MALWARE DETECTION BY EXPLOITING MALWARE RE-COMPOSITION VARIATIONS

摘要

One embodiment provides a method comprising, in a training phase, receiving one or more malware samples, extracting multi-aspect features of malicious behaviors triggered by the malware samples, determining evolution patterns of the malware samples based on the multi-aspect features, and predicting mutations of the malware samples based on the evolution patterns. Another embodiment provides a method comprising, in a testing phase, receiving a new mobile application, extracting a first set of multi-aspect features for the new mobile application using a learned feature model, and determining whether the new mobile application is a mutation of a malicious application using a learned classification model and the first set of multi-aspect features.