m arvin efficient and comprehensive mobile app
play

M ARVIN : Efficient And Comprehensive Mobile App Classification - PowerPoint PPT Presentation

Aug 22, 2022 •141 likes •394 views

M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic Analysis Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer SBA Research, Vienna, Austria IBM Research, Zurich, Switzerland International

  1. M ARVIN : Efficient And Comprehensive Mobile App Classification 
 Through Static and Dynamic Analysis Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer SBA Research, Vienna, Austria IBM Research, Zurich, Switzerland International Secure Systems Lab, Vienna University of Technology, Austria

  2. State of Mobile Malware Martina Lindorfer: M ARVIN (COMPSAC 2015) 2

  3. Real or Fake Flappy Bird App? Origin ? Reviews Permissions Appverify Antivirus Martina Lindorfer: M ARVIN (COMPSAC 2015) 3

  4. Use Cases 2:30 SELECT * FROM ¡ apps ¡ ¡ ¡ ¡ ¡ ¡ WHERE ¡ malice_score > 5.0 ¡ ¡ ¡ ¡ ¡ AND ¡ has_nw_traffic = True ¡ ... Martina Lindorfer: M ARVIN (COMPSAC 2015) 4

  5. Outline • App Classification App Classification • Evaluation • Future Work and Conclusion Martina Lindorfer: M ARVIN (COMPSAC 2015) 5

  6. Classification Goals • Use machine learning to classify Android apps • Address grey area between malware and goodware - Provide user with a malice score from 0 to 10 • Address drawbacks of related work - Only consider static features - Trained and evaluated on very small dataset - Do not account for history of dataset • Long-term practicality through efficient retraining Martina Lindorfer: M ARVIN (COMPSAC 2015) 6

  7. System Overview Reference Apps End-User Apps Feature Extraction Feature Training Model Selection Static Analysis TRAINING MODE CLASSIFICATION MODE Dynamic Analysis Classification Malice Score Martina Lindorfer: M ARVIN (COMPSAC 2015) 7

  8. Static vs. Dynamic Analysis • Static analysis… - code is not executed - all possible branches can be examined (in theory) - quite fast • Problems of static analysis… - undecidable in general case, approximations necessary - obfuscated & packed code - self-modifying code - code (down)loaded at runtime Martina Lindorfer: M ARVIN (COMPSAC 2015) 8

  9. Static vs. Dynamic Analysis • Dynamic analysis… - code is executed - sees behavior that is actually executed - sees dynamically loaded code • Problems of dynamic analysis… - in general, single path is examined - analysis environment possibly not invisible - scalability issues Combine features from static AND dynamic analysis Martina Lindorfer: M ARVIN (COMPSAC 2015) 9

  10. Feature Extraction in A NDRUBIS • Extended A NDRUBIS app analysis sandbox [BADGERS2014] • Static Analysis - Required/Used permissions, Activities, Services, Receivers, … - Certificate metadata (owner, validity, …) - Included libraries • Dynamic Analysis - File/network/phone activities - Cryptographic operations - Leaked data - Loading of dynamic code (DEX and native code) • Output: Sparse feature vector of binary features Martina Lindorfer: M ARVIN (COMPSAC 2015) 10

  11. System Overview Reference Apps End-User Apps Feature Extraction Feature Training Model Selection Static Analysis TRAINING MODE CLASSIFICATION MODE Dynamic Analysis Classification Malice Score Martina Lindorfer: M ARVIN (COMPSAC 2015) 11

  12. Classification Challenges • High-dimensional feature space - Explicit feature selection: 
 Order features by discriminative power (F-Score) - Implicit feature selection: 
 Order features by weights from classifier • Sparse data • Grey area between malware and goodware - Classifier outputs probability that sample belongs to class - Scale probability in interval [0,10] • Performance Experiments with SVM and linear classifier with different regularization methods Martina Lindorfer: M ARVIN (COMPSAC 2015) 12

  13. Outline • App Classification • Evaluation Evaluation • Future Work and Conclusion Martina Lindorfer: M ARVIN (COMPSAC 2015) 13

  14. Evaluation Overview • Large training and testing sets - Set of goodware apps from Google Play Store - Set of known malware with AV labels from VirusTotal - 135,823 unique Android applications (15,741 known malware) Goals: 1. Evaluate accuracy of different classifiers 2. Evaluate performance (market-scale classification) 3. Evaluate long-term practicality - History of samples in dataset matters [ESSoS2015] - Estimate retraining intervals and efficiency 4. Evaluate most distinguishing features Martina Lindorfer: M ARVIN (COMPSAC 2015) 14

  15. Classification Accuracy • Accuracy of 99.83% overall • 0.0275% false positives • 1.3543% false negative • Bayesian detection rate of 98.24% Martina Lindorfer: M ARVIN (COMPSAC 2015) 15

  16. 
 Market-Scale Classification ~ 1,500,000 apps in Google Play —> Best config: 58.5 false alarms —> Worst config: 471 false alarms Martina Lindorfer: M ARVIN (COMPSAC 2015) 16

  17. Market-Scale Classification Google Play: up to 45,000 new apps per month Our current capacity: 3,500 apps/day Martina Lindorfer: M ARVIN (COMPSAC 2015) 17

  18. Long-Term Practicality (Less Features) Martina Lindorfer: M ARVIN (COMPSAC 2015) 18

  19. Long-Term Practicality (More Features) Martina Lindorfer: M ARVIN (COMPSAC 2015) 19

  20. Distinguishing Features • Gain insights into classification through F-Score/feature weights • Features most relevant for classification of malware: - Required/Used permissions - Certificates - SMS-related features - Information leaks - Dynamic code loading - Network activity and contacted hosts Martina Lindorfer: M ARVIN (COMPSAC 2015) 20

  21. Outline • App Classification • Evaluation • Future Work and Conclusion Future Work and Conclusion Martina Lindorfer: M ARVIN (COMPSAC 2015) 21

  22. Future Work • Dynamic features++ - System-level events from native code analysis - More intelligent, user-like UI interactions • Static features ++ - Meta info in app markets from AndRadar [DIMVA2014] • Interception of app installation process • Defence against analysis evasion (arms race) Martina Lindorfer: M ARVIN (COMPSAC 2015) 22

  23. Conclusion • Classification of Android apps using machine learning - Based on static AND dynamic features - Represented as a malice score • Large-scale evaluation on over 135,000 apps - Correctly classifies 98.24% of malware samples - Very low positives of < 0.04% - Retraining to maintain accuracy • Publicly available for submissions through web interface and dedicated mobile app Martina Lindorfer: M ARVIN (COMPSAC 2015) 23

  24. 
 Questions? email mlindorfer@iseclab.org 
 andrubis@iseclab.org twitter @iseclaborg http http://www.iseclab.org/people/mlindorfer https://anubis.iseclab.org https://play.google.com/store/apps/details?id=org.iseclab.andrubis Martina Lindorfer: M ARVIN (COMPSAC 2015) 24

  25. References [BADGERS2014] Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, Christian Platzer 
 Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors 
 International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014. [ESSoS2015] Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon 
 Are Your Training Datasets Yet Relevant? 
 International Symposium on Engineering Secure Software and Systems (ESSoS), 2015. [DIMVA2014] Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis 
 AndRadar: Fast Discovery of Android Applications in Alternative Markets 
 Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2014. Martina Lindorfer: M ARVIN (COMPSAC 2015) 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Energy-efficient Trajectory Tracking for Mobile Devices Based on &quot;Energy-efficient

Energy-efficient Trajectory Tracking for Mobile Devices Based on &quot;Energy-efficient

Energy-efficient Trajectory Tracking for Mobile Devices Based on &quot;Energy-efficient Trajectory Tracking for Mobile Devices&quot; by M. B. Kjrgaard, Sourav Bhattacharya, Henrik Blunck, Petteri Nurmi Krzysztof Winiewski Trajectory

429 views • 40 slides
Webinar for NYCHA Residents May 7, 2019 Mar arlon on F For orbes Mar arvin J Jean an-Ja

Webinar for NYCHA Residents May 7, 2019 Mar arlon on F For orbes Mar arvin J Jean an-Ja

Webinar for NYCHA Residents May 7, 2019 Mar arlon on F For orbes Mar arvin J Jean an-Ja Jacques Dewayne J e Jolly ly Deputy Director Mold Administrator Healthy Homes Program Office of Mold Assessment T echnical Services NYC

252 views • 24 slides
Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks Himabindu Pucha, Saumitra Das, Y. Charlie Hu Distributed Systems and Networking Lab, School of ECE, Purdue University 1 Mobile ad hoc networks (MANETs)

1.17k views • 32 slides
The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial

The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial

The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial System Decades of research: efficient financial systems are key to economic growth and poverty reduction One major reason financial markets in the

899 views • 23 slides
A COMPREHENSIVE SOLUTION FOR EFFICIENT COMBUSTION SIMULATION WITH DETAILED CHEMISTRY

A COMPREHENSIVE SOLUTION FOR EFFICIENT COMBUSTION SIMULATION WITH DETAILED CHEMISTRY

DARS FUELS A COMPREHENSIVE SOLUTION FOR EFFICIENT COMBUSTION SIMULATION WITH DETAILED CHEMISTRY FABIAN MAUSS Demands on kinetic models Combination of different fuel components for most realistic surrogate fuels

564 views • 22 slides
Mobile and Manufactured Home Park Preservation Comprehensive Plan Amendment Plan Commission

Mobile and Manufactured Home Park Preservation Comprehensive Plan Amendment Plan Commission

Mobile and Manufactured Home Park Preservation Comprehensive Plan Amendment Plan Commission Workshop 4/8/2015 Comprehensive Plan Amendment Add a new land use policy in the Comprehensive Plan, Chapter 3, Land Use. Policy 1.x Mobile Home

335 views • 30 slides
Energy-efficient parallel software for mobile hand-held devices Antti P Miettinen , Nokia Research

Energy-efficient parallel software for mobile hand-held devices Antti P Miettinen , Nokia Research

Energy-efficient parallel software for mobile hand-held devices Antti P Miettinen , Nokia Research Center Vesa Hirvisalo, Helsinki University of Technology Mobile-phone view to parallel SW Parallel == efficient? Not always

283 views • 9 slides
Coalition Formation towards Energy-Efficient Collaborative Mobile Computing Liyao Xiang , Baochun

Coalition Formation towards Energy-Efficient Collaborative Mobile Computing Liyao Xiang , Baochun

Coalition Formation towards Energy-Efficient Collaborative Mobile Computing Liyao Xiang , Baochun Li, Bo Li Aug. 3, 2015 Collaborative Mobile Computing Mobile offloading: migrating the computation-intensive portion of an app to the cloud to

399 views • 20 slides
A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity

A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity

2016 IEEE 12th International Conference on eScience, Baltimore A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity Management Amir Sinaeepourfard, Jordi Garcia , Xavier Masip-Bruin, Eva Marn-Tordera

335 views • 15 slides
NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking Anastasia Shuba Athina

NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking Anastasia Shuba Athina

NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking Anastasia Shuba Athina Markopoulou Zubair Shafiq UC Irvine UC Irvine University of Iowa Motivation Issues with Mobile Ads: 1. Intrusive 2. Overhead 3. Tracking 4. Malware

859 views • 27 slides
A Highly Efficient and Comprehensive Image Processing Library for C ++ -based High-Level Synthesis

A Highly Efficient and Comprehensive Image Processing Library for C ++ -based High-Level Synthesis

A Highly Efficient and Comprehensive Image Processing Library for C ++ -based High-Level Synthesis M. Akif zkan, Oliver Reiche, Frank Hannig, and Jrgen Teich Hardware/Software Co-Design, Friedrich-Alexander University Erlangen-Nrnberg FSP

572 views • 45 slides
Quantum Coarse-graining behind black holes Arvin Shahbazi-Moghaddam with Ven Chandrasekaran and

Quantum Coarse-graining behind black holes Arvin Shahbazi-Moghaddam with Ven Chandrasekaran and

Quantum Coarse-graining behind black holes Arvin Shahbazi-Moghaddam with Ven Chandrasekaran and Raphael Bousso Berkeley June 4th, 2019 Black hole second law A Black holes are thermodynamic objects with S BH = 4 G Black hole second law

636 views • 32 slides
An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction

An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction

An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction Techniques S. C. Chen, C. R. Dow, P.J. Lin, and S. F. Hwang Department of Information Engineering and Computer Science, Feng Chia University 1 Outline

656 views • 24 slides
FlexDNN: Input-Adaptive On-Device Deep Learning for Efficient Mobile Vision ACM/IEEE Symposium on

FlexDNN: Input-Adaptive On-Device Deep Learning for Efficient Mobile Vision ACM/IEEE Symposium on

FlexDNN: Input-Adaptive On-Device Deep Learning for Efficient Mobile Vision ACM/IEEE Symposium on Edge Computing (SEC) Biyi Fang, Xiao Zeng, Faen Zhang, Hui Xu and Mi Zhang 1 Mobile Vision Systems are Revolutionizing Our Lives Now Drones

418 views • 20 slides
R goes Mobile: Efficient Scheduling for Parallel R Programs on Heterogeneous Embedded Systems

R goes Mobile: Efficient Scheduling for Parallel R Programs on Heterogeneous Embedded Systems

R goes Mobile: Efficient Scheduling for Parallel R Programs on Heterogeneous Embedded Systems Helena Kotthaus, Andreas Lang Olaf Neugebauer, Peter Marwedel 03/07/2017 SFB 876 Parallel Machine Learning Algorithms Challenge: Regression Model

299 views • 15 slides
Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie

Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie

Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie Chalopin, Shantanu Das, Yann Disser, Daniel Graf, Jan Hackfeld, Paolo Penna Department of Computer Science Motivation / Toy model 7 /100 km 6

535 views • 50 slides
Jailbreaking CS 161: Computer Security Prof. David Wagner April 27, 2016 Types of attacks

Jailbreaking CS 161: Computer Security Prof. David Wagner April 27, 2016 Types of attacks

Jailbreaking CS 161: Computer Security Prof. David Wagner April 27, 2016 Types of attacks Jailbreaking Rooting Unlocking iOS Jailbreak iPhone used a protocol which allowed iTunes to write arbitrary files on iPhones filesystem

151 views • 12 slides
Code Reusability Tools for Programming Mobile Robots Carle Ct, Dominic Ltourneau,

Code Reusability Tools for Programming Mobile Robots Carle Ct, Dominic Ltourneau,

Code Reusability Tools for Programming Mobile Robots Carle Ct, Dominic Ltourneau, Franois Michaud, Jean-Marc Valin, Yannick Brosseau, Clment Raevsky, Mathieu Lemay, Victor Tran LABORIUS Department of Electrical Engineering and

443 views • 17 slides
PerfProbe: A Systematic, Cross-Layer Performance Diagnosis Framework for Mobile Platforms David

PerfProbe: A Systematic, Cross-Layer Performance Diagnosis Framework for Mobile Platforms David

PerfProbe: A Systematic, Cross-Layer Performance Diagnosis Framework for Mobile Platforms David Ke Hong , Ashkan Nikravesh, Z. Morley Mao, Mahesh Ketkar, and Michael Kishinevsky. 1 Unpredictable performance problem How to effectively

389 views • 28 slides
Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German

Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German

Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German Day 20.11.2018 Carlos Holguera $ whoami Carlos Holguera [olera] Security Engineer working at ESCRYPT GmbH since 2012 Area of expertise:

790 views • 56 slides
Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in

Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in

Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in using VANTS: 1-800-767-1750 pc: 43950# Thank you for joining. We will begin shortly. VA Mobile Discussion Series: Minding our Veterans: Using

302 views • 11 slides
WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO SimiCart.com| Magento in a mobile app Agenda - Opportunities to come - Hurdles to overcome - Build mobile apps. Without mobile coding - Q&amp;A

570 views • 23 slides
Visual communication in a mobile world N I A L L H A N L O N , C L I E N T S O L U T I O N S

Visual communication in a mobile world N I A L L H A N L O N , C L I E N T S O L U T I O N S

Visual communication in a mobile world N I A L L H A N L O N , C L I E N T S O L U T I O N S M A N A G E R ( R E TA I L ) 1 Key Trends 1 2 3 360 Videos Photos Text Mobile behavior is no non-li linear ear 6:00 7:30 9:00 10:30

702 views • 20 slides
THE YEAR AHEAD Mobile Content and Commerce Trends 2014 Global trade association representing

THE YEAR AHEAD Mobile Content and Commerce Trends 2014 Global trade association representing

THE YEAR AHEAD Mobile Content and Commerce Trends 2014 Global trade association representing companies from across the mobile ecosystem To advance, protect and champion mobile as an entertainment, engagement and commerce platform

300 views • 11 slides

More recommend