More Web Proxy on the site http://driver.im/

research-article

On benign features in malware detection

Authors:

Julia RubinAuthors Info & Claims

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Pages 1234 - 1238

https://doi.org/10.1145/3324884.3418926

Published: 27 January 2021 Publication History

Abstract

This paper investigates the problem of classifying Android applications into malicious and benign. We analyze the performance of a popular malware detection tool, Drebin, and show that its correct classification decisions often stem from using benign rather than malicious features for making predictions. That, effectively, turns the classifier into a benign app detector rather than a malware detector. While such behavior allows the classifier to achieve a high detection accuracy, it also makes it vulnerable to attacks, e.g., by a malicious app pretending to be benign by using features similar to those of benign apps. In this paper, we propose an approach for deprioritizing benign features in malware detection, focusing the detection on truly malicious portions of the apps. We show that our proposed approach makes a classifier more resilient to attacks while still allowing it to maintain a high detection accuracy.

References

[1]

Shahid Alam, Zhengyang Qu, Ryan Riley, Yan Chen, and Vaibhav Rastogi. 2017. DroidNative: Automating and Optimizing Detection of Android Native Code Malware Variants. Computers & Security 65 (2017), 230--246.

Digital Library

[2]

Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérome, Jacques Klein, Radu State, and Yves Le Traon. 2016. Empirical Assessment of Machine Learning-Based Malware Detectors for Android. Empirical Software Engineering 21, 1 (2016), 183--211.

Digital Library

[3]

Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proc. of Working Conference on Mining Software Repositories (MSR). 14--15.

Digital Library

[4]

Daniel Arp, Michael Spreitzenbarth, Malte Hübner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In Proc. of Network and Distributed System Security Symposium (NDSS). 23--26.

[5]

Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining Apps for Abnormal Usage of Sensitive Data. In Proc. of International Conference on Software Engineering (ICSE). 426--436.

[6]

Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Srndic, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion Attacks Against Machine Learning at Test Time. In Proc. of uropean Conference on Machine Learning and Knowledge Discovery in Databases (ECML/PKDD). 387--402.

Digital Library

[7]

Lingwei Chen, Shifu Hou, Yanfang Ye, and Shouhuai Xu. 2018. Droideye: Fortifying Security of Learning-Based Classifier Against Adversarial Android Malware Attacks. In Proc. of International Conference on Advances in Social Networks Analysis and Mining (ASONAM). 782--789.

[8]

Corinna Cortes and Vladimir Vapnik. 1995. Support-Vector Networks. Machine Learning 20, 3 (1995), 273--297.

[9]

Ambra Demontis, Marco Melis, Battista Biggio, Davide Maiorca, Daniel Arp, Konrad Rieck, Igino Corona, Giorgio Giacinto, and Fabio Roli. 2017. Yes, Machine Learning Can Be More Secure! a Case Study on Android Malware Detection. IEEE Transactions on Dependable and Secure Computing (TDSC) 16, 4 (2017), 711--724.

Digital Library

[10]

Google Developers. 2020. Android Hardware. https://developer.android.com/reference/android/hardware/package-summary. last accessed August 2020.

[11]

Google Developers. 2020. Application Fundamentals. https://developer.android.com/guide/components/fundamentals. last accessed August 2020.

[12]

Google Developers. 2020. Intents and Intent Filters. https://developer.android.com/guide/components/intents-filters. last accessed August 2020.

[13]

Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. TriggerScope: Towards Detecting Logic Bombs in Android Applications. In Proc. of IEEE Symposium on Security and Privacy (S&P). 377--396.

[14]

Joshua Garcia, Mahmoud Hammad, and Sam Malek. 2018. Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware. ACM Transactions on Software Engineering and Methodology (TOSEM) 26, 3, Article 11 (2018).

Digital Library

[15]

Anil K. Jain and Richard C. Dubes. 1988. Algorithms for Clustering Data. Prentice-Hall.

Digital Library

[16]

Jie Liu, Diyu Wu, and Jingling Xue. 2018. TDroid: Exposing App Switching Attacks in Android with Control flow Specialization. In Proc. of International Conference on Automated Software Engineering (ASE). 236--247.

Digital Library

[17]

Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini. 2017. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In Proc. of Network and Distributed System Security Symposium (NDSS). 1--12.

[18]

Annamalai Narayanan, Mahinthan Chandramohan, Lihui Chen, and Yang Liu. 2017. Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning. IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) 1, 3 (2017), 157--175.

[19]

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In Proc. of USENIX Security Symposium (USENIX). 729--746.

[20]

Juan Ramos. 2003. Using TF-IDF to Determine Word Relevance in Document Queries. In Proc. of Instructional Conference on Machine Learning (ICML). 133--142.

[21]

Andrea Saracino, Daniele Sgandurra, Gianluca Dini, and Fabio Martinelli. 2016. MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. IEEE Transactions on Dependable and Secure Computing (TDSC) 15, 1 (2016), 83--97.

[22]

Mingshen Sun, Xiaolei Li, John C.S. Lui, Richard T.B. Ma, and Zhenkai Liang. 2017. Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android. IEEE Transactions on Information Forensics and Security (TIFS) 12, 5 (2017), 1103--1112.

Digital Library

[23]

VirusTotal. 2020. VirusTotal. https://www.virustotal.com/home. last accessed August 2020.

[24]

David Wagner and Drew Dean. 2001. Intrusion Detection Via Static Analysis. In Proc. of IEEE Symposium on Security and Privacy (S&P). 156--168.

[25]

Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. 2017. Deep Ground Truth Analysis of Current Android Malware. In Proc. of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). 252--276.

[26]

Wei Yang, Mukul R. Prasad, and Tao Xie. 2018. EnMobile: Entity-based Characterization and Analysis of Mobile Malware. In Proc. of International Conference on Software Engineering (ICSE). 384--394.

Digital Library

[27]

Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. 2015. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context. In Proc. of International Conference on Software Engineering (ICSE). 303--313.

[28]

Yajin Zhou and Xuxian Jiang. 2012. Dissecting Android Malware: Characterization and Evolution. In Proc. of IEEE Symposium on Security and Privacy (S&P). 95--109.

Digital Library

[29]

Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proc. of Network and Distributed System Security Symposium (NDSS). 50--52.

Cited By

KAVALCI YILMAZ EBAKIR H(2024)Hyperparameter Tunning and Feature Selection Methods for Malware DetectionKötü Amaçlı Yazılım Algılaması için Hiperparametre Ayarlama ve Özellik Seçim YöntemleriPoliteknik Dergisi10.2339/politeknik.124388127:1(343-353)Online publication date: 29-Feb-2024
https://doi.org/10.2339/politeknik.1243881
John TThomas TEmmanuel S(2024)Detection of Evasive Android Malware Using EigenGCNJournal of Information Security and Applications10.1016/j.jisa.2024.10388086(103880)Online publication date: Nov-2024
https://doi.org/10.1016/j.jisa.2024.103880
He YLou JQin ZRen KMeng WJensen CCremers CKirda E(2023)FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security AnalysisProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616599(416-430)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616599
Show More Cited By

On benign features in malware detection
1. Security and privacy

Recommendations

Enhancing malware detection: clients deserve more protection

Sophisticated malware is designed to spread over the network and infect as many connected client machines as possible before being detected. Network security engineers have always been challenged to detect and track down such malware before infecting ...
Semantics-Aware Malware Detection
SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

December 2020

1449 pages

ISBN:9781450367684

DOI:10.1145/3324884

General Chair:
John Grundy,
Program Chairs:
Claire Le Goues,
David Lo

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ASE '20

Sponsor:

ASE '20: 35th IEEE/ACM International Conference on Automated Software Engineering

December 21 - 25, 2020

Virtual Event, Australia

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
143
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

KAVALCI YILMAZ EBAKIR H(2024)Hyperparameter Tunning and Feature Selection Methods for Malware DetectionKötü Amaçlı Yazılım Algılaması için Hiperparametre Ayarlama ve Özellik Seçim YöntemleriPoliteknik Dergisi10.2339/politeknik.124388127:1(343-353)Online publication date: 29-Feb-2024
https://doi.org/10.2339/politeknik.1243881
John TThomas TEmmanuel S(2024)Detection of Evasive Android Malware Using EigenGCNJournal of Information Security and Applications10.1016/j.jisa.2024.10388086(103880)Online publication date: Nov-2024
https://doi.org/10.1016/j.jisa.2024.103880
He YLou JQin ZRen KMeng WJensen CCremers CKirda E(2023)FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security AnalysisProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616599(416-430)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616599
Andrade RFuertes WCazares MOrtiz-Garcés INavas G(2022)An Exploratory Study of Cognitive Sciences Applied to CybersecurityElectronics10.3390/electronics1111169211:11(1692)Online publication date: 26-May-2022
https://doi.org/10.3390/electronics11111692
Liu YTantithamthavorn CLi LLiu Y(2022)Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE55969.2022.00026(169-180)Online publication date: Oct-2022
https://doi.org/10.1109/ISSRE55969.2022.00026

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents