Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Visual Analysis of Android Malware Behavior Profile Based on : A Pruned Lightweight APP Call Graph

Download
151 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_23,
        author={Yan Zhang and Gui Peng and Lu Yang and Yazhe Wang and Minghui Tian and Jianxing Hu and Liming Wang and Chen Song},
        title={Visual Analysis of Android Malware Behavior Profile Based on : A Pruned Lightweight APP Call Graph},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Android malware analysis Malware visualization Machine learning Assisted manual analysis},
        doi={10.1007/978-3-319-78813-5_23}
    }
    
  • Yan Zhang
    Gui Peng
    Lu Yang
    Yazhe Wang
    Minghui Tian
    Jianxing Hu
    Liming Wang
    Chen Song
    Year: 2018
    Visual Analysis of Android Malware Behavior Profile Based on : A Pruned Lightweight APP Call Graph
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_23
Yan Zhang,*, Gui Peng,*, Lu Yang,*, Yazhe Wang,*, Minghui Tian,*, Jianxing Hu,*, Liming Wang1,*, Chen Song1,*
  • 1: Chinese Academy of Sciences
*Contact email: zhangyan@iie.ac.cn, penggui@iie.ac.cn, 13283023@bjtu.edu.cn, wangyazhe@iie.ac.cn, 15125043@bjtu.edu.cn, hujianxing@iie.ac.cn, wangliming@iie.ac.cn, songchen@iie.ac.cn

Abstract

In recent years, there is a sharp increasing in the number of malicious APPs on the Android platform, so how to identify new type of Android malware and its malicious behaviors has been a hot research topic in the security community. This paper presents a visualization framework to help security analysts precisely distinguish malicious profiles of APPs. By labeling target nodes, adding implicit call edges, pruning harmless branches, and a few other operations, we generate a new kind of call graph: . This graph not only has a sharp decrease in size comparing to the original APP call graph but also preserves the malicious core of malware well. Based on , visual interfaces are designed to assist users in checking the malicious behavior profile of samples with rich user interactive operations. We study real world samples to prove the usability and efficiency of our approach.