DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware
Min Zheng, Mingshen Sun, John C.S. Lui
TL;DR
DroidAnalytics is a signature-based system that automatically collects, analyzes, and associates Android malware at the opcode level, effectively identifying known and zero-day malware from a large dataset.
Contribution
It introduces a novel signature-based analytic system capable of analyzing and detecting Android malware, including zero-day threats, at a large scale and detailed opcode level.
Findings
Analyzed 150,368 Android applications.
Detected 2,494 malware from 102 families.
Identified 342 zero-day malware samples.
Abstract
Smartphones and mobile devices are rapidly becoming indispensable devices for many users. Unfortunately, they also become fertile grounds for hackers to deploy malware and to spread virus. There is an urgent need to have a "security analytic & forensic system" which can facilitate analysts to examine, dissect, associate and correlate large number of mobile applications. An effective analytic system needs to address the following questions: How to automatically collect and manage a high volume of mobile malware? How to analyze a zero-day suspicious application, and compare or associate it with existing malware families in the database? How to perform information retrieval so to reveal similar malicious logic with existing malware, and to quickly identify the new malicious code segment? In this paper, we present the design and implementation of DroidAnalytics, a signature based analytic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Software Testing and Debugging Techniques