Reference : Should You Consider Adware as Malware in Your Study?
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Computational Sciences
http://hdl.handle.net/10993/39008
Should You Consider Adware as Malware in Your Study?
English
Gao, Jun mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Li, Li mailto [Monash University > Faculty of Information Technology]
Kong, Pingfan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
24-Feb-2019
26th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering
Yes
26th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering
from 24-2-2019 to 27-2-2019
Hangzhou
China
[en] Android ; adware ; malware
[en] Empirical validations of research approaches eventually require a curated ground truth. In studies related to Android malware, such a ground truth is built by leveraging Anti-Virus (AV) scanning reports which are often provided free through online services such as VirusTotal. Unfortunately, these reports do not offer precise information for appropriately and uniquely assigning classes to samples in app datasets: AV engines indeed do not have a consensus on specifying information in labels. Furthermore, labels often mix information related to families, types, etc. In particular, the notion of “adware” is currently blurry when it comes to maliciousness. There is thus a need to thoroughly investigate cases where adware samples can actually be associated with malware (e.g., because they are tagged as adware but could be considered as malware as well).
In this work, we present a large-scale analytical study of Android adware samples to quantify to what extent “adware should be considered as malware”. Our analysis is based on the Androzoo repository of 5 million apps with associated AV labels and leverages a state-of-the-art label harmonization tool to infer the malicious type of apps before confronting it against the ad families that each adware app is associated with. We found that all adware families include samples that are actually known to implement specific malicious behavior types. Up to 50% of samples in an ad family could be flagged as malicious. Overall the study demonstrates that adware is not necessarily benign.
Fonds National de la Recherche - FnR
Researchers
http://hdl.handle.net/10993/39008

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
adware-paper-SANER-2019-submitted.pdfAuthor preprint360.94 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.