Program Structure-Based Feature Selection for Android Malware Analysis

  • Andrew Walenstein
  • Luke Deshotels
  • Arun Lakhotia
Conference paper

DOI: 10.1007/978-3-642-33392-7_5

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 107)
Cite this paper as:
Walenstein A., Deshotels L., Lakhotia A. (2012) Program Structure-Based Feature Selection for Android Malware Analysis. In: Schmidt A.U., Russello G., Krontiris I., Lian S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg

Introduction

Zhou and Jiang [1] extensively surveyed and analyzed Android malware and found that 86% of the malware collected incorporated repackaged benign applications, and that many of them utilized common advertisement libraries. Such benign code reuse in malware can be expected to cause automated classification and clustering approaches to fail if they base their decisions on features relating to the reused code. To improve detection, classification, and clustering, feature selection from mobile malware must not be naïve, but must instead utilize knowledge of malicious program semantics and structure. We propose an approach for selecting features of mobile malware by using knowledge of malicious program structure to heuristically identify malicious portions of applications.

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Andrew Walenstein
    • 1
  • Luke Deshotels
    • 2
  • Arun Lakhotia
    • 2
  1. 1.Center for Advanced Computer StudiesUniversity of Louisiana at LafayetteLafayetteUSA
  2. 2.School of Computing and InformaticsUniversity of Louisiana at LafayetteLafayetteUSA

Personalised recommendations