DroidScreening: a practical framework for real‐world Android malware analysis. Issue 11 (10th February 2016)
- Record Type:
- Journal Article
- Title:
- DroidScreening: a practical framework for real‐world Android malware analysis. Issue 11 (10th February 2016)
- Main Title:
- DroidScreening: a practical framework for real‐world Android malware analysis
- Authors:
- Yu, Junfeng
Huang, Qingfeng
Yian, CheeHoo - Abstract:
- Abstract: Analyzing Android malware sample is a time‐consuming and error‐prone work. Automatic techniques to perform suspicious apps screening and threat level evaluation is highly desired by the antivirus industry. In this paper, we proposed a novel automated framework called DroidScreening to speed up the Android malware analysis process and to assist antivirus analyst in generating the heuristics pattern for scanner. DroidScreening employs lazy associative classification (LAC) algorithms to produce classification model by learning from malicious evidence features extracted by using static analysis on Android application package files. Moreover, we proposed a novel high‐interaction execution environment that can interact with malicious Android code, so that the analysis samples are induced to start executing their true malicious behavior. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed other classification algorithms. Finally, we analyzed the performance of DroidScreening and compare it with other similar research work. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : DroidScreening framework consists of three main component parts: a static multiple types feature extractor, LAC‐based screening module, and trigger‐induced dynamic analysis system. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed otherAbstract: Analyzing Android malware sample is a time‐consuming and error‐prone work. Automatic techniques to perform suspicious apps screening and threat level evaluation is highly desired by the antivirus industry. In this paper, we proposed a novel automated framework called DroidScreening to speed up the Android malware analysis process and to assist antivirus analyst in generating the heuristics pattern for scanner. DroidScreening employs lazy associative classification (LAC) algorithms to produce classification model by learning from malicious evidence features extracted by using static analysis on Android application package files. Moreover, we proposed a novel high‐interaction execution environment that can interact with malicious Android code, so that the analysis samples are induced to start executing their true malicious behavior. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed other classification algorithms. Finally, we analyzed the performance of DroidScreening and compare it with other similar research work. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : DroidScreening framework consists of three main component parts: a static multiple types feature extractor, LAC‐based screening module, and trigger‐induced dynamic analysis system. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed other classification algorithms. … (more)
- Is Part Of:
- Security and communication networks. Volume 9:Issue 11(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 11(2016)
- Issue Display:
- Volume 9, Issue 11 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 11
- Issue Sort Value:
- 2016-0009-0011-0000
- Page Start:
- 1435
- Page End:
- 1449
- Publication Date:
- 2016-02-10
- Subjects:
- Android malware -- lazy associative classification -- dynamic analysis -- security screening -- static analysis -- instrumentation
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1430 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 1896.xml