Android Malware Detection Using Kullback-Leibler Divergence

  • Vanessa N. Cooper
    Department of Computer Science, Kennesaw State University, Kennesaw, Georgia, USA vcooper3[at]students.kennesaw.edu
  • Hisham M. Haddad
    Department of Computer Science, Kennesaw State University, Kennesaw, Georgia, USA
  • Hossain Shahriar
    Department of Computer Science, Kennesaw State University, Kennesaw, Georgia, USA

Abstract

Many recent reports suggest that mareware applications cause high billing to victims by sending and receiving hidden SMS messages. Given that, there is a need to develop necessary technique to identify malicious SMS operations as well as differentiate between good and bad SMS operations within applications.In this paper, we apply Kullback-Leibler Divergence (KLD) as a distance metric to identify the difference between good and bad SMS operations. We develop a set of elements that represent sending or receiving of SMS messages, both legitimately and maliciously. Then, we compare the divergence of the trained set of elements. Our evaluation shows that the divergence between good and bad applications remains significantly high, whereas between two applications performing the same SMS operations remain low. We evaluate the proposed KLD-based concept for identifying a set of malware applications. The initial results show that our approach can identify all known malware and has less false positive warning.
  • Referencias
  • Cómo citar
  • Del mismo autor
  • Métricas
AARON, D. B. (2011, November 17). Google android passes 50% of Smartphone Sales. Bloomberg Businessweek. Retrieved August 21, 2013, from http://www.businessweek.com/news/2011-11-17/google2androidpasses-50-of-smartphone-sales-gartner-says.html.

BALDWIN, C. (2012, September 17). Android devices vulnerable to security breaches. ComputerWeekly.com. Retrieved August 21, 2013, from http://www.computerweekly.com/news/2240163351/Android-devicesvulnerable-to-security-breaches.

BIGI, B. (2003). Using Kullback-Leibler Distance for Text Categorization. Lecture Notes in Computer Science (LNCS). Volume 2633, 2003, pp. 305-319.

COOPER, V. N. (2014). Android Malware Detection Based on Kullback-Leibler Divergence", Invited Student Research Abstract to the SAC 2014 Student Research Competition (SRC) program. Proceedings of the ACMSIGAPP Conference on Applied Computing (SAC 2014), Gyeongju, Korea,March 2014, pp. 1695-1696.

COVER, T.& Thomas, J. Elements of Information Theory, John Wiley and Sons, 2006.

FUKUI, K., Sato, K., Mizusaki, J., & Numao, M. (2010). Kullback-Leibler Divergence Based Kernel SOM for Visualization of Damage Process on Fuel Cells. IEEE International Conference on Tools with Artificial Intelligence, October 2010, pp. 233-240.
http://dx.doi.org/10.1109/ICTAI.2010.41


LI, G. & Wang, Y. (2012). Differential Kullback-Leibler Divergence Based Anomaly Detection Scheme in Sensor Networks. In Proceedings of 12th IEEE International Conference on Computer and Information Technology (CIT), October 2012, pp. 966-970.

REZA, H. & Mazumder, N. (2012). A Secure Software Architecture for Mobile Computing. In Proceedings of the 9th International Conference on Information Technology- New Generations (ITNG 2012), Las Vegas, NV, pp. 566-571.
http://dx.doi.org/10.1109/ITNG.2012.122


PHONEPAYPLUS. (2013). Phonepayplus.org.uk. Retrieved August 21, 2013, from http://www.phonepayplus.org.uk.

SARKAR, Rama, G. & Kak, A. (2007). API-Based and Information-Theoretic Metrics for Measuring the Quality of Software Modularization. IEEE Transactions on Software Engineering, January 2007, Vol. 33, No. 1, pp. 14-32.
http://dx.doi.org/10.1109/TSE.2007.256942


TAPIADOR, J. & Clark, J. (2010). Information-Theoretic Detection of Masquerade Mimicry Attacks. In Proceedings of 4th International Conference on Network and System Security (NSS), September 2010, pp. 183-190.
http://dx.doi.org/10.1109/NSS.2010.55
Cooper, V. N., Haddad, H. M., & Shahriar, H. (2014). Android Malware Detection Using Kullback-Leibler Divergence. ADCAIJ: Advances in Distributed Computing and Artificial Intelligence Journal, 3(2), 17–25. https://doi.org/10.14201/ADCAIJ2014321725

Downloads

Download data is not yet available.

Author Biography

Hisham M. Haddad

,
Department of Computer Science, Kennesaw State University, Kennesaw, Georgia, USA
Department of Computer Science, Kennesaw State University, Kennesaw, Georgia, USA
+