DroidCat: Unified Dynamic Detection of Android Malware

dc.contributor.authorCai, Haipengen
dc.contributor.authorMeng, Naen
dc.contributor.authorRyder, Barbara G.en
dc.contributor.authorYao, Danfeng (Daphne)en
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2017-04-26T14:54:59Zen
dc.date.available2017-04-26T14:54:59Zen
dc.date.issued2016en
dc.description.abstractVarious dynamic approaches have been developed to detect or categorize Android malware. These approaches execute software, collect call traces, and then detect abnormal system calls or sensitive API usage. Consequently, attackers can evade these approaches by intentionally obfuscating those calls under focus. Additionally, existing approaches treat detection and categorization of malware as separate tasks, although intuitively both tasks are relevant and could be performed simultaneously. This paper presents DroidCat, the first unified dynamic malware detection approach, which not only detects malware, but also pinpoints the malware family. DroidCat leverages supervised machine learning to train a multi-class classifier using diverse behavioral profiles of benign apps and different kinds of malware. Compared with prior heuristics-based machine learning-based approaches, the feature set used in DroidCat is decided purely based on a systematic dynamic characterization study of benign and malicious apps. All differentiating features that show behavioral differences between benign and malicious apps are included. In this way, DroidCat is robust to existing evasion attacks. We evaluated DroidCat using leave-one-out cross validation with 136 benign apps and 135 malicious apps. The evaluation shows that DroidCat provided an effective and scalable unified malware detection solution with 81% precision, 82% recall, and 92% accuracy.en
dc.identifier.trnumberTR-17-01en
dc.identifier.urihttp://hdl.handle.net/10919/77523en
dc.language.isoenen
dc.publisherDepartment of Computer Science, Virginia Polytechnic Institute & State Universityen
dc.rightsCreative Commons Attribution-NoDerivs 3.0 United Statesen
dc.rights.urihttp://creativecommons.org/licenses/by-nd/3.0/us/en
dc.subjectAndroid securityen
dc.subjectMalware detectionen
dc.subjectDynamic analysisen
dc.subjectUnified detectionen
dc.subjectBehavioral profileen
dc.titleDroidCat: Unified Dynamic Detection of Android Malwareen
dc.typeTechnical reporten
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
TR-17-01.pdf
Size:
576.07 KB
Format:
Adobe Portable Document Format
Description: