Anomaly-based Mobile Malware Detection: System Calls as Source for Features

Dominik Teubert; Fred Grossmann; Ulrike Meyer

doi:10.5220/0005652900260036

Anomaly-based Mobile Malware Detection: System Calls as Source for Features

Dominik Teubert, Fred Grossmann, Ulrike Meyer

2016

Abstract

Mobile malware nowadays poses a serious threat to end users of mobile devices. Machine learning techniques have a great potential to automate the detection of mobile malware. However, prior work in this area mostly focused on using classifiers that require training with data from both the benign as well as the malicious class. As a consequence, training these models requires feature extraction from large amounts of mobile malware, a task that becomes increasingly difficult considering the obfuscation and emulator detection capabilities of modern mobile malware. In this paper we propose the use of one-class classifiers. The advantage of using these models is that they are exclusively trained with data from the benign class. In particular, we compare generative as well as discriminative modeling approaches, namely Hidden Markov Models and one-class Support Vector Machines. We use system calls as source for our features and compare the discriminatory power of binary feature vectors, frequency vectors, as well as temporally ordered sequences of system calls.

Download

Paper Citation

in Harvard Style

Teubert D., Grossmann F. and Meyer U. (2016). Anomaly-based Mobile Malware Detection: System Calls as Source for Features . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 26-36. DOI: 10.5220/0005652900260036

in Bibtex Style

@conference{icissp16,
author={Dominik Teubert and Fred Grossmann and Ulrike Meyer},
title={Anomaly-based Mobile Malware Detection: System Calls as Source for Features},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={26-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005652900260036},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Anomaly-based Mobile Malware Detection: System Calls as Source for Features
SN - 978-989-758-167-0
AU - Teubert D.
AU - Grossmann F.
AU - Meyer U.
PY - 2016
SP - 26
EP - 36
DO - 10.5220/0005652900260036