Research Article
RAMSES: Revealing Android Malware Through String Extraction and Selection
@INPROCEEDINGS{10.1007/978-3-319-23829-6_34, author={Lautaro Dolberg and Quentin J\^{e}r\~{o}me and J\^{e}r\~{o}me Fran\`{e}ois and Radu State and Thomas Engel}, title={RAMSES: Revealing Android Malware Through String Extraction and Selection}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Android Malware Static analysis Detection Security}, doi={10.1007/978-3-319-23829-6_34} }- Lautaro Dolberg
Quentin Jérôme
Jérôme François
Radu State
Thomas Engel
Year: 2015
RAMSES: Revealing Android Malware Through String Extraction and Selection
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_34
Abstract
The relevance of malicious software targeting mobile devices has been increasing in recent years. Smartphones, tablet computers or embedded devices in general represent one of the most spread computing platform worldwide and an unsecure usage can cause unprecedented damage to private users, companies and public institutions. To help in identifying malicious software on mobile platforms, we propose RAMSES, an approach based on the static content stored as strings within an application. First we extract the contents of strings, transforming applications into documents, then using information retrieval techniques, we select the most relevant features based on frequency metrics, and finally we classify applications using machine learning algorithms relying on such features. We evaluate our methods using real datasets of Android applications and show promising results for detection.