Anomaly-based Mobile Malware Detection: System Calls as Source for Features
Dominik Teubert, Fred Grossmann, Ulrike Meyer
2016
Abstract
Mobile malware nowadays poses a serious threat to end users of mobile devices. Machine learning techniques have a great potential to automate the detection of mobile malware. However, prior work in this area mostly focused on using classifiers that require training with data from both the benign as well as the malicious class. As a consequence, training these models requires feature extraction from large amounts of mobile malware, a task that becomes increasingly difficult considering the obfuscation and emulator detection capabilities of modern mobile malware. In this paper we propose the use of one-class classifiers. The advantage of using these models is that they are exclusively trained with data from the benign class. In particular, we compare generative as well as discriminative modeling approaches, namely Hidden Markov Models and one-class Support Vector Machines. We use system calls as source for our features and compare the discriminatory power of binary feature vectors, frequency vectors, as well as temporally ordered sequences of system calls.
DownloadPaper Citation
in Harvard Style
Teubert D., Grossmann F. and Meyer U. (2016). Anomaly-based Mobile Malware Detection: System Calls as Source for Features . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 26-36. DOI: 10.5220/0005652900260036
in Bibtex Style
@conference{icissp16,
author={Dominik Teubert and Fred Grossmann and Ulrike Meyer},
title={Anomaly-based Mobile Malware Detection: System Calls as Source for Features},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={26-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005652900260036},
isbn={978-989-758-167-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Anomaly-based Mobile Malware Detection: System Calls as Source for Features
SN - 978-989-758-167-0
AU - Teubert D.
AU - Grossmann F.
AU - Meyer U.
PY - 2016
SP - 26
EP - 36
DO - 10.5220/0005652900260036