Revealing Similarities in Android Malware by Dissecting their Methods

Revealing Similarities in Android Malware by Dissecting their Methods

One of the most challenging problems in the fight against Android malware is finding a way to classify them according to their behavior, in order to be able to utilize previously gathered knowledge in analysis and prevention.In this paper we introduce a novel technique that discovers similarities be...

Full description

Saved in:
Bibliographic Details
Published in:2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) pp. 625 - 634
Main Authors: Pasetto, Michele, Marastoni, Niccolo, Preda, Mila Dalla
Format: Conference Proceeding
Language:English
Published: IEEE 01-09-2020
Subjects:
Android Malware
Program Analysis
Similarity
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:One of the most challenging problems in the fight against Android malware is finding a way to classify them according to their behavior, in order to be able to utilize previously gathered knowledge in analysis and prevention.In this paper we introduce a novel technique that discovers similarities between Android malware samples by comparing fragments of executed traces (strands) generated from their most suspect methods. This way we can accurately pinpoint which (possibly) malicious behaviors are shared between these different samples, allowing for easier analysis and classification.We implement this approach in a tool, StrAndroid, that we evaluate on a few dataset of malware and ransomware samples, comparing its results to an existing similarity tool.
DOI:10.1109/EuroSPW51379.2020.00090