Paper Info
Title
Euphony: harmonious unification of cacophonous anti-virus vendor labels for Android malware.
Abstract
Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference dataset from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we mine Anti-Virus labels and analyze the associations between all labels given by different vendors to systematically unify common samples into family groups. The key novelty of our approach, named Euphony [20], is that no a-priori knowledge on malware families is needed. We evaluate Euphony using reference datasets and more than 400 thousands additional samples outside of these datasets. Results show that Euphony can accurately label malware with a fine-grained clustering of families, while providing competitive performance against the state-of-the-art.
Year
DOI
Venue
2017
10.1109/MSR.2017.57
MSR
Keywords
Field
DocType
malware, android, ground-truth, datasets, labeling
Vetting,Data mining,Cryptovirology,World Wide Web,Android (operating system),Computer science,Unification,Vendor,Novelty,Cluster analysis,Malware
Conference
ISSN
ISBN
Citations 
2160-1852
978-1-5386-1545-4
7
PageRank 
References 
Authors
0.51
30
7
Name
Order
Citations
PageRank
Médéric Hurier170.51
Guillermo Suarez-Tangil2452.84
Santanu Kumar Dash3887.77
Tegawendé F. Bissyandé486363.90
Yves Le Traon515514.08
Jacques Klein62498112.20
Lorenzo Cavallaro788652.85