RAMP 2014 - Recognition of Android Malware Patterns (RAMP) Competition

Recognition of Android Malware Patterns (RAMP) Competition
6th International Workshop on Computational Forensics (IWCF 2014) - 24th Aug 2014- Stockholm, Sweden
Ali Dehghantanha, Mohsen Damshenas
Pattern recognition is the science of making inferences from perceptual data, using applications from statistics, probability, computational geometry, machine learning, signal processing, and algorithm design. All these features made pattern-recognition very relevant to computer forensics and digital investigation as well. In particular, during last few years there were so many advances happened in applications of pattern recognition techniques in investigation and detection of cyber-crimes in the hope of developing predictable and repeatable patterns of criminal actions.
Malware is a common term used to express all kinds of malicious software (viruses, worms, or Trojan horses, etc). Malicious programs not only cause significant threats to the security and privacy, but they are also in charge of considerable amount of financial loss. Therefore, development of techniques and tools that provide insights into possible patterns in malware coding, behaviors, propagation and infections that may eventually assist in detection, analysis, or prevention of malware would be extremely valuable!
The fast-growth in usage of smart-phones and mobile Apps with the fact that these devices usually hold lots of private and confidential data made them as a popular target for malware developers and as such we are witnessing extremely fast growth in the number of malwares specifically designed and developed for mobile phones. Android as one the most popular smart phone platforms attracted good portion of these malwares and detection, analyzing and preventing malware threats on Android devices is a very relevant research issue these days.
Malware analysis is a kind of art to dissect malwares to know how they work, how to recognize and categorize them, and how to overcome or efface them. Pattern-recognition techniques are having good potential for developing different patterns of malwares (based on their i.e. behavior, infection, spreading, coding,…) which may eventually assist in detection of future malware and in analysis of existing ones.
The IWCF 2014 Recognition of Android Malware Patterns (RAMP) competition aims to strengthen the efforts in developing techniques, tools and algorithms to find any sort of patterns in carefully selected dataset of Android malwares. This competition tries to challenge pattern recognition community with problems that malware analyzers are usually confronted hoping for out of the box and innovative solutions in this direction.
Competition Details
The main aim of this competition is to develop tools and techniques for detecting patterns in Android malwares and categorize them accordingly, the contest includes following stages:
Receiving Android Malwares and Goodwares datasets: individuals or teams who are interested to join the competition should send an email (only official email addresses are accepted) to AliD-AT-upm.edu.my strcitly following our "Dataset Release Policy". Participants will receive a carefully selected Android Malware dataset and a Goodware dataset from M0DR0ID project. The malwares and goodwares binaries are archived in two separated zip files.
Development of unsupervised malware pattern-recognition techniques and tools : this is the main part of competition! Recognize an unsupervised pattern for malware detection by utilizing any type of tool; and then use the pattern to categorize malwares. The main factors which participants should deliver and the judges will use for ranking.
1. The categorized Android malwares: The aim is to systematically characterize Android malwares from various aspects. For example, one may use malware activation mechanisms or malwares' installation methods or even the type of carried malicious payloads to systematically characterize them. This task can be done using any tool as we only care about the conducted analysis and the features/attributes used for categorization and pattern recognition. You may develop your own tools or use existing tools to analyze Malwares. Here you may find a sample list of tools that may be used for analyzing Android malwares. For samples of similar projects which attempt to categorize Android malwares based on specific pattern you may refer to http://m0droid.uni.me/ or http://www.malgenomeproject.org/.Of course one who use malwares name or static attributes of the malwares file has less chance than one who use behavioral attributes of the malware for categorizing them.
2. The final report of the analysis: should be containing the identified pattern, the features/elements/attributes used for recognizing pattern, description and reference to any tools that were employed as part of the task, description of any newly developed tools/techniques, the result of technique examination and finally the analysis of the result using reflecting the technique False-Positives (FPs) and False-Negatives (FNs) rate.
Submission of tools and evaluation documents : Participants should submit their tools and a report that clearly explaining the results of applying their techniques over given Malware and Goodware datasets (as discussed in item 2 above). The document should include results of applying techniques over Malware and Goodware to define capacity of developed techniques in correctly detecting Malwares from Goodwares and it should clearly show how the Malwares were categorized and grouped. All submitted tools and documents would be published in competition website shortly after submission deadline.
Evaluation : All submission would be rendered against new Malwares collected since releasing of malware dataset to participants (at registration deadline) by both submitting team and evaluation committee to find out how successful they are in categorizing newly added Malwares. The submitting teams are requested to send their evaluation at least one week before evaluation deadline to compare and contrast them with evaluation committee results and resolve or comment on any discrepancies. Both evaluations results would be published in competition website shortly after evaluation deadline.
Important dates
Sending email to register for competition: before 15th Apr 2014 (Please refer to our Dataset Release Policy).
Receiving initial Malware and Goodware datasets: within 5 international working days after completion of step 1
Submission of results: 15th Jun 2014.
Releasing new malware dataset to participating teams:01 Jul 2014
Evaluation deadline: 1st Aug 2014.
Results announcement: by 15th Aug 2014
Dataset Release Policy
As part of RAMP competition, participants would receive carefully selected Mawalre and Goodware datasets. However, to avoid any misuse of these datasets, we need to have some sort of authentication in place. Therefore, we need all participants to carefully follow instructions below to receive dataset:
Only emails from official email addresses would be accepted and in your email please include your name, affiliation, homepage (or verifiable LinkedIn account), and please briefly introduce yourself. All these will only be used for verification purposes! Please mention your intention to participate in RAMP completion in the subject of your email. All Zip file passwords are "M0DROID".
To provide references to our dataset you may cite M0DROID (http://m0droid.uni.me/) project.
You are not allowed to share any samples of our dataset to others without our permission.
All Emails should be sent to "AliD-AT-upm.edu.my".
All registered names would be appeared on competition home-page shortly after sending dataset.
Sending email to us for accessing our dataset would imply your acceptance of above rules.
Teams/Individuals Received our Dataset
--------------------------- Acknowledgment---------------------------------------------------------------------------------------------------
We do appriciate all following bodies support for RAMP competition. If you like to support RAMP competition by any means (posting our event, promoting it, non-financial or financial sponsorship, etc) please feel free to contact us at AliD-AT-upm.edu.my.
We are always looking forward to hearing from you.
-----------------------------------------------------------------------------------------------------------------------------
Resources
[1] Rieck, Konrad, et al. "Learning and classification of malware behavior." Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2008. 108-125.
[2] Zhou, Yajin, and Xuxian Jiang. "Dissecting android malware: Characterization and evolution." Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012.
[3] Daryabar, Farid, Ali Dehghantanha, and Hoorang Ghasem Broujerdi. "Investigation of Malware Defence and Detection Techniques." International Journal of Digital Information and Wireless Communications (IJDIWC) 1.3 (2012): 645-650.