Machine Learning
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
The number of Android malware is increasing with the growth of Android, so there needs to have a method to classify malware families. There are many classification methods proposed so far, but most of them are based on permission information such as the number of requested permissions and critical permissions. Since permission information cannot represent actual application behaviors and permissions are easily separated into several communicating applications, the permission based classification methods can result in false alarms. Opposed to these permission based methods, our classification method is based on applications' Bytecode that contains actual application behaviors. Each malicious application family may have some similar Bytecode and can be classified using this information. In this paper, we propose a method to classify malware families from known malware, as a pre-step of malware detection.