More Semantics More Robust: Improving Android Malware Classifiers

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Automatic malware classifiers often perform badly on the detection of new malware, i.e., their robustness is poor. We study the machine-learning-based mobile malware classifiers and reveal one reason: the input features used by these classifiers can’t capture general behavioural patterns of malware instances. We extract the best-performing syntax-based features like permissions and API calls, and some semantics-based features like happen-befores and unwanted behaviours, and train classifiers using popular supervised and semi-supervised learning methods. By comparing their classification performance on industrial datasets collected across several years, we demonstrate that using semantics-based features can dramatically improve robustness of malware classifiers.
Original languageEnglish
Title of host publication9th ACM Conference on Security and Privacy in Wireless and Mobile Networks
Place of PublicationDarmstadt, Germany
PublisherACM
Pages147-158
Number of pages12
ISBN (Print)978-1-4503-4270-4
DOIs
Publication statusPublished - 18 Jul 2016
Event9th ACM Conference on Security and Privacy in Wireless and Mobile Networks 2016 - Darmstadt, Germany
Duration: 18 Jul 201620 Jul 2016
http://www.sigsac.org/wisec/WiSec2016/

Conference

Conference9th ACM Conference on Security and Privacy in Wireless and Mobile Networks 2016
Abbreviated titleWiSec 2016
Country/TerritoryGermany
CityDarmstadt
Period18/07/1620/07/16
Internet address

Fingerprint

Dive into the research topics of 'More Semantics More Robust: Improving Android Malware Classifiers'. Together they form a unique fingerprint.

Cite this