Annual Computer Security Applications Conference (ACSAC) 2016

Full Program »

Cypider: Building Community-Based Cyber-Defense Infrastructure for Android Malware Detection

The popularity of Android OS dramatically increases the
daily malware attacks, which overwhelm the detection process. This fact has motivated the need of developing malware detection and family attribution solutions with least manual intervention. In response, we propose Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building an efficient and scalable similarity network infrastructure of malicious apps. Our detection method is based on a novel concept, namely malicious community, in which we consider, for a given family, the instances that share common features. Under this concept, we assume that multiple similar Android apps with different authors are most likely to be malicious.
Cypider leverages this assumption in the detection of variants of known malware families and zero-day malware. It is
important to mention that this detection does not rely on
any signature-based or learning-based patterns. Moreover,
it applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious communities, and most likely, malicious. Finally, we
compute the community fingerprint, a novel fingerprint technique based on learning model, for each malicious community that is used for future detection. Cypider shows a very good results by detecting 50% of the dataset malware in
only one detection iteration. Furthermore, the preliminary
results of the community fingerprint are very promising as
86% of detection is achieved.


ElMouatez Billah KARBAB    
Concordia University

Mourad Debbabi    
Concordia University

Abdelouahid Derhab    
King Saud University
Saudi Arabia

Djedjiga Mouheb    
Concordia University


Powered by OpenConf®
Copyright©2002-2016 Zakon Group LLC