Hugin: A Scalable Hybrid Android Malware Detection System

Abstract

Mobile operating systems are a prime target of today{&}rsquo;s malware authors and cyber criminals. In particular, Google{&}rsquo;s Android suffers from an ever increasing number of malware attacks in the form of malicious apps. These typically originate from poorly policed third-party app stores that fail to vet the apps prior to publication. In this paper, we present Hugin, a machine learning-based app vetting system that uses features derived from dynamic, as well as static analysis and thus falls into the scarcely studied class of hybrid approaches. Hugin is unique with respect to using IPC/RPC monitoring as source for dynamically extracted features. Furthermore, Hugin uses a short (and yet effective) feature vector that leads to a high efficiency in training as well as classification. Our evaluation shows that Hugin achieves a detection accuracy of up to 99.74{%} on an up-to- date data set consisting of more than 14,000 malware samples and thus, is easily capable of competing with other current systems.

Publication
Proceedings of the 11th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE)
Placeholder Avatar
Dominik Teubert
Placeholder Avatar
Samuel Schüppen
Placeholder Avatar
Ulrike Meyer