Software distributors, such as the operators of online software repositories or stores, scan and analyze the software they host to flag potentially harmful applications (PHAs). The scans are typically performed offline and are based solely on app-level features and do not take into account structural relationships between different apps and devices. This disclosure describes an app ecosystem-based approach to detect PHAs via analysis of contextual information, such as app install statistics and installation distribution patterns. Relevant contextual information about each app obtained user permission is leveraged to build a machine learning pipeline to flag PHAs for further review. The ecosystem-based approach makes it difficult for malicious actors to evade detection. The techniques can be applied online at app install time and are complementary to detection mechanisms that involve direct analysis of apps.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Tramer, Florian; Yu, Mo; and Tetali, Sai Deep, "Leveraging app relationships and distribution patterns to identify malicious software", Technical Disclosure Commons, (February 13, 2019)