Paper Review Semantics Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs

High-level

Summary:

semantic-based approach that classifies An- droid malware via dependency graphs To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to construct feature sets. To fight against malware variants and zero-day malware, we introduce graph similarity metrics to uncover homogeneous application behaviors while tolerating minor implementation difference.

Evaluation:

We evaluate our system using 2200 malware samples and 13500 benign sam- ples. Experiments show that our signature detection can correctly label 93% of malware instances; our anomaly detector is capable of detecting zero-day malware with a low false negative rate (2%) and an acceptable false positive rate (5.15%) for a vetting purpose.

Takeaways:

Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based.

To quantify the similarity of two graphs, we first compute a graph edit distance.

Practical Value

What you can learn from this to make your research better?

Details and Problems From the presenters’ point of view, what questions might audience ask?

We build graph databases for two sets of behaviors: benign and malicious (not the exact behavior name?).

What is the graph (abstraction)? Weighted Contextual API Dependency Graphs

To address the scalability challenge, we utilize a bucket-based indexing scheme to improve search efficiency