Abstract
As in the classification of biological entities, malicious software may be grouped into families according to their features and similarity levels. Lineage identification techniques can speed up the mitigation of malware attacks and the development of antimalware solutions by aiding in the discovery of previously unknown samples. The goal of this work is to investigate how the use of hierarchical clustering on malware statically extracted features can help on explaining the distribution of applications into specific groups. To do so, we collected 76 samples of several versions from popular, legitimate mobile applications and 111 malicious applications from 11 well-known scareware families, produced their dendograms, and discussed the outcomes. Our results show that the proposed apporach is promising for the verification of relationships found between samples and their attributes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Online Appendix is available at https://github.com/tsrpimenta/onlineappendix.
References
A. F. A. Kadir, N.S., Ghorbani, A.A.: Understanding android financial malware attacks: taxonomy, characterization, and challenges. J. Cyber Secur. Mob. 7, 1–52 (2018)
Alam, S., Traore, I., Sogukpinar, I.: Annotated control flow graph for metamorphic malware detection. Comput. J. 58, 2608–2621 (2015)
Apvrille, A., Strazzere, T.: Reducing the window of opportunity for android malware Gotta catch’em all. J. Comput. Virol. 8(1–2), 61–71 (2012)
Awad, R.A., Sayre, K.D.: Automatic clustering of malware variants. In: IEEE Conference on Intelligence and Security Informatics (ISI) (2016)
Burke, D.: Fake covid notification apps and websites aim to steal money and personal data. https://www.cbc.ca/news/canada/nova-scotia/covid-apps-phones-scammers-fraudulent-personal-data-1.5877496
Cha, S.H.: Comprehensive survey on distance/similarity measures between probability density functions. City 1(2), 1 (2007)
Connolly, L.Y., Wall, D.S.: The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput. Secur. 87, 101568 (2019)
Desnos, A., et al.: Androguard-reverse engineering, malware and goodware analysis of android applications. google.com/p/androguard 153 (2013)
Fedler, R., Schutte, J., Kulicke, M.: On the effectiveness of malware protection on android. Fraunhofer AISEC 45, 53 (2013)
Feizollah, A., Anuar, N.B.R., Salleh, G.S.T., Furnell, S.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 627–638. ACM (2011)
Firdaus, A., Anuar, N., Karim, A., Razak, M.F.A.: Discovering optimal features using static analysis and a genetic search based method for android malware detection. Front. Inf. Technol. Electron. Eng. 19, 712–736 (2018)
Hsiao, S.W., Sun, Y.S., Chen, M.C.: Behavior grouping of android malware family. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)
Karim, M.E., Walenstein, A., Lakhotia, A., Parida, L.: Malware phylogeny generation using permutations of code. J. Comput. Virol. 1, 13–23 (2005)
Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification. In: 2018 International Carnahan Conference on Security Technology (ICCST), pp. 1–7 (2018)
Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. In: Soviet Physics Doklady, pp. 707–710. Soviet Union (1966)
Li, Y., Jang, J., Hu, X., Ou, X.: Android malware clustering through malicious payload mining. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 192–214. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_9
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)
Martín, A., Fuentes-Hurtado, F., Naranjo, V., Camacho, D.: Evolving deep neural networks architectures for android malware classification. In: IEEE Congress on Evolutionary Computation (CEC) (2017)
Metz, J.: Análise e extração de características estruturais e comportamentais para perfis de malware. Master’s thesis, Mestra em Ciências de Computação e Matemática Computacional - USP., São Carlos - SP (Junho 2006)
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430. IEEE (2007)
Nadeem, A.: Clustering malware’s network behavior using simple sequential features. Master’s thesis, University of Technology, Faculty of Electrical Engineering, Mathematics and Computer Science, September 2018
News, S.W.: The covid-19 hoax scareware. https://securitynews.sonicwall.com/xmlpost/the-covid-19-hoax-scareware/. Accessed 25 Mar 2021
Perdisci, R., W.Lee, Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI, vol. 10, p. 14 (2010)
Pfeffer, A., et al.: Malware analysis and attribution using genetic information. In: 7th International Conference on Malicious and Unwanted Software (2012)
Poeplau, S., Fratantonio, Y.A., Bianchi, C.K., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS Symposium 2014, pp. 23–26 (2014)
Rathore, H., Sahay, S.K., Chaturvedi, P., Sewak, M.: Android malicious application classification using clustering. In: Abraham, A., Cherukuri, A.K., Melin, P., Gandhi, N. (eds.) ISDA 2018 2018. AISC, vol. 941, pp. 659–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-16660-1_64
Rendón, E., Abundez, I., Arizmendi, A., Quiroz, E.M.: Internal versus external cluster validation indexes. Int. J. Comput. Commun. 5(1), 27–34 (2011)
Samani, R.: Mcafee mobile threat report: Mobile malware is playing hide and steal. https://www.mcafee.com/enterprise/pt-br/assets/reports/rp-quarterly-threats-nov-2020.pdf. Accessed 25 Mar 2021
Schmidt, A.D., et al.: Static analysis of executables for collaborative malware detection on android. In: 2009 IEEE International Conference on Communications (2009)
Skovoroda, A., Gamayunov, D.: Review of the mobile malware detection approaches. In: 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (2015)
Team, N.: What is scareware and how can i avoid it? https://uk.norton.com/norton-blog/2015/09/what_is_scarewarean.html
Wüchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In 2012 IEEE symposium on security and privacy (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Pimenta, T.S.R., dos Santos, R.D.C., Grégio, A. (2021). Family Matters: On the Investigation of [Malicious] Mobile Apps Clustering. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2021. ICCSA 2021. Lecture Notes in Computer Science(), vol 12951. Springer, Cham. https://doi.org/10.1007/978-3-030-86970-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-86970-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86969-4
Online ISBN: 978-3-030-86970-0
eBook Packages: Computer ScienceComputer Science (R0)