Mobile malware visual analytics and similarities of Attack Toolkits (Malware gene analysis)

Author

Paturi, Anand ; Cherukuri, Manoj ; Donahue, Jeff ; Mukkamala, Srinivas

fYear

2013

fDate

20-24 May 2013

Firstpage

149

Lastpage

154

Abstract

We use Normalized Compression Distance (NCD) (owing to its capabilities to perform similarity measure of unstructured data) to enumerate code similarity between malicious Android apps and visualize their clusters. Our classification methods and visual analytics can help the antivirus community to ensure that a variant of a known malware can still be detected without the need of creating a signature. We also present when a new malware is released, our methods can be used to understand the similarity/behavior with known malware families.

Keywords

data analysis; data visualisation; invasive software; mobile computing; operating systems (computers); Android application; NCD; attack toolkit; code similarity; data similarity measure; malware family; malware gene analysis; mobile malware; normalized compression distance; visual analytics; Androids; Feature extraction; Humanoid robots; Mobile communication; Trojan horses; Vectors; NCD; attack toolkits; component mobile malware; cosine similarity; similarity measures; web malware;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaboration Technologies and Systems (CTS), 2013 International Conference on

Conference_Location

San Diego, CA

Print_ISBN

978-1-4673-6403-4

Type

conf

DOI

10.1109/CTS.2013.6567221

Filename

6567221