As the most widely used mobile platform, Android is also the biggest target for mobile malware. Given the increasing number of Android malware variants, detecting malware families is crucial so that security analysts can identify situations where signatures of a known malware family can be adapted as opposed to manually inspecting behavior of all samples. We present EC2 (Ensemble Clustering and Classification), a novel algorithm for discovering Android malware families of varying sizes - ranging from very large to very small families (even if previously unseen). We present a performance comparison of several traditional classification and clustering algorithms for Android malware family identification on DREBIN, the largest public Android malware dataset with labeled families. We use the output of both supervised classifiers and unsupervised clustering to design EC2. Experimental results on both the DREBIN and the more recent Koodous malware datasets show that EC2 accurately detects both small and large families, outperforming several comparative baselines. Furthermore, we show how to automatically characterize and explain unique behaviors of specific malware families, such as FakeInstaller, MobileTx, Geinimi. In short, EC2 presents an early warning system for emerging new malware families, as well as a robust predictor of the family (when it is not new) to which a new malware sample belongs, and the design of novel strategies for data-driven understanding of malware behaviors.
EC2: Ensemble Clustering & Classification for predicting Android malware families / Chakraborty, Tanmoy; Pierazzi, Fabio; Subrahmanian, V. S.. - In: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING. - ISSN 1545-5971. - (2020), pp. 1-14.
|Data di pubblicazione:||2020|
|Data di prima pubblicazione:||21-ago-2017|
|Titolo:||EC2: Ensemble Clustering & Classification for predicting Android malware families|
|Autore/i:||Chakraborty, Tanmoy; Pierazzi, Fabio; Subrahmanian, V. S.|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1109/TDSC.2017.2739145|
|Codice identificativo ISI:||WOS:000520505100004|
|Codice identificativo Scopus:||2-s2.0-85028505970|
|Citazione:||EC2: Ensemble Clustering & Classification for predicting Android malware families / Chakraborty, Tanmoy; Pierazzi, Fabio; Subrahmanian, V. S.. - In: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING. - ISSN 1545-5971. - (2020), pp. 1-14.|
|Tipologia||Articolo su rivista|
I documenti presenti in Iris Unimore sono rilasciati con licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 3.0 Italia, salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris