Machine Learning Meets iOS Malware: Identifying Malicious Applications on Apple Environment

Aniello Cimitile, Fabio Martinelli, Francesco Mercaldo

2017

Abstract

The huge diffusion of the so-called smartphone devices is boosting the malware writer community to write more and more aggressive software targeting the mobile platforms. While scientific community has largely studied malware on Android platform, few attention is paid to iOS applications, probably to their closed-source nature. In this paper, in order to fill this gap, we propose a method to identify malicious application on Apple environment. Our method relies on a feature vector extracted by static analysis. Experiments, performed with 20 different machine learning algorithms, demonstrate that malware iOS applications are discriminated by trusted ones with a precision equal to 0.971 and a recall equal to 1.

References

  1. Battista, P., Mercaldo, F., Nardone, V., Santone, A., and Visaggio, C. (2016). Identification of android malware families with model checking. In International Conference on Information Systems Security and Privacy. SCITEPRESS.
  2. Bernardeschi, C., De Francesco, N., Lettieri, G., and Martini, L. (2004). Checking secure information flow in java bytecode by code transformation and standard bytecode verification. Software - Practice and Experience, 34(13):1225-1255.
  3. Bilar, D. (2007). Opcodes as predictor for malware. International Journal of Electronic Security and Digital Forensics, Vol. 1, No. 2, pp. 156-168.
  4. Canfora, G., De Lorenzo, A., Medvet, E., Mercaldo, F., and Visaggio, C. A. (2015a). Effectiveness of opcode ngrams for detection of multi family android malware. In Availability, Reliability and Security (ARES), 2015 10th International Conference on, pages 333- 340. IEEE.
  5. Canfora, G., Mercaldo, F., and Visaggio, C. A. (2015b). Evaluating op-code frequency histograms in malware and third-party mobile applications. In International Conference on E-Business and Telecommunications, pages 201-222. Springer.
  6. Canfora, G., Mercaldo, F., and Visaggio, C. A. (2015c). Mobile malware detection using op-code frequency histograms. In SECRYPT 2015 - Proceedings of the 12th International Conference on Security and Cryptography, Colmar, Alsace, France, 20-22 July, 2015., pages 27-38.
  7. Choucane, M. and Lakhotia, A. (2006). Using engine signature to detect metamorphic malware. In WORM'06, 4th ACM workshop on Recurring malcode, pp.73-78. ACM.
  8. Damopoulos, D., Kambourakis, G., and Gritzalis, S. (2011). isam: an iphone stealth airborne malware. In IFIP International Information Security Conference, pages 17-28. Springer.
  9. Garcia, L. and Rodriguez, R. J. (2016). A peek under the hood of ios malware. In Availability, Reliability and Security (ARES), 2016 10th International Conference on.
  10. Mercaldo, F., Nardone, V., Santone, A., and Visaggio, C. A. (2016a). Download malware? No, thanks. How formal methods can block update attacks. In Proceedings of the 4th FME Workshop on Formal Methods in Software Engineering, pages 22-28. ACM.
  11. Mercaldo, F., Nardone, V., Santone, A., and Visaggio, C. A. (2016b). Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems, pages 212-221. Springer.
  12. Mercaldo, F., Visaggio, C. A., Canfora, G., and Cimitile, A. (2016c). Mobile malware detection in the real world. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 - Companion Volume, pages 744-746.
  13. Rad, B., Masrom, M., and Ibrahim, S. (2012). Opcodes histogram for classifying metamorphic portable executables malware. In ICEEE'12, International Conference on e-Learning and e-Technologies in Education, pp. 209-213.
  14. Rad, B. B. and Masrom, M. (2010). Metamorphic Virus Variants Classification Using Opcode Frequency Histogram. Latest Trends on Computers (Volume I).
Download


Paper Citation


in Harvard Style

Cimitile A., Martinelli F. and Mercaldo F. (2017). Machine Learning Meets iOS Malware: Identifying Malicious Applications on Apple Environment . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 487-492. DOI: 10.5220/0006217304870492


in Bibtex Style

@conference{icissp17,
author={Aniello Cimitile and Fabio Martinelli and Francesco Mercaldo},
title={Machine Learning Meets iOS Malware: Identifying Malicious Applications on Apple Environment},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={487-492},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006217304870492},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Machine Learning Meets iOS Malware: Identifying Malicious Applications on Apple Environment
SN - 978-989-758-209-7
AU - Cimitile A.
AU - Martinelli F.
AU - Mercaldo F.
PY - 2017
SP - 487
EP - 492
DO - 10.5220/0006217304870492