EnMobile: Entity-based Characterization and Analysis of Mobile Malware

Wei Yang, Mukul R. Prasad, Tao Xie

Research output: Contribution to journalConference articlepeer-review

Abstract

Modern mobile malware tend to conduct their malicious exploits through sophisticated patterns of interactions that involve multiple entities, e.g., the mobile platform, human users, and network locations. Such malware often evade the detection by existing approaches due to their limited expressiveness and accuracy in characterizing and detecting these malware. To address these issues, in this paper, we recognize entities in the environment of an app, the app’s interactions with such entities, and the provenance of these interactions, i.e., the intent and ownership of each interaction, as the key to comprehensively characterizing modern mobile apps, and mobile malware in particular. With this insight, we propose a novel approach named EnMobile including a new entity-based characterization of mobile-app behaviors, and corresponding static analyses, to accurately characterize an app’s interactions with entities. We implement EnMobile and provide a practical application of EnMobile in a signature-based scheme for detecting mobile malware. We evaluate EnMobile on a set of 6614 apps consisting of malware from Genome and Drebin along with benign apps from Google Play. Our results show that EnMobile detects malware with substantially higher precision and recall than four state-of-the-art approaches, namely Apposcopy, Drebin, MUDFLOW, and AppContext.

Original languageEnglish (US)
Pages (from-to)384-394
Number of pages11
JournalProceedings - International Conference on Software Engineering
Volume2018-January
DOIs
StatePublished - 2018
Event40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden
Duration: May 27 2018Jun 3 2018

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'EnMobile: Entity-based Characterization and Analysis of Mobile Malware'. Together they form a unique fingerprint.

Cite this