Recognition of Android Malware Patterns (RAMP) Competition

6th International Workshop on Computational Forensics (IWCF 2014) - 24th Aug 2014- Stockholm, Sweden

Ali Dehghantanha, Mohsen Damshenas

Pattern recognition is the science of making inferences from perceptual data, using applications from statistics, probability, computational geometry, machine learning, signal processing, and algorithm design. All these features made pattern-recognition very relevant to computer forensics and digital investigation as well. In particular, during last few years there were so many advances happened in applications of pattern recognition techniques in investigation and detection of cyber-crimes in the hope of developing predictable and repeatable patterns of criminal actions.

Malware is a common term used to express all kinds of malicious software (viruses, worms, or Trojan horses, etc). Malicious programs not only cause significant threats to the security and privacy, but they are also in charge of considerable amount of financial loss. Therefore, development of techniques and tools that provide insights into possible patterns in malware coding, behaviors, propagation and infections that may eventually assist in detection, analysis, or prevention of malware would be extremely valuable!

The fast-growth in usage of smart-phones and mobile Apps with the fact that these devices usually hold lots of private and confidential data made them as a popular target for malware developers and as such we are witnessing extremely fast growth in the number of malwares specifically designed and developed for mobile phones. Android as one the most popular smart phone platforms attracted good portion of these malwares and detection, analyzing and preventing malware threats on Android devices is a very relevant research issue these days.

Malware analysis is a kind of art to dissect malwares to know how they work, how to recognize and categorize them, and how to overcome or efface them. Pattern-recognition techniques are having good potential for developing different patterns of malwares (based on their i.e. behavior, infection, spreading, coding,…) which may eventually assist in detection of future malware and in analysis of existing ones.

The IWCF 2014 Recognition of Android Malware Patterns (RAMP) competition aims to strengthen the efforts in developing techniques, tools and algorithms to find any sort of patterns in carefully selected dataset of Android malwares. This competition tries to challenge pattern recognition community with problems that malware analyzers are usually confronted hoping for out of the box and innovative solutions in this direction.

Competition Details

The main aim of this competition is to develop tools and techniques for detecting patterns in Android malwares and categorize them accordingly, the contest includes following stages:

1. The categorized Android malwares: The aim is to systematically characterize Android malwares from various aspects. For example, one may use malware activation mechanisms or malwares' installation methods or even the type of carried malicious payloads to systematically characterize them. This task can be done using any tool as we only care about the conducted analysis and the features/attributes used for categorization and pattern recognition. You may develop your own tools or use existing tools to analyze Malwares. Here you may find a sample list of tools that may be used for analyzing Android malwares. For samples of similar projects which attempt to categorize Android malwares based on specific pattern you may refer to or course one who use malwares name or static attributes of the malwares file has less chance than one who use behavioral attributes of the malware for categorizing them.

2. The final report of the analysis: should be containing the identified pattern, the features/elements/attributes used for recognizing pattern, description and reference to any tools that were employed as part of the task, description of any newly developed tools/techniques, the result of technique examination and finally the analysis of the result using reflecting the technique False-Positives (FPs) and False-Negatives (FNs) rate.

Important dates

  1. Sending email to register for competition: before 15th Apr 2014 (Please refer to our Dataset Release Policy).
  2. Receiving initial Malware and Goodware datasets: within 5 international working days after completion of step 1
  3. Submission of results: 15th Jun 2014.
  4. Releasing new malware dataset to participating teams:01 Jul 2014
  5. Evaluation deadline: 1st Aug 2014.
  6. Results announcement: by 15th Aug 2014

Dataset Release Policy

As part of RAMP competition, participants would receive carefully selected Mawalre and Goodware datasets. However, to avoid any misuse of these datasets, we need to have some sort of authentication in place. Therefore, we need all participants to carefully follow instructions below to receive dataset:
  1. Only emails from official email addresses would be accepted and in your email please include your name, affiliation, homepage (or verifiable LinkedIn account), and please briefly introduce yourself. All these will only be used for verification purposes! Please mention your intention to participate in RAMP completion in the subject of your email. All Zip file passwords are "M0DROID". 
  2. To provide references to our dataset you may cite M0DROID  ( project.
  3. You are not allowed to share any samples of our dataset to others without our permission.
  4. All Emails should be sent to "".
  5. All registered names would be appeared on competition home-page shortly after sending dataset.
  6. Sending email to us for accessing our dataset would imply your acceptance of above rules.
Teams/Individuals Received our Dataset (RAMP Participants):
Alessandro Guarino,
Cagatay Catal, Istanbul Kultur University.
Guillermo Suarez-Tangil, Unviersity Carlos III de Madrid.
Eshete, Asfaw, Amir Dirin, Haaga-Helia University of Applied Science- Finland.
Alex Gibberd, University College London,  Centre for Computational Statistics and Machine Learning (CSML)

--------------------------- Acknowledgment---------------------------------------------------------------------------------------------------

We do appriciate all following bodies support for RAMP competition. If you like to support RAMP competition by any means (posting our event, promoting it, non-financial or financial sponsorship, etc) please feel free to contact us at 

We are always looking forward to hearing from you.




[1] Rieck, Konrad, et al. "Learning and classification of malware behavior." Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2008. 108-125.

[2] Zhou, Yajin, and Xuxian Jiang. "Dissecting android malware: Characterization and evolution." Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012.

[3] Daryabar, Farid, Ali Dehghantanha, and Hoorang Ghasem Broujerdi. "Investigation of Malware Defence and Detection Techniques." International Journal of Digital Information and Wireless Communications (IJDIWC) 1.3 (2012): 645-650.