Abstract
The relevance of malicious software targeting mobile devices has been increasing in recent years. Smartphones, tablet computers or embedded devices in general represent one of the most spread computing platform worldwide and an unsecure usage can cause unprecedented damage to private users, companies and public institutions. To help in identifying malicious software on mobile platforms, we propose RAMSES, an approach based on the static content stored as strings within an application. First we extract the contents of strings, transforming applications into documents, then using information retrieval techniques, we select the most relevant features based on frequency metrics, and finally we classify applications using machine learning algorithms relying on such features. We evaluate our methods using real datasets of Android applications and show promising results for detection.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats/a#phone-shipments, accessed on 04/30/2014.
- 2.
https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/, accessed on 04/30/2014.
- 3.
http://thehackernews.com/2013/03/google-f-secure-can-say-that-anything.html accessed on 04/30/2014.
- 4.
References
Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A.D., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: International Conference on Malicious and Unwanted Software, pp. 66–72 (2011)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Bremer, J.: Automated analysis and deobfuscation of android apps & malware. In: AthCON (2013)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. Technical report, EECS Department, University of California, Berkeley, February 2012
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys (2012)
Kilinc, C., Booth, T., Andersson, K.: Walldroid: Cloud assisted virtualized application specific firewalls for the android os. In: Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2012)
Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval. Cambridge University Press, New York (2008)
Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: Intelligence and Security Informatics Conference (EISIC). IEEE (2012)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.: On the automatic categorisation of android applications. In: 2012 IEEE Consumer Communications and Networking Conference (CCNC). IEEE (2012)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2011)
Wang, R., Xing, L., Wang, X., Chen, S.: Conference on computer and communications security (ccs). In: Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation. ACM (2013)
Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques, 3 edn. Morgan Kaufmann, San Francisco
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Symposium on Security and Privacy. IEEE (2012)
Acknowledgement
The Authors would like to thank the National Research Fund of Luxembourg (FNR) for providing financial support trought CORE 2010 MOVE Project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dolberg, L., Jérôme, Q., François, J., State, R., Engel, T. (2015). RAMSES: Revealing Android Malware Through String Extraction and Selection. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-23829-6_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)