App fingerprints can be used to verify whether two apps are the same, and are useful tools for malware detection because they can allow to recognize obfuscated versions of known malware. Fingerprinting an app on the base of static features is known to fail against obfuscation, as it is successful in hiding the static characteristics that reveal the malicious nature of an app. In this paper we propose a novel way to compute app fingerprints, which is based on behavioral features. The aim is to capture the semantics of the app, so that obfuscation results ineffective. The technique we introduce exploits invariants, found among pairs of metrics, collected during app execution, and produces a fingerprint consisting of the list of the correlation values of these pairs. We present an experimental evaluation carried out on a real Android device, whose obtained results support the methodology we propose, and show it can be a viable research direction to investigate further.
Towards the usage of invariant-based app behavioral fingerprinting for the detection of obfuscated versions of known malware / Shehu, Zigrid; Ciccotelli, Caludio; Ucci, Daniele; Aniello, Leonardo; Baldoni, Roberto. - STAMPA. - (2016), pp. 121-126. (Intervento presentato al convegno 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016 tenutosi a Cardiff, Wales; United Kingdom nel 24-26 August 2016) [10.1109/NGMAST.2016.16].
Towards the usage of invariant-based app behavioral fingerprinting for the detection of obfuscated versions of known malware
CICCOTELLI , CALUDIO;UCCI, DANIELE;ANIELLO, LEONARDO;BALDONI, Roberto
2016
Abstract
App fingerprints can be used to verify whether two apps are the same, and are useful tools for malware detection because they can allow to recognize obfuscated versions of known malware. Fingerprinting an app on the base of static features is known to fail against obfuscation, as it is successful in hiding the static characteristics that reveal the malicious nature of an app. In this paper we propose a novel way to compute app fingerprints, which is based on behavioral features. The aim is to capture the semantics of the app, so that obfuscation results ineffective. The technique we introduce exploits invariants, found among pairs of metrics, collected during app execution, and produces a fingerprint consisting of the list of the correlation values of these pairs. We present an experimental evaluation carried out on a real Android device, whose obtained results support the methodology we propose, and show it can be a viable research direction to investigate further.| File | Dimensione | Formato | |
|---|---|---|---|
|
Shehu_Towards-the-Usage_2015.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
224.74 kB
Formato
Adobe PDF
|
224.74 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
