Euphony: harmonious unification of cacophonous anti-virus vendor labels for Android malware

Médéric Hurier; Guillermo Suarez-Tangil; Santanu Kumar Dash; Tegawendé F Bissyandé; Yves Le Traon; Jacques Klein; Lorenzo Cavallaro

doi:10.1109/MSR.2017.57

Euphony: harmonious unification of cacophonous anti-virus vendor labels for Android malware

Médéric Hurier, Guillermo Suarez-Tangil, Santanu Kumar Dash, Tegawendé F Bissyandé, Yves Le Traon, Jacques Klein, Lorenzo Cavallaro

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

67 Citations (Scopus)

280 Downloads (Pure)

Abstract

Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference ground-truth from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we analyze the associations between all labels given by different vendors and we propose a system called EUPHONY to systematically unify common samples into family groups. The key novelty of our approach is that no a-priori knowledge on malware families is needed. We evaluate our approach using reference datasets and more than 0.4 million additional samples outside of these datasets. Results show that EUPHONY provides competitive performance against the state-of-the-art.

Original language	English
Title of host publication	IEEE International Conference on Mining Software Repositories
DOIs	https://doi.org/10.1109/MSR.2017.57
Publication status	Published - 20 May 2017

Access to Document

10.1109/MSR.2017.57

Euphony: Harmonious Unification of_Accepted22March2017_HURIER_GREEN AAM
© 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 553 KBLicence: Other

https://pure.royalholloway.ac.uk/portal/en/publications/euphony-harmonious-unification-of-cacophonous-antivirus-vendor-labels-for-android-malware(94927230-0307-47a1-9d3e-caaa1419a6c5).html

Cite this

@inbook{d42784d6ef20476db39baf7cf6a36488,

title = "Euphony: harmonious unification of cacophonous anti-virus vendor labels for Android malware",

abstract = "Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference ground-truth from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we analyze the associations between all labels given by different vendors and we propose a system called EUPHONY to systematically unify common samples into family groups. The key novelty of our approach is that no a-priori knowledge on malware families is needed. We evaluate our approach using reference datasets and more than 0.4 million additional samples outside of these datasets. Results show that EUPHONY provides competitive performance against the state-of-the-art.",

author = "M{\'e}d{\'e}ric Hurier and Guillermo Suarez-Tangil and Dash, {Santanu Kumar} and Bissyand{\'e}, {Tegawend{\'e} F} and Traon, {Yves Le} and Jacques Klein and Lorenzo Cavallaro",

note = "small Acceptance Rate: 17%",

year = "2017",

month = may,

day = "20",

doi = "10.1109/MSR.2017.57",

language = "English",

booktitle = "IEEE International Conference on Mining Software Repositories",

}

TY - CHAP

T1 - Euphony

T2 - harmonious unification of cacophonous anti-virus vendor labels for Android malware

AU - Hurier, Médéric

AU - Suarez-Tangil, Guillermo

AU - Dash, Santanu Kumar

AU - Bissyandé, Tegawendé F

AU - Traon, Yves Le

AU - Klein, Jacques

AU - Cavallaro, Lorenzo

N1 - small Acceptance Rate: 17%

PY - 2017/5/20

Y1 - 2017/5/20

N2 - Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference ground-truth from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we analyze the associations between all labels given by different vendors and we propose a system called EUPHONY to systematically unify common samples into family groups. The key novelty of our approach is that no a-priori knowledge on malware families is needed. We evaluate our approach using reference datasets and more than 0.4 million additional samples outside of these datasets. Results show that EUPHONY provides competitive performance against the state-of-the-art.

AB - Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference ground-truth from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we analyze the associations between all labels given by different vendors and we propose a system called EUPHONY to systematically unify common samples into family groups. The key novelty of our approach is that no a-priori knowledge on malware families is needed. We evaluate our approach using reference datasets and more than 0.4 million additional samples outside of these datasets. Results show that EUPHONY provides competitive performance against the state-of-the-art.

U2 - 10.1109/MSR.2017.57

DO - 10.1109/MSR.2017.57

M3 - Conference paper

BT - IEEE International Conference on Mining Software Repositories

ER -

Euphony: harmonious unification of cacophonous anti-virus vendor labels for Android malware

Abstract

Access to Document

Fingerprint

Cite this