Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware

Ke Tian, Danfeng Yao, Barbara G. Ryder, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

During repackaging, malware writers statically inject malcode and modify the control flow to ensure its execution. Repackaged malware is difficult to detect by existing classification techniques, partly because of their behavioral similarities to benign apps. By exploring the app's internal different behaviors, we propose a new Android repackaged malware detection technique based on code heterogeneity analysis. Our solution strategically partitions the code structure of an app into multiple dependence-based regions (subsets of the code). Each region is independently classified on its behavioral features. We point out the security challenges and design choices for partitioning code structures at the class and method level graphs, and present a solution based on multiple dependence relations. We have performed experimental evaluation with over 7,542 Android apps. For repackaged malware, our partition-based detection reduces false negatives (i.e., missed detection) by 30-fold, when compared to the non-partition-based approach. Overall, our approach achieves a false negative rate of 0.35% and a false positive rate of 2.97%.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages262-271
Number of pages10
ISBN (Electronic)9781509008247
DOIs
StatePublished - Aug 1 2016
Event2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 - San Jose, United States
Duration: May 23 2016May 25 2016

Publication series

NameProceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

Other

Other2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
CountryUnited States
CitySan Jose
Period5/23/165/25/16

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware'. Together they form a unique fingerprint.

  • Cite this

    Tian, K., Yao, D., Ryder, B. G., & Tan, G. (2016). Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 (pp. 262-271). [7527778] (Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW.2016.33