An analysis of android malware classification services

2Citations
Citations of this article
34Readers
Mendeley users who have this article in their library.

Abstract

The increasing number of Android malware forced antivirus (AV) companies to rely on automated classification techniques to determine the family and class of suspicious samples. The research community relies heavily on such labels to carry out prevalence studies of the threat ecosystem and to build datasets that are used to validate and benchmark novel detection and classification methods. In this work, we carry out an extensive study of the Android malware ecosystem by surveying white papers and reports from 6 key players in the industry, as well as 81 papers from 8 top security conferences, to understand how malware datasets are used by both. We, then, explore the limitations associated with the use of available malware classification services, namely VirusTotal (VT) engines, for determining the family of an Android sample. Using a dataset of 2.47 M Android malware samples, we find that the detection coverage of VT’s AVs is generally very low, that the percentage of samples flagged by any 2 AV engines does not go beyond 52%, and that common families between any pair of AV engines is at best 29%. We rely on clustering to determine the extent to which different AV engine pairs agree upon which samples belong to the same family (regardless of the actual family name) and find that there are discrepancies that can introduce noise in automatic label unification schemes. We also observe the usage of generic labels and inconsistencies within the labels of top AV engines, suggesting that their efforts are directed towards accurate detection rather than classification. Our results contribute to a better understanding of the limitations of using Android malware family labels as supplied by common AV engines.

References Powered by Scopus

Dissecting Android malware: Characterization and evolution

1790Citations
N/AReaders
Get full text

Drebin: Effective and Explainable Detection of Android Malware in Your Pocket

1783Citations
N/AReaders
Get full text

AndroZoo: Collecting millions of Android apps for the research community

776Citations
N/AReaders
Get full text

Cited by Powered by Scopus

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers

7Citations
N/AReaders
Get full text

Enhancing Digital Trust in Finance: Proactive Measures against Riskware and SMS Malware

0Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Rashed, M., & Suarez-Tangil, G. (2021). An analysis of android malware classification services. Sensors, 21(16). https://doi.org/10.3390/s21165671

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 5

63%

Professor / Associate Prof. 1

13%

Lecturer / Post doc 1

13%

Researcher 1

13%

Readers' Discipline

Tooltip

Computer Science 8

80%

Business, Management and Accounting 1

10%

Engineering 1

10%

Save time finding and organizing research with Mendeley

Sign up for free