• DocumentCode
    680921
  • Title

    Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests

  • Author

    Glodek, William ; Harang, Richard

  • fYear
    2013
  • fDate
    18-20 Nov. 2013
  • Firstpage
    980
  • Lastpage
    985
  • Abstract
    The explosion in mobile malware has led to the need for early, rapid detection mechanisms that can detect malware and identify risky applications prior to their deployment on end-user devices without the high cost of manual static and dynamic analysis. Previous work has shown that specific combinations of Android permissions, intents, broadcast receivers, native code and embedded applications can be effectively used to identify potentially malicious applications. We extend this work by using frequent combinations of such attributes as training features for random decision forest classification of malicious and benign applications. We demonstrate that using combinations of frequently-occuring permissions in this manner significantly improves previous results, and provides true positive rates in excess of 90% while maintaining tractable false positive rates. This is true even with novel malware that is not reliably detected at the time of release by conventional anti-malware tools. In addition, the auxiliary information generated by the random decision forest algorithm provides useful insights into the key indicators of malicious activity and the functionality of the associated malware.
  • Keywords
    decision trees; invasive software; mobile computing; random processes; Android permissions; benign application; broadcast receivers; malicious application; mobile malware; native code; random decision forest classification; random decision forests; rapid permissions-based analysis; rapid permissions-based detection; Androids; Humanoid robots; Malware; Mobile communication; Operating systems; Smart phones; android; machine learning; mobile malware; random decision forest;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Military Communications Conference, MILCOM 2013 - 2013 IEEE
  • Conference_Location
    San Diego, CA
  • Type

    conf

  • DOI
    10.1109/MILCOM.2013.170
  • Filename
    6735751