EnMobile entity-based characterization and analysis of mobile malware

Modern mobile malware tend to conduct their malicious exploits through sophisticated patterns of interactions that involve multiple entities, e.g., the mobile platform, human users, and network locations. Such malware often evade the detection by existing approaches due to their limited expressivene...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE) S. 384 - 394
Hauptverfasser: Yang, Wei, Prasad, Mukul R., Xie, Tao
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: New York, NY, USA ACM 27.05.2018
Schriftenreihe:ACM Conferences
Schlagworte:
Feature extraction
Malware
Mobile Security
Program Analysis
Security
Servers
Static analysis
Theory of computation > Semantics and reasoning > Program reasoning > Program analysis
ISBN:9781450356381, 1450356389
ISSN:1558-1225
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Modern mobile malware tend to conduct their malicious exploits through sophisticated patterns of interactions that involve multiple entities, e.g., the mobile platform, human users, and network locations. Such malware often evade the detection by existing approaches due to their limited expressiveness and accuracy in characterizing and detecting these malware. To address these issues, in this paper, we recognize entities in the environment of an app, the app's interactions with such entities, and the provenance of these interactions, i.e., the intent and ownership of each interaction, as the key to comprehensively characterizing modern mobile apps, and mobile malware in particular. With this insight, we propose a novel approach named EnMobile including a new entity-based characterization of mobile-app behaviors, and corresponding static analyses, to accurately characterize an app's interactions with entities. We implement EnMobile and provide a practical application of EnMobile in a signature-based scheme for detecting mobile malware. We evaluate EnMobile on a set of 6614 apps consisting of malware from Genome and Drebin along with benign apps from Google Play. Our results show that EnMobile detects malware with substantially higher precision and recall than four state-of-the-art approaches, namely Apposcopy, Drebin, MUDFLOW, and AppContext.
ISBN:9781450356381
1450356389
ISSN:1558-1225
DOI:10.1145/3180155.3180223