Skip to main content
SpringerLink
Log in

UpDroid: Updated Android Malware and Its Familial Classification

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11252))

Included in the following conference series:

Abstract

Android is the platform most targeted by attackers. While security solutions have improved against such attacks on one side, attackers introduce new variants of existing malware by employing new strategies to evade them on another side. One of the most effective evasion techniques widely used is updating malicious code at runtime. In this study, an up-to-date dataset of such update attacks called UpDroid is introduced and then analyzed. This dataset consists of 2,479 samples belonging to 21 malware families, of which most have been discovered in just the last few years. While this dataset gives an overview of recent malware, it will also be useful for researchers working on dynamic analysis. Furthermore, in this study, a new classification algorithm based on both static and dynamic features is introduced in order to group such malware into families.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://wise.cs.hacettepe.edu.tr/projects/updroid/dataset/.

References

  1. blcheck: Test a mail servers against black lists, March 2018. https://github.com/darko-poljak/blcheck

  2. Droidbox: Dynamic analysis of android apps, March 2018. https://github.com/pjlantz/droidbox

  3. Apkpure: Android market place, March 2018. https://apkpure.com/

  4. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the Network and Distributed System Security (NDSS) Symposium (2014)

    Google Scholar 

  5. Ashishb: android-malware, March 2018. https://github.com/ashishb/android-malware

  6. Avdiienko, V., et al.: Mining apps for abnormal usage of sensitive data. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 426–436. IEEE Press (2015)

    Google Scholar 

  7. AVTEST: Security report 2016/2017 (2017). https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf

  8. Aysan, A.I., Sen, S.: Do you want to install an update of this application? A rigorous analysis of updated android applications. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 181–186. IEEE (2015)

    Google Scholar 

  9. Chakraborty, T., Pierazzi, F., Subrahmanian, V.: EC2: ensemble clustering and classification for predicting android malware families. IEEE Trans. Dependable Secur. Comput. (1), 1 (2017)

    Google Scholar 

  10. Choudhary, S.R., Gorla, A., Orso, A.: Automated test input generation for android: are we there yet?(e). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 429–440. IEEE (2015)

    Google Scholar 

  11. Comodo: Comodo threat research labs warns android users of tordow v2.0 outbreak, March 2018. https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-outbreak/

  12. Contagio: contagio, March 2016. http://contagiodump.blogspot.com.tr/

  13. Dash, S.K., et al.: DroidScribe: classifying android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016)

    Google Scholar 

  14. Deshotels, L., Notani, V., Lakhotia, A.: DroidLegacy: automated familial classification of android malware. In: Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, p. 3. ACM (2014)

    Google Scholar 

  15. Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. (2018)

    Google Scholar 

  16. Garcia, J., Hammad, M., Malek, S.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Methodol. (TOSEM) 26(3), 11 (2018)

    Article  Google Scholar 

  17. Hall, M., et al.: The WEKA data mining software: an update. SIGKDD Explor. 11, 10–18 (2009)

    Article  Google Scholar 

  18. Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36(2), 646–656 (2013)

    Article  Google Scholar 

  19. Koodous: Online malware analysis platform, March 2018. https://koodous.com/

  20. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: A view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)

    Google Scholar 

  21. Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput. Secur. 51, 16–31 (2015)

    Article  Google Scholar 

  22. Marastoni, N., Continella, A., Quarta, D., Zanero, S., Preda, M.D.: GroupDroid: automatically grouping mobile malware by extracting code similarities. In: Proceedings of the 7th Software Security, Protection, and Reverse Engineering/Software Security and Protection Workshop, p. 1. ACM (2017)

    Google Scholar 

  23. Ping, M., Alsulami, B., Mancoridis, S.: On the effectiveness of application characteristics in the automatic classification of malware on smartphones. In: 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–8. IEEE (2016)

    Google Scholar 

  24. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  25. Qu, Z., Alam, S., Chen, Y., Zhou, X., Hong, W., Riley, R.: DyDroid: measuring dynamic code loading and its security implications in android applications. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 415–426. IEEE (2017)

    Google Scholar 

  26. Spreitzenbarth: Current android malware, March 2018. https://forensics.spreitzenbarth.de/android-malware/

  27. Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 309–320. ACM (2017)

    Google Scholar 

  28. Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J.: DenDroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert. Syst. Appl. 41(4), 1104–1117 (2014)

    Article  Google Scholar 

  29. Symantec: Internet security threat report, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

  30. Symantec: Internet security threat report, vol. 22, April 2017. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf

  31. Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)

    Google Scholar 

  32. VirusTotal: Virustotal, March 2018. https://www.virustotal.com

  33. Website, A.: Android malware behaviors, March 2018. http://amd.arguslab.org/behaviors

  34. Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12

    Chapter  Google Scholar 

  35. Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10

    Chapter  Google Scholar 

  36. Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1105–1116. ACM (2014)

    Google Scholar 

  37. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP) pp. 95–109. IEEE (2012)

    Google Scholar 

Download references

Acknowledgment

This study is supported by the Scientific and Technological Research Council of Turkey (TUBITAK-115E150). We would like to thank TUBITAK for its support.

Author information

Authors and Affiliations

  1. WISE Lab, Department of Computer Engineering, Hacettepe University, Ankara, Turkey

    Kursat Aktas & Sevil Sen

Authors
  1. Kursat Aktas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sevil Sen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sevil Sen .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aktas, K., Sen, S. (2018). UpDroid: Updated Android Malware and Its Familial Classification. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03638-6_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03637-9

  • Online ISBN: 978-3-030-03638-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation