SaaS: A situational awareness and analysis system for massive android malware detection

Zhang, Yaocheng, Ren, Wei, Zhu, Tianqing and Ren, Yi (2019) SaaS: A situational awareness and analysis system for massive android malware detection. Future Generation Computer Systems, 95. pp. 548-559. ISSN 0167-739X

[img]
Preview
PDF (Accepted_Manuscript) - Submitted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (18MB) | Preview

Abstract

A large amount of mobile applications (Apps) are uploaded, distributed and updated in various Android markets, e.g., Google Play and Huawei AppGallery every day. One of the ongoing challenges is to detect malicious Apps (also known as malware) among those massive newcomers accurately and efficiently in the daily security management of Android App markets. Customers rely on those detection results in the selection of Apps upon downloading, and undetected malware may result in great damages. In this paper, we propose a cloud-based malware detection system called SaaS by leveraging and marrying multiple approaches from diverse domains such as natural language processing (n-gram), image processing (GLCM), cryptography (fuzzy hash), machine learning (random forest) and complex networks. We firstly extract n-gram features and GLCM features from an App's smali code and DEX file, respectively. We next feed those features into training data set, to create a machine learning detect model. The model is further enhanced by fuzzy hash to detect whether inspected App is repackaged or not. Extensive experiments (involving 1495 samples) demonstrates that the detecting accuracy is more than 98.5%, and support a large-scale detecting and monitoring. Besides, our proposed system can be deployed as a service in clouds and customers can access cloud services on demand.

Item Type: Article
Uncontrolled Keywords: cloud,fuzzy hash,glcm,machine learning,n-gram,software,hardware and architecture,computer networks and communications ,/dk/atira/pure/subjectarea/asjc/1700/1712
Faculty \ School: Faculty of Science > School of Computing Sciences
Related URLs:
Depositing User: LivePure Connector
Date Deposited: 30 Apr 2019 12:30
Last Modified: 24 Nov 2020 01:23
URI: https://ueaeprints.uea.ac.uk/id/eprint/70752
DOI: 10.1016/j.future.2018.12.028

Actions (login required)

View Item View Item