Not so Crisp, malware! Fuzzy classification of android malware classes

Mobile devices have been spreading at great rate in recent years. Not only smartphone, but also tablets and IoT devices, are gaining an increasingly place in our everyday lives. This is the reason why attackers are developing more and more aggressive techniques with the aim to exfiltrate our sensitive and private information. As many studies demonstrate, mobile malware is not developed from the scratch, as a matter of fact new malware samples are usually generated by adding new functionalities to existing malicious payloads, in order to make it more aggressive and undetectable by current antimalware technologies. As result of this process, current mobile malware exhibits several behaviors merged belonging to different malicious families. Considering this nature of the mobile malicious payloads, in this paper we explore whether fuzzy logic is helpful to (i) classify malicious applications into a set of classes we defined and, (ii) identify whether an application under analysis exhibits behaviors belonging to different malware classes we defined. Results are encouraging, as a matter of fact we obtain a weight precision and a recall equal to 0.975 in malware class identification on a dataset of 5332 real-world Android malware, and we demonstrate that the proposed method is able to identify the several malicious behaviors in terms of percentage of the samples under analysis.