Visible to the public ToGather: Automatic Investigation of Android Malware Cyber-Infrastructures

TitleToGather: Automatic Investigation of Android Malware Cyber-Infrastructures
Publication TypeConference Paper
Year of Publication2018
AuthorsKarbab, ElMouatez Billah, Debbabi, Mourad
Conference NameProceedings of the 13th International Conference on Availability, Reliability and Security
ISBN Number978-1-4503-6448-5
Keywordsandroid, Correlation, Cyber-Infrastructure, graph analysis, graph theory, Human Behavior, Malware, malware analysis, Metrics, privacy, pubcrawl, Resiliency

The popularity of Android, not only in handsets but also in IoT devices, makes it a very attractive target for malware threats, which are actually expanding at a significant rate. The state-of-the-art in malware mitigation solutions mainly focuses on the detection of malicious Android apps using dynamic and static analysis features to segregate malicious apps from benign ones. Nevertheless, there is a small coverage for the Internet/network dimension of Android malicious apps. In this paper, we present ToGather, an automatic investigation framework that takes Android malware samples as input and produces insights about the underlying malicious cyber infrastructures. ToGather leverages state-of-the-art graph theory techniques to generate actionable, relevant and granular intelligence to mitigate the threat effects induced by the malicious Internet activity of Android malware apps. We evaluate ToGather on a large dataset of real malware samples from various Android families, and the obtained results are both interesting and promising.

Citation Keykarbab_togather:_2018