Abstract
A number of Android applications exhibit malicious behavior during certain periods of time and exhibit benign behavior at others. Such malicious applications may bypass existing techniques for detecting mobile malware which focus on identifying malicious behavior at a specific point in time. Building on the observation that many of these malicious behaviors are visible to users, we describe the design of a system that finds temporary unwanted behaviors by mining user reviews from the Google Play Store, which is the largest Android marketplace. We characterize the behavior of these applications and develop methods to predict which applications will turn malicious. Our best predictive models have an AUC of 0.86, false positive rate of 0.10 and true positive rate of 0.67. In addition, we assess our system’s robustness against adversaries who post fake reviews in order to poison our models.
| Original language | English (US) |
|---|---|
| Title of host publication | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Publisher | Springer Verlag |
| Pages | 405-431 |
| Number of pages | 27 |
| DOIs | |
| State | Published - 2018 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 11170 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Funding
Acknowledgements. Parts of this research were funded by ARO grants W911NF1410358 and W911NF1310421 and by ONR grants N000141512007, N000141612896, and N000141512742.
Keywords
- Android
- Cybersecurity
- Deception
- Malware detection
- Mobile malware
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science