Abstract
Source code authorship attribution is a process of source code authorship identification based on set of known code samples belonging to the given author. One of practical applications of code attribution is a malware analysis and detection. In the paper we explore attribution of Android applications based on classification of source code data with particular focus on explanation of the role of selected features and their impact on the final classifier decision. The proposed solution uses Local Interpretable Model–Agnostic Explanations (LIME) technique to explain decisions produced by classifiers. We explored this approach on several types of classifiers such as SVM, Random Forrest and neural network and dataset containing applications belonging to more than 20 different authors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Caliskan-Islam, A., et al.: De-anonymizing programmers via code stylometry. In: Proceedings of the 24th USENIX Security Symposium. pp. 255–270 (2015)
Gonzalez, H., Stakhanova, N., Ghorbani, A.A.: Authorship attribution of android apps. In: CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy. pp. 277–286 (2018) https://doi.org/10.1145/3176258.3176322
Chebyshev, F., et al.: IT threat evolution Q1 2017. Statistics. https://securelist.com/it-threat-evolution-q1–2020-statistics/96959/Accessed 15 June 2020
Caliskan, A., et al.: When coding style survives compilation: de-anonymizing programmers from executable binaries. In: Proceedings of Network and Distributed Systems Security (NDSS) Symposium (2018) https://doi.org/10.14722/ndss.2018.23304
Kalgutkar, V., Stakhanova, N., Cook, P., Matyukhina, A.: Android authorship attribution through string analysis. In: ACM International Conference Proceeding Series, pp. 1–10 (2018) https://doi.org/10.1145/3230833.3230849
Karbab, E.M.B., Debbabi, M., Derhab, A., Mouheb, D.: MalDozer: Automatic framework for android malware detection using deep learning. In: DFRWS 2018 EU - Proceedings of the 5th Annual DFRWS Europe. pp. S48–S59 (2018) https://doi.org/10.1016/j.diin.2018.01.007
Kalgutkar, V., Kaur, R., Gonzalez, H., Stakhanova, N., Matyukhina, A.: Code authorship attribution: Methods and challenges. ACM Comput. Surv. (2019). https://doi.org/10.1145/3292577
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of Network and Distributed Systems Security (NDSS) (2014). https://doi.org/10.14722/ndss.2014.23247
Melis, M., Maiorca, D., Biggio, B., Giacinto, G., Roli, F.: Explaining black-box android malware detection. In: European Signal Processing Conference (2018). https://doi.org/10.23919/EUSIPCO.2018.8553598
AndroGuard. Reverse Engineering. https://github.com/androguard/androguard Accessed 15 June 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Murenin, I., Novikova, E., Ushakov, R., Kholod, I. (2020). Explaining Android Application Authorship Attribution Based on Source Code Analysis. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN ruSMART 2020 2020. Lecture Notes in Computer Science(), vol 12525. Springer, Cham. https://doi.org/10.1007/978-3-030-65726-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-65726-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65725-3
Online ISBN: 978-3-030-65726-0
eBook Packages: Computer ScienceComputer Science (R0)