Go to OpenReview Archive homepageDroidSieve: Fast and Accurate Classification of Obfuscated Android Malware
Abstract: With more than two million applications, Android marketplaces require automatic and scalable methods to efficiently
vet apps for the absence of malicious threats. Recent techniques have successfully relied on the extraction of lightweight
syntactic features suitable for machine learning classification,
but despite their promising results, the very nature of such
features suggest they would unlikely—on their own—be suitable for detecting obfuscated Android malware. To address
this challenge, we propose DroidSieve, an Android malware
classifier based on static analysis that is fast, accurate, and
resilient to obfuscation. For a given app, DroidSieve first
decides whether the app is malicious and, if so, classifies it as
belonging to a family of related malware. DroidSieve exploits
obfuscation-invariant features and artifacts introduced by
obfuscation mechanisms used in malware. At the same time,
these purely static features are designed for processing at
scale and can be extracted quickly. For malware detection,
we achieve up to 99.82% accuracy with zero false positives;
for family identification of obfuscated malware, we achieve
99.26% accuracy at a fraction of the computational cost of
state-of-the-art techniques.
0 Replies
Loading