Compact Explanations of Why Malware is Bad

Wei Chen, Charles Sutton, Andrew Gordon, David Aspinall, Igor Muttik, Qi Shen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Researchers and malware analysts have identified hundreds and thousands of mobile applications as malware. These malware instances are organised into families based on some common unexpected behaviours, e.g., send premium messages, access locations, and intercept incoming messages and calls, etc. However, except some unclear online technical descriptions of several famous malware families, to the best of our knowledge, people have no idea of what exactly happens in mobile malware or what kind of behaviour of a mobile application makes it bad. This brings a challenging research problem: to automatically generate compact and precise explanations of unexpected behaviours in a mobile application if it has been identified as malware.This research has several potential benefits, including: help people get better understanding of potential threats hidden in mobile applications; provide hints for malware analysts before more expensive investigation; support automatic generation of malware analysis reports; and provide clear and friendly references for security policy designers, etc.Some fundamental technical questions we will answer are as follows. How could we characterise and formalise an application’s behaviour as efficiently and precisely as possible? What kind of behaviour is unexpected with respect to a specific application and how to figure it out automatically? Once a certain behaviour has been identified as unexpected, how could we automatically generate an explanation of this behaviour and in what kind of form? Finally, how could we evaluate generated explanations?
Original languageEnglish
Title of host publicationAI4FM 2015
Number of pages4
Publication statusAccepted/In press - 10 Aug 2015
EventAI4FM - , United Kingdom
Duration: 1 Sep 2015 → …

Conference

ConferenceAI4FM
CountryUnited Kingdom
Period1/09/15 → …

Fingerprint Dive into the research topics of 'Compact Explanations of Why Malware is Bad'. Together they form a unique fingerprint.

Cite this