This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-1256
Android Malware Dataset
External Dataset
External Data Source
University of New Brunswick
Unknown
Unknown
56 (lowest rank is 56)
Description
We collected more than 10,854 samples (4,354 malware and 6,500 benign) from several sources. We have collected over six thousand benign apps from Googleplay market published in 2015, 2016, 2017.
We installed 5,000 of the collected samples (426 malware and 5,065 benign) on real devices. Our malware samples in the CICAndMal2017 dataset are classified into four categories:
Adware
Ransomware
Scareware
SMS Malware
Our samples come from 42 unique malware families. The family kinds of each category and the numbers of the captured samples are as follows:
Adware
Dowgin family, 10 captured samples
Ewind family, 10 captured samples
Feiwo family, 15 captured samples
Gooligan family, 14 captured samples
Kemoge family, 11 captured samples
koodous family, 10 captured samples
Mobidash family, 10 captured samples
Selfmite family, 4 captured samples
Shuanet family, 10 captured samples
Youmi family, 10 captured samples
Ransomware
Charger family, 10 captured samples
Jisut family, 10 captured samples
Koler family, 10 captured samples
LockerPin family, 10 captured samples
Simplocker family, 10 captured samples
Pletor family, 10 captured samples
PornDroid family, 10 captured samples
RansomBO family, 10 captured samples
Svpeng family, 11 captured samples
WannaLocker family, 10 captured samples
Scareware
AndroidDefender 17 captured samples
AndroidSpy.277 family, 6 captured samples
AV for Android family, 10 captured samples
AVpass family, 10 captured samples
FakeApp family, 10 captured samples
FakeApp.AL family, 11 captured samples
FakeAV family, 10 captured samples
FakeJobOffer family, 9 captured samples
FakeTaoBao family, 9 captured samples
Penetho family, 10 captured samples
VirusShield family, 10 captured samples
SMS Malware
BeanBot family, 9 captured samples
Biige family, 11 captured samples
FakeInst family, 10 captured samples
FakeMart family, 10 captured samples
FakeNotify family, 10 captured samples
Jifake family, 10 captured samples
Mazarbot family, 9 captured samples
Nandrobox family, 11 captured samples
Plankton family, 10 captured samples
SMSsniffer family, 9 captured samples
Zsone family, 10 captured samples
In order to acquire a comprehensive view of our malware samples, we created a specific scenario for each malware category. We also defined three states of data capturing in order to overcome the stealthiness of an advanced malware:
Installation: The first state of data capturing which occurs immediately after installing malware (1-3 min).
Before restart: The second state of data capturing which occurs 15 min before rebooting phones.
After restart: The last state of data capturing which occurs 15 min after rebooting phones.
For feature Extraction and Selection, we captured network traffic features (.pcap files), and extracted more than 80 features by using CICFlowMeter-V3 during all three mentioned states (installation, before restart, and after restart). See our publicly available Android Sandbox.
Additional Details
49.8GB
false
Unknown
malware, android, dataset, android malware dataset, 1256, external, inferlink corporation, corporation, inferlink, source, external data source, samples, captured, family, benign, collected, 354, googleplay, published, apps, 854, sources, 2016, 2017, market, 500, 2015, restart, capturing, min, occurs, installation, features, phones, sms, scareware, adware, fakeapp, rebooting, category, ransomware, fakenotify, cicflowmeter, jisut, biige, installed, files, dowgin, publicly, fakejoboffer, real, comprehensive, created, androidspy, avpass, mentioned, fakeav, penetho, shuanet, network, jifake, installing, fakemart, sandbox, plankton, gooligan, families, specific, simplocker, 065, cicandmal2017, nandrobox, kemoge, classified, ewind, al, extraction, feiwo, 000, charger, selection, av, unique, virusshield, youmi, smssniffer, advanced, stealthiness, androiddefender, extracted, beanbot, defined, ransombo, koler, devices, selfmite, other, 426, v3, koodous, mazarbot, pletor, 277, view, lockerpin, mobidash, traffic, wannalocker, porndroid, overcome, kinds, acquire, fakeinst, feature, scenario, pcap, categories, zsone, faketaobao, svpeng