Deakin University
Browse

Predicting the Impact of Android Malicious Samples via Machine Learning

Download (2.63 MB)
Version 2 2024-06-06, 00:31
Version 1 2019-05-03, 10:29
journal contribution
posted on 2024-06-06, 00:31 authored by J Qiu, Wei LuoWei Luo, Lei PanLei Pan, Y Tai, J Zhang, Y Xiang
Recently Android malicious samples threaten billions of the mobile end users’ security or privacy. The community researchers have designed many methods to automatically and accurately identify Android malware samples. However, the rapid increase of Android malicious samples outpowers the capabilities of traditional Android malware detectors and classifiers with respect to the cyber security risk management needs. It is important to identify the small proportion of Android malicious samples that may produce high cyber-security or privacy impact. In this paper, we propose a light-weight solution to automatically identify the Android malicious samples with high security and privacy impact. We manually check a number of Android malware families and corresponding security incidents, and define two impact metrics for Android malicious samples. Our investigation results in a new Android malware dataset with impact ground truth (low impact or high impact). This new dataset is employed to empirically investigate the intrinsic characteristics of low impact as well as high impact malicious samples. To characterize and capture Android malicious samples’ pattern, the reverse engineering is performed to extract semantic features to represent malicious samples. The leveraged features are parsed from both the AndroidManifest.xml files as well as the disassembled binary classes.dex codes. Then the extracted features are embedded into numerical vectors. Furthermore, we train highly accurate Support Vector Machine and Deep Neural Network classifiers to categorize the candidate Android malicious samples into low impact or high impact. The empirical results validate the effectiveness of our designed light-weight solution. This method can be further utilized for identifying those high impact Android malicious samples in the wild.

History

Journal

IEEE Access

Volume

7

Pagination

66304-66316

Location

Piscataway, N.J.

Open access

  • Yes

ISSN

2169-3536

eISSN

2169-3536

Language

English

Notes

Early Access Article

Publication classification

C1 Refereed article in a scholarly journal

Copyright notice

2019, IEEE

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC