study of benign and malicious apps. All differentiating features that show behavioral differences between benign and malicious apps are included. In this way, DroidCat is robust to existing evasion attacks. We evaluated DroidCat using leave-one-out cross validation with 136 benign apps and 135 malicious apps. The evaluation shows that DroidCat provided an effective and scalable unified malware detection solution with 81% precision, 82% recall, and 92% accuracy.en_US
dc.publisherDepartment of Computer Science, Virginia Polytechnic Institute & State Universityen_US
dc.rightsAttribution-NoDerivs 3.0 United States*
dc.subjectAndroid securityen_US
dc.subjectMalware detectionen_US
dc.subjectDynamic analysisen_US
dc.subjectUnified detectionen_US
dc.subjectBehavioral profileen_US
dc.titleDroidCat: Unified Dynamic Detection of Android Malwareen_US
dc.typeTechnical reporten_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Attribution-NoDerivs 3.0 United States
License: Attribution-NoDerivs 3.0 United States