International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

Detecting Mobile Malware with TMSVM

Download
237 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_35,
        author={Xi Xiao and Xianni Xiao and Yong Jiang and Qing Li},
        title={Detecting Mobile Malware with TMSVM},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Mobile malware TMSVM Dynamic analysis Static analysis Permission Control flow graph System call},
        doi={10.1007/978-3-319-23829-6_35}
    }
    
  • Xi Xiao
    Xianni Xiao
    Yong Jiang
    Qing Li
    Year: 2015
    Detecting Mobile Malware with TMSVM
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_35
Xi Xiao1,*, Xianni Xiao1,*, Yong Jiang1,*, Qing Li1,*
  • 1: Tsinghua University
*Contact email: xiaox@sz.tsinghua.edu.cn, sunny13940512@gmail.com, jiangy@sz.tsinghua.edu.cn, li.qing@sz.tsinghua.edu.cn

Abstract

With the rapid development of Android devices, mobile malware in Android becomes more prevalent. Therefore, it is rather important to develop an effective model for malware detection. Permissions, system calls, and control flow graphs have been proved to be important features in detection. In this paper, we utilize both static and dynamic strategies with a text classification method, TMSVM, to identify the mobile malware in these three aspects. At first, features have to be selected. Since the sum of control flow graphs is very large, Chi-Square method is used to get the key graphs. Then features are transformed into vectors and TMSVM is subsequently applied to get the classification result. In the static method, we firstly analyze permissions and control flow graphs respectively and then think of the combination of them. In the dynamic method, the system calls are considered. At last, based on the results of the static method and dynamic method, a hybrid classification model of three layers classification is proposed. Compared with the other methods, our method increases the TPR and decreases the FPR.