Abstract

As the most popular mobile platform, Android has become the major attack target of malware, and thus there is an urgent need to effectively thwart them. Recently, the machine learning-based technique has been a promising solution for malware detection, which highly depends on distinguishing features to separate the malware from the benign apps. Although hundreds of features are available for machine learning-based malware detectors, adversaries can also utilize feature-related knowledge to develop variants of malware to evade detection. Therefore, a key role of the Android security community is to continuously propose new features that can characterize malicious behaviors.In this paper, we propose a novel static sensitive subgraph-based feature for Android malware detection, named S3Featrue. First, to represent Android applications with high-level characteristics, we develop a sensitive function call graph (SFCG) by extending a function call graph (FCG) through tagging sensitive nodes on it. A malicious score is evaluated to identify sensitive nodes. Second, a large number of sensitive subgraphs (SSGs) and their neighbor subgraphs (NSGs) are mined from a SFCG to characterize suspicious behaviors of applications. Finally, after removing repetitive or isomorphic subgraphs, the remaining SSGs and NSGs are encoded into a feature vector to represent each application. For malware detection, S3Featrue achieves 97.04% F1-score, which performs better than other well-studied features. And a combination of S3Featrue and other features achieves 97.71% F1-score, which shows that S3Feature is a good potential feature in improving the performance of malware detection approaches or tools.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.