عرض بسيط للتسجيلة

المؤلفAlam, Shahid
المؤلفQu, Zhengyang
المؤلفRiley, Ryan
المؤلفChen, Yan
المؤلفRastogi, Vaibhav
تاريخ الإتاحة2020-12-03T11:24:56Z
تاريخ النشر2017
اسم المنشورComputers and Security
المصدرScopus
معرّف المصادر الموحدhttp://dx.doi.org/10.1016/j.cose.2016.11.011
معرّف المصادر الموحدhttp://hdl.handle.net/10576/17193
الملخصAccording to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively (~99%) on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature-based detectors. In addition, the plethora of more sophisticated detectors making use of static analysis techniques to detect such variants operate only at the bytecode level, meaning that malware embedded in native code goes undetected. A recent study shows that 86% of the most popular Android applications contain native code, making native code malware a plausible threat vector. This paper proposes DroidNative, an Android malware detector that uses specific control flow patterns to reduce the effect of obfuscations and provides automation. As far as we know, DroidNative is the first system that builds cross-platform (x86 and ARM) semantic-based signatures at the Android native code level, allowing the system to detect malware embedded in either bytecode or native code. When tested with a dataset of 5490 samples, DroidNative achieves a detection rate (DR) of 93.57% and a false positive rate of 2.7%. When tested with traditional malware variants, it achieves a DR of 99.48%, compared to the DRs of academic and commercial tools that range from 8.33% to 93.22%.
راعي المشروعThis paper was made possible by NPRP grant 6-1014-2-414 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.
اللغةen
الناشرElsevier Ltd
الموضوعAndroid native code
Control flow analysis
Data mining
Malware analysis
Malware variant detection
العنوانDroidNative: Automating and optimizing detection of Android native code malware variants
النوعArticle
الصفحات230-246
رقم المجلد65
dc.accessType Abstract Only


الملفات في هذه التسجيلة

الملفاتالحجمالصيغةالعرض

لا توجد ملفات لها صلة بهذه التسجيلة.

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة