Android Malware Detection

QUB logo

Researcher: Gavin McWilliams

Research Institution: Queen’s University Belfast

Overview:

Gavin McWilliams from Queen’s University Belfast is seeking industry partners from Android marketplace operators, enterprise or online business to further enhance and validate the Android Malware Detection technology.

Product:

• Highly accurate Android malware detection strategy based on automated static analysis of Android application packages;
• Strategy combines lightweight analysis of permissions information held in the manifest file along with detailed analysis of the application’s use of critical APIs and system services;
• The resulting classifier is over 92% accurate in identifying Android malware; and
• Access to large Android malware sample datasets by partnering with McAfee Labs, allowing machine learning based classifier to undergo a comprehensive training phase which increases the predictive accuracy of the system.

Market:

• Operators of third-party Android markets – the malware classifier gives the ability to quickly scan thousands of independently developed apps and quantify the possible threat these may pose;
• Enterprise IT groups who require a way to scan apps used on Android devices that have not been issued by them (BYOD model) in order to secure corporate assets;
• Financial institutions and those targeted by mobile malware who require intelligence about emerging threats from app marketplaces; and
• Individuals who own a smartphone.

Benefits:

• The Bayesian Classifier approach is fast, automated and effective for zero-day threat discovery;
• Being machine learning-based, it is highly adaptable to the evolving Android malware threat landscape, and thus cost-effective to maintain (no signature updates required);
• Detection rates for commercial anti-virus products range between 20% to approximately 80% and are not effective in detecting polymorphic, highly obfuscated, and sophisticated Android malware;
• Moreover, current zero-day threat discovery, reporting, and containment timelines of existing signature based AV products leave the rapidly growing Android community vulnerable to attack by new malware; and
• This android malware classifier overcomes these issues by providing zero-day malware detection.

Partners:

Industry partners are sought from Android marketplace operators, enterprise or online business to further enhance and validate the Android Malware Detection technology.

Contact Details:

Email Gavin McWilliams at g.mcwilliams@qub.ac.uk

Go back to the Academic MarketPlace