Browse > Article
http://dx.doi.org/10.7472/jksii.2020.21.6.13

Survival network based Android Authorship Attribution considering overlapping tolerance  

Hwang, Cheol-hun (Department of Software, Gachon University)
Shin, Gun-Yoon (Department of Software, Gachon University)
Kim, Dong-Wook (Department of Software, Gachon University)
Han, Myung-Mook (Department of Software, Gachon University)
Publication Information
Journal of Internet Computing and Services / v.21, no.6, 2020 , pp. 13-21 More about this Journal
Abstract
The Android author identification study can be interpreted as a method for revealing the source in a narrow range, but if viewed in a wide range, it can be interpreted as a study to gain insight to identify similar works through known works. The problem found in the Android author identification study is that it is an important code on the Android system, but it is difficult to find the important feature of the author due to the meaningless codes. Due to this, legitimate codes or behaviors were also incorrectly defined as malicious codes. To solve this, we introduced the concept of survival network to solve the problem by removing the features found in various Android apps and surviving unique features defined by authors. We conducted an experiment comparing the proposed framework with a previous study. From the results of experiments on 440 authors' identified apps, we obtained a classification accuracy of up to 92.10%, and showed a difference of up to 3.47% from the previous study. It used a small amount of learning data, but because it used unique features without duplicate features for each author, it was considered that there was a difference from previous studies. In addition, even in comparative experiments with previous studies according to the feature definition method, the same accuracy can be shown with a small number of features, and this can be seen that continuously overlapping meaningless features can be managed through the concept of a survival network.
Keywords
Android Authorship Attribution; Authorship Attribution; Remove duplicate features; Survival network;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 F. Ming, L. Jun, L. Xiapu, C. Kai, C. Tianyi, T. Zhenzhou, Z. Xiaodong, Z. Qinghua, and L. Ting, "Frequent Subgraph based Familial Classification of Android Malware," In Proceedings of 2016 IEEE 27th International Symposium on Software Reliability Engineering, pp. 24-35, 2016. https://ieeexplore.ieee.org/document/7774504
2 V. Kalgutkar, N. Stakhanova, P. Cook, A. Matyukhina, "Android authorship attribution through string analysis," In Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1-10, 2018. https://doi.org/10.1145/3230833.3230849   DOI
3 S. Alrabaee, P. Shirani, M. Debbabi, L. Wang, "On the Feasibility of Malware Authorship Attribution," International Symposium on Foundations and Practice of Security, pp 256-272, 2016. https://doi.org/10.1007/978-3-319-51966-1_17   DOI
4 M. Fan, J. Liu, X. Luo, K. Chen, Z. Tian, Q. Zheng, T. Liu, "Android malware familial classification and representative sample selection via frequent subgraph analysis," IEEE Transaction on Information Forensics and Security, Vol.13, No.8, pp. 1890-1905, 2018. https://doi.org/10.1109/tifs.2018.2806891   DOI
5 N. E. Rosenblum, B. P. Miller, Z, Zhu, "Extracting compiler provenance from program binaries," In Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pp. 21-28, 2010. https://doi.org/10.1145/1806672.1806678   DOI
6 Y. Feng, S. Anand, I. Dilling, A. Aiken, "Apposcopy: Semantics-based detection of android malware through static analysis," In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576-587, 2018. https://doi.org/10.1145/2635868.2635869   DOI
7 N. E. Rosenblum, X, Zhu, B. P. Miller, "Who wrote this code? identifying the authors of program binaries," In European Symposium on Research in Computer Security, pp. 172-189, 2011. https://doi.org/10.1007/978-3-642-23822-2_10   DOI
8 R. Chouchane, N. Stakhanova, A. Walenstein, A. Lakhotia, "Detecting machine-morphed malware variants via engine attribution," Journal of Computer Virology and Hacking Techniques, Vol.9, No.3, pp. 137-157, 2013. https://doi.org/10.1007/s11416-013-0183-6   DOI
9 H. Gonzalez, N. Stakhanova, A. A. Ghorbani, "Authorship Attribution of Android Apps," Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 277-286, 2018. https://doi.org/10.1145/3176258.3176322   DOI
10 Y. Zhou, X. Jiang, "Dissecting Android malware: Characterization and evolution," In 2012 IEEE symposium on security and privacy, pp. 95-109. 2012. https://doi.org/10.1109/sp.2012.16   DOI
11 Y. Ye, T. Li, D. Adjeroh, S.S. Iyengar, "A survey on malware detection using data mining techniques," ACM Computing Surveys (CSUR), Vol.50, No.2, pp. 1-41, 2017. https://doi.org/10.1145/3073559   DOI
12 E. Stamatatos, "A Survey of Modern Authorship Attribution Methods," American Society for Information Science and Technology, Vol.60, No.3, pp 538-556, 2009. https://doi.org/10.1002/asi.21001   DOI
13 V. Q. Marinho, G. Hirst, D. R. Amancio, "Authorship Attribution via network motifs identification," 2016 5th Brazilian Conference on Intelligent Systems, pp. 355-360, 2016. https://doi.org/10.1109/bracis.2016.071   DOI
14 V. Kalgutkar, R. Kaur, H. Gonzalez, N. Stakhanova, A. Matyukhina, "Code authorship attribution: Methods and challenges," ACM Computing Surveys (CSUR), Vol.52, No.1, 2019. https://doi.org/10.1145/3292577   DOI
15 G. Y. Shin, D. W. Kim, S. S. Hong, M. M. Han, "The Identification Framework for source code author using Authorship Analysis and CNN," Journal of Internet Computing and Services, Vol.19, No.5, pp 33-41, 2018. https://doi.org/10.7472/jksii.2018.19.5.33   DOI