HinDroid
Top Cited Papers
- 13 August 2017
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 1507-1515
- https://doi.org/10.1145/3097983.3098026
Abstract
With explosive growth of Android malware and due to the severity of its damages to smart phone users, the detection of Android malware has become increasingly important in cybersecurity. The increasing sophistication of Android malware calls for new defensive techniques that are capable against novel threats and harder to evade. In this paper, to detect Android malware, instead of using Application Programming Interface (API) calls only, we further analyze the different relationships between them and create higher-level semantics which require more effort for attackers to evade the detection. We represent the Android applications (apps), related APIs, and their rich relationships as a structured heterogeneous information network (HIN). Then we use a meta-path based approach to characterize the semantic relatedness of apps and APIs. We use each meta-path to formulate a similarity measure over Android apps, and aggregate different similarities using multi-kernel learning. Then each meta-path is automatically weighted by the learning algorithm to make predictions. To the best of our knowledge, this is the first work to use structured HIN for Android malware detection. Comprehensive experiments on real sample collections from Comodo Cloud Security Center are conducted to compare various malware detection approaches. Promising experimental results demonstrate that our developed system HinDroid outperforms other alternative Android malware detection techniques.Keywords
Funding Information
- U.S. National Science Foundation (CNS-1618629)
This publication has 11 references indexed in Scilit:
- DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call BlocksPublished by Springer Science and Business Media LLC ,2016
- Evaluation of Android Malware Detection Based on System CallsPublished by Association for Computing Machinery (ACM) ,2016
- Transferring heterogeneous links across location-based social networksPublished by Association for Computing Machinery (ACM) ,2014
- DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android ApplicationsLecture Notes in Computer Science, 2014
- Predicting Social Links for New Users across Aligned Heterogeneous Social NetworksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Machine Learning for Android Malware Detection Using Permission and API CallsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- MobSafe: cloud computing based forensic analysis for massive mobile applications using data miningTsinghua Science and Technology, 2013
- Inferring anchor links across multiple heterogeneous social networksPublished by Association for Computing Machinery (ACM) ,2013
- CrowdroidPublished by Association for Computing Machinery (ACM) ,2011
- A survey of mobile malware in the wildPublished by Association for Computing Machinery (ACM) ,2011