N-opcode Analysis for Android Malware Classification and Categorization

Date

2016-06

Advisors

Journal Title

Journal ISSN

ISSN

Volume Title

Publisher

IEEE

Type

Conference

Peer reviewed

Yes

Abstract

Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

n-grams, machine learning, feature selection, android malware, malware detection, malware reverse engineering, dalvik bytecode, invasive software

Citation

Kang, B., Yerima, S. Y., McLaughlin, K., Sezer, S. (2016) N-opcode analysis for android malware classification and categorization. In: Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), London, UK. June 2016.

Rights

Research Institute

Cyber Technology Institute (CTI)