CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis

The rapid growth of Android malware results in a large body of approaches devoted to malware analysis by leveraging machine learning algorithms. However, the effectiveness of these approaches primarily depends on the manual feature engineering process, which is time-consuming and labor-intensive based on expert knowledge and intuition. In this paper, we propose an automatic approach that engineers informative features from a corpus of Android malware related technical blogs, which are written in a way that mirrors the human feature engineering process. However, there are two main challenges. First, it is difficult to recognize useful knowledge in the magnanimity information of thousands of blogs. To this end, we leverage natural language processing techniques to process the blogs and extract a set of sensitive behaviors that might do harmful activities to users potentially. Second, there exists a semantic gap between the extracted sensitive behaviors and the programming language. To this end, we propose two semantic matching rules to match the behaviors with concrete code snippets such that the apps can be tested experimentally. We design and implement a system called CTDroid for malware analysis, including malware detection (MD) and familial classification (FC). After the evaluation of CTDroid on a large scale of real malware and benign apps, the experimental results demonstrate that CTDroid can achieve 95.8% true positive rate with only 1% false positive rate for MD and 97.9% accuracy for FC. Furthermore, our proposed features are more informative than those of state-of-the-art approaches.

• Publication year

  2020

• Venue

  IEEE Transactions on Reliability

• Publication date

  2020-03-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TR.2019.2926129
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Graph Embedding Based Familial Analysis of Android Malware using Unsupervised Learning

  2019cited by this paper
• Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis

  2018influential reference
• [Journal First] Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware

  2018cited by this paper
• Lookout

  2018cited by this paper
• LibD: Scalable and Precise Third-Party Library Detection in Android Markets

  2017cited by this paper
• Detecting Android Root Exploits by Learning from Root Providers

  2017cited by this paper
• Adaptive Unpacking of Android Apps

  2017cited by this paper
• DAPASA: Detecting Android Piggybacked Apps Through Sensitive Subgraph Analysis

  2017cited by this paper
• HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network

  2017cited by this paper
• GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities

  2017cited by this paper
• SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

  2016cited by this paper
• Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability

  2016cited by this paper
• DroidRA: taming reflection to support whole-program analysis of Android apps

  2016cited by this paper
• Semantic modelling of Android malware for effective malware comprehension, detection, and classification

  2016cited by this paper
• FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature

  2016influential reference
• Enhanced English Universal Dependencies: An Improved Representation for Natural Language Understanding Tasks

  2016cited by this paper
• Can We Trust the Privacy Policies of Android Apps?

  2016cited by this paper
• Toward a Framework for Detecting Privacy Policy Violations in Android Application Code

  2016cited by this paper
• MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

  2016cited by this paper
• Frequent Subgraph Based Familial Classification of Android Malware

  2016cited by this paper
• An Investigation into the Use of Common Libraries in Android Apps

  2015cited by this paper
• ViewDroid: towards obfuscation-resilient mobile application repackaging detection

  2014cited by this paper
• DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket

  2014influential reference
• AutoCog: Measuring the Description-to-permission Fidelity in Android Applications

  2014cited by this paper
• Apposcopy: semantics-based detection of Android malware through static analysis

  2014cited by this paper
• Checking app behavior against app descriptions

  2014cited by this paper
• Achieving accuracy and scalability simultaneously in detecting application clones on Android markets

  2014cited by this paper
• Wikipedia

  2014cited by this paper
• AnDarwin: Scalable Detection of Semantically Similar Android Applications

  2013cited by this paper
• WHYPER: Towards Automating Risk Assessment of Mobile Applications

  2013cited by this paper
• DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android

  2013cited by this paper
• Structural detection of android malware using embedded call graphs

  2013cited by this paper
• Distributed Representations of Words and Phrases and their Compositionality

  2013cited by this paper
• RiskRanker: scalable and accurate zero-day android malware detection

  2012cited by this paper
• Attack of the Clones: Detecting Cloned Applications on Android Markets

  2012cited by this paper
• I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns

  2012cited by this paper
• Dissecting Android Malware: Characterization and Evolution

  2012cited by this paper
• On lightweight mobile phone application certification

  2009cited by this paper
• A Closer Look at Skip-gram Modelling

  2006cited by this paper
• Instance-based learning algorithms

  2004cited by this paper
• A requirements taxonomy for reducing Web site privacy vulnerabilities

  2004cited by this paper
• Theoretical Comparison between the Gini Index and Information Gain Criteria

  2004cited by this paper
• Using TF-IDF to Determine Word Relevance in Document Queries

  2003cited by this paper
• Random Forests

  2001cited by this paper
• WordNet: A Lexical Database for English

  1995cited by this paper
• C4.5: Programs for Machine Learning

  1992cited by this paper
• Ridge Estimators in Logistic Regression

  1992cited by this paper
• The multilayer perceptron as an approximation to a Bayes optimal discriminant function

  1990cited by this paper
• Ieee Transactions on Information Forensics and Security 1 Exploring Permission-induced Risk in Android Applications for Malicious Application Detection

  year unknowncited by this paper

• ADTDroid: Leveraging API description and TCP based active learning for Android malware detection

  2025cites this paper
• NLP-based techniques for Cyber Threat Intelligence

  2025cites this paper
• ANDROIDGYNY: Reviewing Clustering Techniques for Android Malware Family Classification

  2023cites this paper
• Malware Detection in Android Based Devices by a Hybrid Approach Using Machine Learning Techniques

  2023cites this paper
• Obfuscation-resilient Android Malware Detection Based on Graph Convolution Neural Networks

  2023cites this paper
• FAM: Featuring Android Malware for Deep Learning-Based Familial Analysis

  2022cites this paper
• Advanced Persistent Threat intelligent profiling technique: A survey

  2022cites this paper
• CNN‐ and GAN‐based classification of malicious code families: A code visualization approach

  2022cites this paper
• Optimal feature configuration for dynamic malware detection

  2021cites this paper
• IntDroid

  2021cites this paper
• A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools

  2021cites this paper
• Android malware detection: a survey

  2020cites this paper
• Revisiting the Challenges and Opportunities in Software Plagiarism Detection

  2020cites this paper
• When representation learning meets software analysis

  2020cites this paper
• Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?

  2020cites this paper
• From Innovations to Prospects: What Is Hidden Behind Cryptocurrencies?

  2020cites this paper
• Can We Trust Your Explanations? Sanity Checks for Interpreters in Android Malware Analysis

  2020cites this paper
• An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps

  2020cites this paper
• Intent and permission modeling for privacy leakage detection in android

  2019cites this paper
• Novel Text and Image Based Approach to Android Malware Detection

  year unknowncites this paper