Breaking bad: Forecasting adversarial android bad behavior

Shang Li, Srijan Kumar, Tudor Dumitras, V. S. Subrahmanian*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

A number of Android applications exhibit malicious behavior during certain periods of time and exhibit benign behavior at others. Such malicious applications may bypass existing techniques for detecting mobile malware which focus on identifying malicious behavior at a specific point in time. Building on the observation that many of these malicious behaviors are visible to users, we describe the design of a system that finds temporary unwanted behaviors by mining user reviews from the Google Play Store, which is the largest Android marketplace. We characterize the behavior of these applications and develop methods to predict which applications will turn malicious. Our best predictive models have an AUC of 0.86, false positive rate of 0.10 and true positive rate of 0.67. In addition, we assess our system’s robustness against adversaries who post fake reviews in order to poison our models.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages405-431
Number of pages27
DOIs
StatePublished - 2018
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11170 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • Android
  • Cybersecurity
  • Deception
  • Malware detection
  • Mobile malware

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Breaking bad: Forecasting adversarial android bad behavior'. Together they form a unique fingerprint.

Cite this