SaaS: A situational awareness and analysis system for massive android malware detection

Zhang, Y; Ren, W; Zhu, T; Ren, Y

SaaS: A situational awareness and analysis system for massive android malware detection

Zhang, Y Ren, W Zhu, T

Ren, Y

Permalink

Publication Type:: Journal Article
Citation:: Future Generation Computer Systems, 2019, 95 pp. 548 - 559
Issue Date:: 2019-06-01

Closed Access

	Filename	Description	Size
	1-s2.0-S0167739X18309427-main.pdf	Published Version	3.31 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, Y	en_US
dc.contributor.author	Ren, W	en_US
dc.contributor.author	Zhu, T https://orcid.org/0000-0003-3411-7947	en_US
dc.contributor.author	Ren, Y	en_US
dc.date.accessioned	2020-04-17T04:25:56Z
dc.date.available	2020-04-17T04:25:56Z
dc.date.issued	2019-06-01	en_US
dc.identifier.citation	Future Generation Computer Systems, 2019, 95 pp. 548 - 559	en_US
dc.identifier.issn	0167-739X	en_US
dc.identifier.uri	http://hdl.handle.net/10453/140079
dc.description.abstract	© 2018 Elsevier B.V. A large amount of mobile applications (Apps) are uploaded, distributed and updated in various Android markets, e.g., Google Play and Huawei AppGallery every day. One of the ongoing challenges is to detect malicious Apps (also known as malware) among those massive newcomers accurately and efficiently in the daily security management of Android App markets. Customers rely on those detection results in the selection of Apps upon downloading, and undetected malware may result in great damages. In this paper, we propose a cloud-based malware detection system called SaaS by leveraging and marrying multiple approaches from diverse domains such as natural language processing (n-gram), image processing (GLCM), cryptography (fuzzy hash), machine learning (random forest) and complex networks. We firstly extract n-gram features and GLCM features from an App's smali code and DEX file, respectively. We next feed those features into training data set, to create a machine learning detect model. The model is further enhanced by fuzzy hash to detect whether inspected App is repackaged or not. Extensive experiments (involving 1495 samples) demonstrates that the detecting accuracy is more than 98.5%, and support a large-scale detecting and monitoring. Besides, our proposed system can be deployed as a service in clouds and customers can access cloud services on demand.	en_US
dc.relation.ispartof	Future Generation Computer Systems	en_US
dc.relation.isbasedon	10.1016/j.future.2018.12.028	en_US
dc.subject.classification	Distributed Computing	en_US
dc.title	SaaS: A situational awareness and analysis system for massive android malware detection	en_US
dc.type	Journal Article
utslib.citation.volume	95	en_US
utslib.for	0803 Computer Software	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0806 Information Systems	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US
pubs.volume	95	en_US

Abstract:

© 2018 Elsevier B.V. A large amount of mobile applications (Apps) are uploaded, distributed and updated in various Android markets, e.g., Google Play and Huawei AppGallery every day. One of the ongoing challenges is to detect malicious Apps (also known as malware) among those massive newcomers accurately and efficiently in the daily security management of Android App markets. Customers rely on those detection results in the selection of Apps upon downloading, and undetected malware may result in great damages. In this paper, we propose a cloud-based malware detection system called SaaS by leveraging and marrying multiple approaches from diverse domains such as natural language processing (n-gram), image processing (GLCM), cryptography (fuzzy hash), machine learning (random forest) and complex networks. We firstly extract n-gram features and GLCM features from an App's smali code and DEX file, respectively. We next feed those features into training data set, to create a machine learning detect model. The model is further enhanced by fuzzy hash to detect whether inspected App is repackaged or not. Extensive experiments (involving 1495 samples) demonstrates that the detecting accuracy is more than 98.5%, and support a large-scale detecting and monitoring. Besides, our proposed system can be deployed as a service in clouds and customers can access cloud services on demand.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/140079