Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Networks

SecureComm 2014: International Conference on Security and Privacy in Communication Networks pp 498–506Cite as

RAMSES: Revealing Android Malware Through String Extraction and Selection

  • Conference paper
  • First Online:

Abstract

The relevance of malicious software targeting mobile devices has been increasing in recent years. Smartphones, tablet computers or embedded devices in general represent one of the most spread computing platform worldwide and an unsecure usage can cause unprecedented damage to private users, companies and public institutions. To help in identifying malicious software on mobile platforms, we propose RAMSES, an approach based on the static content stored as strings within an application. First we extract the contents of strings, transforming applications into documents, then using information retrieval techniques, we select the most relevant features based on frequency metrics, and finally we classify applications using machine learning algorithms relying on such features. We evaluate our methods using real datasets of Android applications and show promising results for detection.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats/a#phone-shipments, accessed on 04/30/2014.

  2. 2.

    https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/, accessed on 04/30/2014.

  3. 3.

    http://thehackernews.com/2013/03/google-f-secure-can-say-that-anything.html accessed on 04/30/2014.

  4. 4.

    http://www.securelist.com/en/analysis/204792255/Kaspersky_Security_Bulletin_2012_The_overall_statistics_for_2012 accessed on 04/30/2014.

References

  1. Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A.D., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: International Conference on Malicious and Unwanted Software, pp. 66–72 (2011)

    Google Scholar 

  2. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  3. Bremer, J.: Automated analysis and deobfuscation of android apps & malware. In: AthCON (2013)

    Google Scholar 

  4. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. Technical report, EECS Department, University of California, Berkeley, February 2012

    Google Scholar 

  5. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys (2012)

    Google Scholar 

  6. Kilinc, C., Booth, T., Andersson, K.: Walldroid: Cloud assisted virtualized application specific firewalls for the android os. In: Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2012)

    Google Scholar 

  7. Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval. Cambridge University Press, New York (2008)

    Book  MATH  Google Scholar 

  8. Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: Intelligence and Security Informatics Conference (EISIC). IEEE (2012)

    Google Scholar 

  9. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.: On the automatic categorisation of android applications. In: 2012 IEEE Consumer Communications and Networking Conference (CCNC). IEEE (2012)

    Google Scholar 

  10. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2011)

    Article  Google Scholar 

  11. Wang, R., Xing, L., Wang, X., Chen, S.: Conference on computer and communications security (ccs). In: Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation. ACM (2013)

    Google Scholar 

  12. Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques, 3 edn. Morgan Kaufmann, San Francisco

    Google Scholar 

  13. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Symposium on Security and Privacy. IEEE (2012)

    Google Scholar 

Download references

Acknowledgement

The Authors would like to thank the National Research Fund of Luxembourg (FNR) for providing financial support trought CORE 2010 MOVE Project.

Author information

Authors and Affiliations

  1. SnT - University of Luxembourg, 4, Rue Alphonse Weicker, 2721, Walferdange, Luxembourg

    Lautaro Dolberg, Quentin Jérôme, Jérôme François, Radu State & Thomas Engel

  2. INRIA Nancy Grand Est, 615 Rue du Jardin Botanique, 54506, Vandœuvre-lès-Nancy, France

    Jérôme François

Authors
  1. Lautaro Dolberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Quentin Jérôme
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jérôme François
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Radu State
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Engel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lautaro Dolberg .

Editor information

Editors and Affiliations

  1. CAS, Institute of Information Engineering CAS, Beijing, China

    Jing Tian

  2. Institute of Information Engineering, CAS, Beijing, China

    Jiwu Jing

  3. IBM Thomas J. Watson Research Center, New York, New York, USA

    Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Dolberg, L., Jérôme, Q., François, J., State, R., Engel, T. (2015). RAMSES: Revealing Android Malware Through String Extraction and Selection. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23829-6_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23828-9

  • Online ISBN: 978-3-319-23829-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation