UpDroid: Updated Android Malware and Its Familial Classification

Aktas K., Sen S.

23rd Nordic Conference on Secure IT Systems (NordSec), Oslo, Norway, 28 - 30 November 2018, vol.11252, pp.352-368 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 11252
  • Doi Number: 10.1007/978-3-030-03638-6_22
  • City: Oslo
  • Country: Norway
  • Page Numbers: pp.352-368
  • Hacettepe University Affiliated: Yes


Android is the platform most targeted by attackers. While security solutions have improved against such attacks on one side, attackers introduce new variants of existing malware by employing new strategies to evade them on another side. One of the most effective evasion techniques widely used is updating malicious code at runtime. In this study, an up-to-date dataset of such update attacks called UpDroid is introduced and then analyzed. This dataset consists of 2,479 samples belonging to 21 malware families, of which most have been discovered in just the last few years. While this dataset gives an overview of recent malware, it will also be useful for researchers working on dynamic analysis. Furthermore, in this study, a new classification algorithm based on both static and dynamic features is introduced in order to group such malware into families.