Structural information based malicious app similarity calculation and clustering
- Authors
- Kim, Junhyoung; Kim, Tae Guen; Im, Eul Gyu
- Issue Date
- Oct-2015
- Publisher
- Association for Computing Machinery, Inc
- Keywords
- Android; Clustering; Function matching; Malware analysis
- Citation
- Proceeding of the 2015 Research in Adaptive and Convergent Systems, RACS 2015, pp.314 - 318
- Indexed
- SCOPUS
- Journal Title
- Proceeding of the 2015 Research in Adaptive and Convergent Systems, RACS 2015
- Start Page
- 314
- End Page
- 318
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/156197
- DOI
- 10.1145/2811411.2811545
- ISSN
- 0000-0000
- Abstract
- Depending on expansion of supply of smartphone, development of mobile application is more active using various mobile platform. As a result of malicious applications, but also targeting the mobile it is rapidly increasing. In this paper, method of Android malware similarity and clustering. First, there is a need for a process for extracting the control flow graph in an Android application. By extract the control flow graph, we form structural information of methods in Android application called'4-tuple'. After we create the structural information extracted from the control flow graph it is necessary to compare the matching process. Matching process we propose has two steps, 'initial matching' and 'second matching'. Initial matching step is the process of matching the'4-tuple' information but not exactly same with each other only a single in Android application. Second matching step is process of matching in the same way as the initial matching target method that calling its method and method that is invoked. Finally, it measure the ratio of the total number of method in Android application and matched method after initial matching and second matching. Finally, it measure the ratio of the total number of method in Android application and matched method after initial matching and second matching. We proceeds clustering using the above process. Based on previous studies, we used the DBSCAN algorithm for clustering. It was 65.8% average using the structural information of the result of the clustering.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.