EnMobile entity-based characterization and analysis of mobile malware

Modern mobile malware tend to conduct their malicious exploits through sophisticated patterns of interactions that involve multiple entities, e.g., the mobile platform, human users, and network locations. Such malware often evade the detection by existing approaches due to their limited expressivene...

Full description

Saved in:
Bibliographic Details
Published in:2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE) pp. 384 - 394
Main Authors: Yang, Wei, Prasad, Mukul R., Xie, Tao
Format: Conference Proceeding
Language:English
Published: New York, NY, USA ACM 27.05.2018
Series:ACM Conferences
Subjects:
Feature extraction
Malware
Mobile Security
Program Analysis
Security
Servers
Static analysis
Theory of computation > Semantics and reasoning > Program reasoning > Program analysis
ISBN:9781450356381, 1450356389
ISSN:1558-1225
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Modern mobile malware tend to conduct their malicious exploits through sophisticated patterns of interactions that involve multiple entities, e.g., the mobile platform, human users, and network locations. Such malware often evade the detection by existing approaches due to their limited expressiveness and accuracy in characterizing and detecting these malware. To address these issues, in this paper, we recognize entities in the environment of an app, the app's interactions with such entities, and the provenance of these interactions, i.e., the intent and ownership of each interaction, as the key to comprehensively characterizing modern mobile apps, and mobile malware in particular. With this insight, we propose a novel approach named EnMobile including a new entity-based characterization of mobile-app behaviors, and corresponding static analyses, to accurately characterize an app's interactions with entities. We implement EnMobile and provide a practical application of EnMobile in a signature-based scheme for detecting mobile malware. We evaluate EnMobile on a set of 6614 apps consisting of malware from Genome and Drebin along with benign apps from Google Play. Our results show that EnMobile detects malware with substantially higher precision and recall than four state-of-the-art approaches, namely Apposcopy, Drebin, MUDFLOW, and AppContext.
ISBN:9781450356381
1450356389
ISSN:1558-1225
DOI:10.1145/3180155.3180223