Breaking Bad: Forecasting Adversarial Android Bad Behavior

2018 
A number of Android applications exhibit malicious behavior during certain periods of time and exhibit benign behavior at others. Such malicious applications may bypass existing techniques for detecting mobile malware which focus on identifying malicious behavior at a specific point in time. Building on the observation that many of these malicious behaviors are visible to users, we describe the design of a system that finds temporary unwanted behaviors by mining user reviews from the Google Play Store, which is the largest Android marketplace. We characterize the behavior of these applications and develop methods to predict which applications will turn malicious. Our best predictive models have an AUC of 0.86, false positive rate of 0.10 and true positive rate of 0.67. In addition, we assess our system’s robustness against adversaries who post fake reviews in order to poison our models.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    38
    References
    1
    Citations
    NaN
    KQI
    []