UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis

Onwuzurike, L; Almeida, M; Mariconti, E; Blackburn, J; Stringhini, G; De Cristofaro, E; (2018) A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST). IEEE Green open access

[img]
Preview
Text
Onwuzurike_main.pdf - ["content_typename_Accepted version" not defined]

Download (466kB) | Preview

Abstract

Following the increasing popularity of the mobile ecosystem, cybercriminals have increasingly targeted mobile ecosystems, designing and distributing malicious apps that steal information or cause harm to the device's owner. Aiming to counter them, detection techniques based on either static or dynamic analysis that model Android malware, have been proposed. While the pros and cons of these analysis techniques are known, they are usually compared in the context of their limitations e.g., static analysis is not able to capture runtime behaviors, full code coverage is usually not achieved during dynamic analysis, etc. Whereas, in this paper, we analyze the performance of static and dynamic analysis methods in the detection of Android malware and attempt to compare them in terms of their detection performance, using the same modeling approach.To this end, we build on MAMADROID, a state-of-the-art detection system that relies on static analysis to create a behavioral model from the sequences of abstracted API calls. Then, aiming to apply the same technique in a dynamic analysis setting, we modify CHIMP, a platform recently proposed to crowdsource human inputs for app testing, in order to extract API calls' sequences from the traces produced while executing the app on a CHIMP virtual device. We call this system AUNTIEDROID and instantiate it by using both automated (Monkey) and usergenerated inputs. We find that combining both static and dynamic analysis yields the best performance, with F−measure reaching 0.92. We also show that static analysis is at least as effective as dynamic analysis, depending on how apps are stimulated during execution, and investigate the reasons for inconsistent misclassifications across methods.

Type: Proceedings paper
Title: A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis
Event: 16th Annual Conference on Privacy, Security and Trust (PST), 28th - 30th August 2018, Belfast, United Kingdom
Location: Belfast
Dates: 28 August 2018 - 30 August 2018
ISBN-13: 978-1-5386-7493-2
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/PST.2018.8514191
Publisher version: https://doi.org/10.1109/PST.2018.8514191
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Malware , Feature extraction , Analytical models , Static analysis , Tools , Smart phones , Generators
UCL classification: UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: http://discovery.ucl.ac.uk/id/eprint/10052174
Downloads since deposit
72Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item