To see the other types of publications on this topic, follow the link: ANDROID MALWARE CLASSIFICATION.
Journal articles on the topic 'ANDROID MALWARE CLASSIFICATION'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'ANDROID MALWARE CLASSIFICATION.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Pachhala, Nagababu, Subbaiyan Jothilakshmi, and Bhanu Prakash Battula. "Android Malware Classification Using LSTM Model." Revue d'Intelligence Artificielle 36, no. 5 (December 23, 2022): 761–67. http://dx.doi.org/10.18280/ria.360514.
Full textAbstract:
From last two decades, smartphone use is essentially widespread around the world, and Android is the most popular open-source operating system, with the largest market share and active user population of any open-source operating system. This has resulted in malicious actors turning their attention toward the Android operating system to exploit user reliance and vulnerabilities that exist inside the system. Hackers can take advantage of consumers' sensitive data to engage in advertising, extortion, and theft. Most of the existing anti-malware software’s cannot be able to detect all the malwares because of the intelligent malwares. In this paper we use the deep learning based Long short-term memory (LSTM) network for android malware classification. The model is effective in classification of intelligent malwares. The proposed model is implemented using google colab. The model is archiving more than the 98% accuracy in classification of android malwares.
2
Parajuli, Srijana, and Subarna Shakya. "Malware Detection and Classification Using Latent Semantic Indexing." Journal of Advanced College of Engineering and Management 4 (December 31, 2018): 153–61. http://dx.doi.org/10.3126/jacem.v4i0.23205.
Full textAbstract:
The increasing popularity of smart phones has led to the dramatic growth in mobile malware especially in Android platform. Many aspects of android permission has been studied for malware detection but sufficient attention has not been given to intent. This research work proposes using Latent Semantic Indexing for malware detection and classification with permissions and intents based features. This method analyses the Manifest file of an android application by understanding the risk level of permission and intents and assigning weight score based on their sensitivity. In an experiment conducted using a dataset containing 400 malware samples and 400 normal/benign samples, the results show accuracy of 83.5% using Android Intent against 79.1 % using Android permission. Additionally, experiment on combination of both features results in accuracy of 89.7%. It can be concluded from this research work that dataset with intent based features is able to detect malwares more when compared to permissions based features.
3
Afifah, Nurul, and Deris Stiawan. "The Implementation of Deep Neural Networks Algorithm for Malware Classification." Computer Engineering and Applications Journal 8, no. 3 (September 24, 2019): 189–202. http://dx.doi.org/10.18495/comengapp.v8i3.294.
Full textAbstract:
Malware is very dangerous while attacked a device system. The device that can be attacked by malware is a Mobile Phone such an Android. Antivirus in the Android device is able to detect malware that has existed but antivirus has not been able to detect new malware that attacks an Android device. In this issue, malware detection techniques are needed that can grouping the files between malware or non-malware (benign) to improve the security system of Android devices. Deep Learning is the proposed method for solving problems in malware detection techniques. Deep Learning algorithm such as Deep Neural Network has succeeded in resolving the malware problem by producing an accuracy rate of 99.42%, precision level 99% and recall 99.4%.
4
Jiang, Changnan, Kanglong Yin, Chunhe Xia, and Weidong Huang. "FedHGCDroid: An Adaptive Multi-Dimensional Federated Learning for Privacy-Preserving Android Malware Classification." Entropy 24, no. 7 (July 1, 2022): 919. http://dx.doi.org/10.3390/e24070919.
Full textAbstract:
With the popularity of Android and its open source, the Android platform has become an attractive target for hackers, and the detection and classification of malware has become a research hotspot. Existing malware classification methods rely on complex manual operation or large-volume high-quality training data. However, malware data collected by security providers contains user privacy information, such as user identity and behavior habit information. The increasing concern for user privacy poses a challenge to the current malware classification scheme. Based on this problem, we propose a new android malware classification scheme based on Federated learning, named FedHGCDroid, which classifies malware on Android clients in a privacy-protected manner. Firstly, we use a convolutional neural network and graph neural network to design a novel multi-dimensional malware classification model HGCDroid, which can effectively extract malicious behavior features to classify the malware accurately. Secondly, we introduce an FL framework to enable distributed Android clients to collaboratively train a comprehensive Android malware classification model in a privacy-preserving way. Finally, to adapt to the non-IID distribution of malware on Android clients, we propose a contribution degree-based adaptive classifier training mechanism FedAdapt to improve the adaptability of the malware classifier based on Federated learning. Comprehensive experimental studies on the Androzoo dataset (under different non-IID data settings) show that the FedHGCDroid achieves more adaptability and higher accuracy than the other state-of-the-art methods.
5
Mas`ud, Mohd Zaki, Shahrin Sahib, ., Mohd Faizal Abdollah, Siti Rahayu Selamat, and Robiah Yusof. "Android Malware Detection System Classification." Research Journal of Information Technology 6, no. 4 (April 1, 2014): 325–41. http://dx.doi.org/10.3923/rjit.2014.325.341.
Full text
6
Niu, Weina, Rong Cao, Xiaosong Zhang, Kangyi Ding, Kaimeng Zhang, and Ting Li. "OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning." Sensors 20, no. 13 (June 29, 2020): 3645. http://dx.doi.org/10.3390/s20133645.
Full textAbstract:
Due to the openness of an Android system, many Internet of Things (IoT) devices are running the Android system and Android devices have become a common control terminal for IoT devices because of various sensors on them. With the popularity of IoT devices, malware on Android-based IoT devices is also increasing. People’s lives and privacy security are threatened. To reduce such threat, many researchers have proposed new methods to detect Android malware. Currently, most malware detection products on the market are based on malware signatures, which have a fast detection speed and normally a low false alarm rate for known malware families. However, they cannot detect unknown malware and are easily evaded by malware that is confused or packaged. Many new solutions use syntactic features and machine learning techniques to classify Android malware. It has been known that analysis of the Function Call Graph (FCG) can capture behavioral features of malware well. This paper presents a new approach to classifying Android malware based on deep learning and OpCode-level FCG. The FCG is obtained through static analysis of Operation Code (OpCode), and the deep learning model we used is the Long Short-Term Memory (LSTM). We conducted experiments on a dataset with 1796 Android malware samples classified into two categories (obtained from Virusshare and AndroZoo) and 1000 benign Android apps. Our experimental results showed that our proposed approach with an accuracy of 97 % outperforms the state-of-the-art methods such as those proposed by Nikola et al. and Hou et al. (IJCAI-18) with the accuracy of 97 % and 91 % , respectively. The time consumption of our proposed approach is less than the other two methods.
7
Kumar, Ajit, Vinti Agarwal, Shishir Kumar Shandilya, Andrii Shalaginov, Saket Upadhyay, and Bhawna Yadav. "PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting." Future Internet 12, no. 4 (April 12, 2020): 66. http://dx.doi.org/10.3390/fi12040066.
Full textAbstract:
Android malware has become the topmost threat for the ubiquitous and useful Android ecosystem. Multiple solutions leveraging big data and machine-learning capabilities to detect Android malware are being constantly developed. Too often, these solutions are either limited to research output or remain isolated and incapable of reaching end users or malware researchers. An earlier work named PACE (Platform for Android Malware Classification and Performance Evaluation), was introduced as a unified solution to offer open and easy implementation access to several machine-learning-based Android malware detection techniques, that makes most of the research reproducible in this domain. The benefits of PACE are offered through three interfaces: Representational State Transfer (REST) Application Programming Interface (API), Web Interface, and Android Debug Bridge (ADB) interface. These multiple interfaces enable users with different expertise such as IT administrators, security practitioners, malware researchers, etc. to use their offered services. In this paper, we propose PACER (Platform for Android Malware Classification, Performance Evaluation, and Threat Reporting), which extends PACE by adding threat intelligence and reporting functionality for the end-user device through the ADB interface. A prototype of the proposed platform is introduced, and our vision is that it will help malware analysts and end users to tackle challenges and reduce the amount of manual work.
8
Singh, Jaiteg, Deepak Thakur, Farman Ali, Tanya Gera, and Kyung Sup Kwak. "Deep Feature Extraction and Classification of Android Malware Images." Sensors 20, no. 24 (December 8, 2020): 7013. http://dx.doi.org/10.3390/s20247013.
Full textAbstract:
The Android operating system has gained popularity and evolved rapidly since the previous decade. Traditional approaches such as static and dynamic malware identification techniques require a lot of human intervention and resources to design the malware classification model. The real challenge lies with the fact that inspecting all files of the application structure leads to high processing time, more storage, and manual effort. To solve these problems, optimization algorithms and deep learning has been recently tested for mitigating malware attacks. This manuscript proposes Summing of neurAl aRchitecture and VisualizatiOn Technology for Android Malware identification (SARVOTAM). The system converts the malware non-intuitive features into fingerprint images to extract the quality information. A fine-tuned Convolutional Neural Network (CNN) is used to automatically extract rich features from visualized malware thus eliminating the feature engineering and domain expert cost. The experiments were done using the DREBIN dataset. A total of fifteen different combinations of the Android malware image sections were used to identify and classify Android malware. The softmax layer of CNN was substituted with machine learning algorithms like K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Random Forest (RF) to analyze the grayscale malware images. It observed that CNN-SVM model outperformed original CNN as well as CNN-KNN, and CNN-RF. The classification results showed that our method is able to achieve an accuracy of 92.59% using Android certificates and manifest malware images. This paper reveals the lightweight solution and much precise option for malware identification.
9
Gupta, Charu, Rakesh Kumar Singh, Simran Kaur Bhatia, and Amar Kumar Mohapatra. "DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications." International Journal of Information Security and Privacy 14, no. 4 (October 2020): 57–73. http://dx.doi.org/10.4018/ijisp.2020100104.
Full textAbstract:
Widespread use of Android-based applications on the smartphones has resulted in significant growth of security attack incidents. Malware-based attacks are the most common attacks on Android-based smartphones. To forestall malware from attacking the users, a much better understanding of Android malware and its behaviour is required. In this article, an approach to classify and characterise the malicious behaviour of Android applications using static features, data flow analysis, and machine learning techniques has been proposed. Static features like hardware components, permissions, Android components and inter-component communication along with unique source-sink pairs obtained from data flow analysis have been used to extract the features of the Android applications. Based on the features extracted, the malicious behaviour of the applications has been classified to their respective malware family. The proposed approach has given 95.19% accuracy rate and F1 measure of 92.19302 with the largest number of malware families classified as compared to previous work.
10
Jiao, Jian, Qiyuan Liu, Xin Chen, and Hongsheng Cao. "Behavior Intention Derivation of Android Malware Using Ontology Inference." Journal of Electrical and Computer Engineering 2018 (2018): 1–13. http://dx.doi.org/10.1155/2018/9250297.
Full textAbstract:
Previous researches on Android malware mainly focus on malware detection, and malware’s evolution makes the process face certain hysteresis. The information presented by these detected results (malice judgment, family classification, and behavior characterization) is limited for analysts. Therefore, a method is needed to restore the intention of malware, which reflects the relation between multiple behaviors of complex malware and its ultimate purpose. This paper proposes a novel description and derivation model of Android malware intention based on the theory of intention and malware reverse engineering. This approach creates ontology for malware intention to model the semantic relation between behaviors and its objects and automates the process of intention derivation by using SWRL rules transformed from intention model and Jess inference engine. Experiments on 75 typical samples show that the inference system can perform derivation of malware intention effectively, and 89.3% of the inference results are consistent with artificial analysis, which proves the feasibility and effectiveness of our theory and inference system.
11
Akintola, Abimbola G., Abdullateef O. Balogun, Luiz Fernando Capretz, Hammed A. Mojeed, Shuib Basri, Shakirat A. Salihu, Fatima E. Usman-Hamza, Peter O. Sadiku, Ghaniyyat B. Balogun, and Zubair O. Alanamu. "Empirical Analysis of Forest Penalizing Attribute and Its Enhanced Variations for Android Malware Detection." Applied Sciences 12, no. 9 (May 6, 2022): 4664. http://dx.doi.org/10.3390/app12094664.
Full textAbstract:
As a result of the rapid advancement of mobile and internet technology, a plethora of new mobile security risks has recently emerged. Many techniques have been developed to address the risks associated with Android malware. The most extensively used method for identifying Android malware is signature-based detection. The drawback of this method, however, is that it is unable to detect unknown malware. As a consequence of this problem, machine learning (ML) methods for detecting and classifying malware applications were developed. The goal of conventional ML approaches is to improve classification accuracy. However, owing to imbalanced real-world datasets, the traditional classification algorithms perform poorly in detecting malicious apps. As a result, in this study, we developed a meta-learning approach based on the forest penalizing attribute (FPA) classification algorithm for detecting malware applications. In other words, with this research, we investigated how to improve Android malware detection by applying empirical analysis of FPA and its enhanced variants (Cas_FPA and RoF_FPA). The proposed FPA and its enhanced variants were tested using the Malgenome and Drebin Android malware datasets, which contain features gathered from both static and dynamic Android malware analysis. Furthermore, the findings obtained using the proposed technique were compared with baseline classifiers and existing malware detection methods to validate their effectiveness in detecting malware application families. Based on the findings, FPA outperforms the baseline classifiers and existing ML-based Android malware detection models in dealing with the unbalanced family categorization of Android malware apps, with an accuracy of 98.94% and an area under curve (AUC) value of 0.999. Hence, further development and deployment of FPA-based meta-learners for Android malware detection and other cybersecurity threats is recommended.
12
Taher, Fatma, Omar AlFandi, Mousa Al-kfairy, Hussam Al Hamadi, and Saed Alrabaee. "DroidDetectMW: A Hybrid Intelligent Model for Android Malware Detection." Applied Sciences 13, no. 13 (June 29, 2023): 7720. http://dx.doi.org/10.3390/app13137720.
Full textAbstract:
Malicious apps specifically aimed at the Android platform have increased in tandem with the proliferation of mobile devices. Malware is now so carefully written that it is difficult to detect. Due to the exponential growth in malware, manual methods of malware are increasingly ineffective. Although prior writers have proposed numerous high-quality approaches, static and dynamic assessments inherently necessitate intricate procedures. The obfuscation methods used by modern malware are incredibly complex and clever. As a result, it cannot be detected using only static malware analysis. As a result, this work presents a hybrid analysis approach, partially tailored for multiple-feature data, for identifying Android malware and classifying malware families to improve Android malware detection and classification. This paper offers a hybrid method that combines static and dynamic malware analysis to give a full view of the threat. Three distinct phases make up the framework proposed in this research. Normalization and feature extraction procedures are used in the first phase of pre-processing. Both static and dynamic features undergo feature selection in the second phase. Two feature selection strategies are proposed to choose the best subset of features to use for both static and dynamic features. The third phase involves applying a newly proposed detection model to classify android apps; this model uses a neural network optimized with an improved version of HHO. Application of binary and multi-class classification is used, with binary classification for benign and malware apps and multi-class classification for detecting malware categories and families. By utilizing the features gleaned from static and dynamic malware analysis, several machine-learning methods are used for malware classification. According to the results of the experiments, the hybrid approach improves the accuracy of detection and classification of Android malware compared to the scenario when considering static and dynamic information separately.
13
Alswaina, Fahad, and Khaled Elleithy. "Android Malware Family Classification and Analysis: Current Status and Future Directions." Electronics 9, no. 6 (June 5, 2020): 942. http://dx.doi.org/10.3390/electronics9060942.
Full textAbstract:
Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.
14
Abuthawabeh, Mohammad, and Khaled Mahmoud. "Enhanced Android Malware Detection and Family Classification, using Conversation-level Network Traffic Features." International Arab Journal of Information Technology 17, no. 4A (July 31, 2020): 607–14. http://dx.doi.org/10.34028/iajit/17/4a/4.
Full textAbstract:
Signature-based malware detection algorithms are facing challenges to cope with the massive number of threats in the Android environment. In this paper, conversation-level network traffic features are extracted and used in a supervised-based model. This model was used to enhance the process of Android malware detection, categorization, and family classification. The model employs the ensemble learning technique in order to select the most useful features among the extracted features. A real-world dataset called CICAndMal2017 was used in this paper. The results show that Extra-trees classifier had achieved the highest weighted accuracy percentage among the other classifiers by 87.75%, 79.97%, and 66.71%for malware detection, malware categorization, and malware family classification respectively. A comparison with another study that uses the same dataset was made. This study has achieved a significant enhancement in malware family classification and malware categorization. For malware family classification, the enhancement was 39.71% for precision and 41.09% for recall. The rate of enhancement for the Android malware categorization was 30.2% and 31.14% for precision and recall, respectively
15
Taha, Altyeb, Omar Barukab, and Sharaf Malebary. "Fuzzy Integral-Based Multi-Classifiers Ensemble for Android Malware Classification." Mathematics 9, no. 22 (November 12, 2021): 2880. http://dx.doi.org/10.3390/math9222880.
Full textAbstract:
One of the most commonly used operating systems for smartphones is Android. The open-source nature of the Android operating system and the ability to include third-party Android apps from various markets has led to potential threats to user privacy. Malware developers use sophisticated methods that are intentionally designed to bypass the security checks currently used in smartphones. This makes effective detection of Android malware apps a difficult problem and important issue. This paper proposes a novel fuzzy integral-based multi-classifier ensemble to improve the accuracy of Android malware classification. The proposed approach utilizes the Choquet fuzzy integral as an aggregation function for the purpose of combining and integrating the classification results of several classifiers such as XGBoost, Random Forest, Decision Tree, AdaBoost, and LightGBM. Moreover, the proposed approach utilizes an adaptive fuzzy measure to consider the dynamic nature of the data in each classifier and the consistency and coalescence between each possible subset of classifiers. This enables the proposed approach to aggregate the classification results from the multiple classifiers. The experimental results using the dataset, consisting of 9476 Android goodware apps and 5560 malware Android apps, show that the proposed approach for Android malware classification based on the Choquet fuzzy integral technique outperforms the single classifiers and achieves the highest accuracy of 95.08%.
16
Taha, Altyeb, and Omar Barukab. "Android Malware Classification Using Optimized Ensemble Learning Based on Genetic Algorithms." Sustainability 14, no. 21 (November 3, 2022): 14406. http://dx.doi.org/10.3390/su142114406.
Full textAbstract:
The continuous increase in Android malware applications (apps) represents a significant danger to the privacy and security of users’ information. Therefore, effective and efficient Android malware app-classification techniques are needed. This paper presents a method for Android malware classification using optimized ensemble learning based on genetic algorithms. The suggested method is divided into two steps. First, a base learner is used to handle various machine learning algorithms, including support vector machine (SVM), logistic regression (LR), gradient boosting (GB), decision tree (DT), and AdaBoost (ADA) classifiers. Second, a meta learner RF-GA, utilizing genetic algorithm (GA) to optimize the parameters of a random forest (RF) algorithm, is employed to classify the prediction probabilities from the base learner. The genetic algorithm is used to optimize the parameter settings in the RF algorithm in order to obtain the highest Android malware classification accuracy. The effectiveness of the proposed method was examined on a dataset consisting of 5560 Android malware apps and 9476 goodware apps. The experimental results demonstrate that the suggested ensemble-learning strategy for classifying Android malware apps, which is based on an optimized random forest using genetic algorithms, outperformed the other methods and achieved the highest accuracy (94.15%), precision (94.15%), and area under the curve (AUC) (98.10%).
17
Massarelli, Luca, Leonardo Aniello, Claudio Ciccotelli, Leonardo Querzoni, Daniele Ucci, and Roberto Baldoni. "AndroDFA: Android Malware Classification Based on Resource Consumption." Information 11, no. 6 (June 16, 2020): 326. http://dx.doi.org/10.3390/info11060326.
Full textAbstract:
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results.
18
Milosevic, Nikola, Ali Dehghantanha, and Kim-Kwang Raymond Choo. "Machine learning aided Android malware classification." Computers & Electrical Engineering 61 (July 2017): 266–74. http://dx.doi.org/10.1016/j.compeleceng.2017.02.013.
Full text
19
Liu, Pengfei, Weiping Wang, Shigeng Zhang, and Hong Song. "ImageDroid: Using Deep Learning to Efficiently Detect Android Malware and Automatically Mark Malicious Features." Security and Communication Networks 2023 (April 7, 2023): 1–11. http://dx.doi.org/10.1155/2023/5393890.
Full textAbstract:
The popularity of the Android platform has led to an explosion in malware. The current research on Android malware mainly focuses on malware detection or malware family classification. These studies need to extract a large number of features, which consumes a lot of manpower and material resources. Moreover, some malware use obfuscation to evade decompiler tools extracting features. To address these problems, we propose ImageDroid, a method based on the image format of Android applications that can not only detect and classify malware without prior knowledge but also detect the obfuscated malware. Furthermore, we utilize the Grad-CAM interpretable mechanism of the deep learning model to automatically label the image that play a key role in determining maliciousness in a visual way. We evaluate ImageDroid over 10,000 Android applications. Experimental results show that the accuracy of malicious detection and multifamily classification achieve 97.2% and 95.1%, respectively, and the detection accuracy of obfuscated malware achieves 94.6%.
20
Malik, Sapna, and Kiran Khatter. "Malicious Application Detection and Classification System for Android Mobiles." International Journal of Ambient Computing and Intelligence 9, no. 1 (January 2018): 95–114. http://dx.doi.org/10.4018/ijaci.2018010106.
Full textAbstract:
The Android Mobiles constitute a large portion of mobile market which also attracts the malware developer for malicious gains. Every year hundreds of malwares are detected in the Android market. Unofficial and Official Android market such as Google Play Store are infested with fake and malicious apps which is a warning alarm for naive user. Guided by this insight, this paper presents the malicious application detection and classification system using machine learning techniques by extracting and analyzing the Android Permission Feature of the Android applications. For the feature extraction, the authors of this work have developed the AndroData tool written in shell script and analyzed the extracted features of 1060 Android applications with machine learning algorithms. They have achieved the malicious application detection and classification accuracy of 98.2% and 87.3%, respectively with machine learning techniques.
21
Rashed, Mohammed, and Guillermo Suarez-Tangil. "An Analysis of Android Malware Classification Services." Sensors 21, no. 16 (August 23, 2021): 5671. http://dx.doi.org/10.3390/s21165671.
Full textAbstract:
The increasing number of Android malware forced antivirus (AV) companies to rely on automated classification techniques to determine the family and class of suspicious samples. The research community relies heavily on such labels to carry out prevalence studies of the threat ecosystem and to build datasets that are used to validate and benchmark novel detection and classification methods. In this work, we carry out an extensive study of the Android malware ecosystem by surveying white papers and reports from 6 key players in the industry, as well as 81 papers from 8 top security conferences, to understand how malware datasets are used by both. We, then, explore the limitations associated with the use of available malware classification services, namely VirusTotal (VT) engines, for determining the family of an Android sample. Using a dataset of 2.47 M Android malware samples, we find that the detection coverage of VT’s AVs is generally very low, that the percentage of samples flagged by any 2 AV engines does not go beyond 52%, and that common families between any pair of AV engines is at best 29%. We rely on clustering to determine the extent to which different AV engine pairs agree upon which samples belong to the same family (regardless of the actual family name) and find that there are discrepancies that can introduce noise in automatic label unification schemes. We also observe the usage of generic labels and inconsistencies within the labels of top AV engines, suggesting that their efforts are directed towards accurate detection rather than classification. Our results contribute to a better understanding of the limitations of using Android malware family labels as supplied by common AV engines.
22
Bagui, Sikha, and Daniel Benson. "Android Adware Detection Using Machine Learning." International Journal of Cyber Research and Education 3, no. 2 (July 2021): 1–19. http://dx.doi.org/10.4018/ijcre.2021070101.
Full textAbstract:
Adware, an advertising-supported software, becomes a type of malware when it automatically delivers unwanted advertisements to an infected device, steals user information, and opens other vulnerabilities that allow other malware and adware to be installed. With the rise of more and complex evasive malware, specifically adware, better methods of detecting adware are required. Though a lot of work has been done on malware detection in general, very little focus has been put on the adware family. The novelty of this paper lies in analyzing the individual adware families. To date, no work has been done on analyzing the individual adware families. In this paper, using the CICAndMal2017 dataset, feature selection is performed using information gain, and classification is performed using machine learning. The best attributes for classification of each of the individual adware families using network traffic samples are presented. The results present an average classification rate that is an improvement over previous works for classification of individual adware families.
23
Elsersy, Wael F., Ali Feizollah, and Nor Badrul Anuar. "The rise of obfuscated Android malware and impacts on detection methods." PeerJ Computer Science 8 (March 9, 2022): e907. http://dx.doi.org/10.7717/peerj-cs.907.
Full textAbstract:
The various application markets are facing an exponential growth of Android malware. Every day, thousands of new Android malware applications emerge. Android malware hackers adopt reverse engineering and repackage benign applications with their malicious code. Therefore, Android applications developers tend to use state-of-the-art obfuscation techniques to mitigate the risk of application plagiarism. The malware authors adopt the obfuscation and transformation techniques to defeat the anti-malware detections, which this paper refers to as evasions. Malware authors use obfuscation techniques to generate new malware variants from the same malicious code. The concern of encountering difficulties in malware reverse engineering motivates researchers to secure the source code of benign Android applications using evasion techniques. This study reviews the state-of-the-art evasion tools and techniques. The study criticizes the existing research gap of detection in the latest Android malware detection frameworks and challenges the classification performance against various evasion techniques. The study concludes the research gaps in evaluating the current Android malware detection framework robustness against state-of-the-art evasion techniques. The study concludes the recent Android malware detection-related issues and lessons learned which require researchers’ attention in the future.
24
Albakri, Ashwag, Fatimah Alhayan, Nazik Alturki, Saahirabanu Ahamed, and Shermin Shamsudheen. "Metaheuristics with Deep Learning Model for Cybersecurity and Android Malware Detection and Classification." Applied Sciences 13, no. 4 (February 8, 2023): 2172. http://dx.doi.org/10.3390/app13042172.
Full textAbstract:
Since the development of information systems during the last decade, cybersecurity has become a critical concern for many groups, organizations, and institutions. Malware applications are among the commonly used tools and tactics for perpetrating a cyberattack on Android devices, and it is becoming a challenging task to develop novel ways of identifying them. There are various malware detection models available to strengthen the Android operating system against such attacks. These malware detectors categorize the target applications based on the patterns that exist in the features present in the Android applications. As the analytics data continue to grow, they negatively affect the Android defense mechanisms. Since large numbers of unwanted features create a performance bottleneck for the detection mechanism, feature selection techniques are found to be beneficial. This work presents a Rock Hyrax Swarm Optimization with deep learning-based Android malware detection (RHSODL-AMD) model. The technique presented includes finding the Application Programming Interfaces (API) calls and the most significant permissions, which results in effective discrimination between the good ware and malware applications. Therefore, an RHSO based feature subset selection (RHSO-FS) technique is derived to improve the classification results. In addition, the Adamax optimizer with attention recurrent autoencoder (ARAE) model is employed for Android malware detection. The experimental validation of the RHSODL-AMD technique on the Andro-AutoPsy dataset exhibits its promising performance, with a maximum accuracy of 99.05%.
25
Et.al, Shafiu Musa. "HEFESTDROID: Highly Effective Features for Android Malware Detection and Analysis." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 3 (April 10, 2021): 4676–82. http://dx.doi.org/10.17762/turcomat.v12i3.1884.
Full textAbstract:
Rapid globalization and advances in mobile technology have brought about phenomenal attention and great opportunities for android application developers to contribute meaningfully to the global digital market. The android mobile platform being one of the famous mobile operating systems has the highest number of applications in the digital market with a total market share of 76.23% between August 2018 and August 2019, according to a report of global stats counter. However, the substantial number of applications on the platform has led to a great number of malware attacks on the user’s privacy and sensitive documents. Consequently, a significant number of malware detection studies have been carried out to reduce the number of malware attacks. This paper analyses the impact of using highly effective android permission features to decipher the problem malware attack. The Highly Effective Features for Android Malware Detection and Analysis (HEFEST) summarises four effective android permission features to be considered in conducting malware detection analysis and classifications. The features recognized in this study are; Normal Declared Permission, Dangerous Permission, Signature-Based Permission, and Signature-or-system. The selection is based on the capabilities of the features in depicting the behaviors of android apps. The research data are drawn from Drebin open source, the dataset comprises 15,036 benign and malicious applications extracted from 215 distinct features, the records 9,026 were malicious and 6,010 benign applications. However, this research compares the detection accuracy of android permission features using machine learning-based algorithms; Support Vector Machine, and K-Nearest Neighbor to achieve a comprehensive accuracy ratio of malware detection, the classifier has a strong accuracy decision of classification and exceptional computational efficiency. The model correctly classified 2,812 out of 2,869 malicious applications appropriately with an accuracy of 98.0% and also classified 1,607 out of 1,642 accurately with a success rate of 97.9%. Generally, 98.0% of classification accuracy was archived.
26
Naeem, Hamad, Amjad Alsirhani, Mohammed Mujib Alshahrani, and Abdullah Alomari. "Android Device Malware Classification Framework Using Multistep Image Feature Extraction and Multihead Deep Neural Ensemble." Traitement du Signal 39, no. 3 (June 30, 2022): 991–1003. http://dx.doi.org/10.18280/ts.390326.
Full textAbstract:
The incidence of malicious threats to computer systems has increased with the increasing use of Android devices and high-speed Internet. Malware visualization mechanism can analyze a computer whenever a software or system crash occurs because of malicious activity. This paper presents a new malware classification approach to recognize such Android device malware families by capturing suspicious processes in the form of different size color images. Important local and global characteristics of color images are extracted through a combined local and global feature descriptor (structure based local and statistical based global combined texture analysis) to reduce the training complexity of neural networks. A multihead ensemble of neural networks is proposed to increase network classification performance by merging prediction results from weak learners (convolutional neural network + gated recurrent unit) and using them as learning input to a multi-layer perceptron meta learner. Two public datasets of Android device malware are used to evaluate the classification and detection performance of the proposed approach. A baseline is established to compare the classification performance of the proposed approach with those of state-of-the-art and previous malware detection approaches. The proposed multihead ensemble improved the malware classification performance, with up to 97.8%, accuracy with the R2-D2 dataset and 94.1% accuracy with the MalNet dataset. The overall results show that a multihead ensemble with multi-step feature extraction is a practical approach to classify and detect Android malware.
27
Saputra, Hendra, Setio Basuki, and Mahar Faiqurahman. "Implementasi teknik seleksi fitur pada klasifikasi malware Android menggunakan support vector machine (SVM)." Repositor 1, no. 1 (October 8, 2019): 1. http://dx.doi.org/10.22219/repositor.v1i1.1.
Full textAbstract:
AbstrakPertumbuhan Malware Android telah meningkat secara signifikan seiring dengan majunya jaman dan meninggkatnya keragaman teknik dalam pengembangan Android. Teknik Machine Learning adalah metode yang saat ini bisa kita gunakan dalam memodelkan pola fitur statis dan dinamis dari Malware Android. Dalam tingkat keakurasian dari klasifikasi jenis Malware peneliti menghubungkan antara fitur aplikasi dengan fitur yang dibutuhkan dari setiap jenis kategori Malware. Kategori jenis Malware yang digunakan merupakan jenis Malware yang banyak beredar saat ini. Untuk mengklasifikasi jenis Malware pada penelitian ini digunakan Support Vector Machine (SVM). Jenis SVM yang akan digunakan adalah class SVM one against one menggunakan Kernel RBF. Fitur yang akan dipakai dalam klasifikasi ini adalah Permission dan Broadcast Receiver. Untuk meningkatkan akurasi dari hasil klasifikasi pada penelitian ini digunakan metode Seleksi Fitur. Seleksi Fitur yang digunakan ialah Correlation-based Feature Selection (CSF), Gain Ratio (GR) dan Chi-Square (CHI). Hasil dari Seleksi Fitur akan di evaluasi bersama dengan hasil yang tidak menggunakan Seleksi Fitur. Akurasi klasifikasi Seleksi Fitur CFS menghasilkan akurasi sebesar 90.83% , GR dan CHI sebesar 91.25% dan data yang tidak menggunakan Seleksi Fitur sebesar 91.67%. Hasil dari pengujian menunjukan bahwa Permission dan Broadcast Receiver bisa digunakan dalam mengklasifikasi jenis Malware, akan tetapi metode Seleksi Fitur yang digunakan mempunyai akurasi yang berada sedikit dibawah data yang tidak menggunakan Seleksi Fitur. Kata kunci: klasifikasi malware android, seleksi fitur, SVM dan multi class SVM one agains one Abstract Android Malware has growth significantly along with the advance of the times and the increasing variety of technique in the development of Android. Machine Learning technique is a method that now we can use in the modeling the pattern of a static and dynamic feature of Android Malware. In the level of accuracy of the Malware type classification, the researcher connect between the application feature with the feature required by each types of Malware category. The category of malware used is a type of Malware that many circulating today, to classify the type of Malware in this study used Support Vector Machine (SVM). The SVM type wiil be used is class SVM one against one using the RBF Kernel. The feature will be used in this classification are the Permission and Broadcast Receiver. To improve the accuracy of the classification result in this study used Feature Selection method. Selection of feature used are Correlation-based Feature Selection (CFS), Gain Ratio (GR) and Chi-Square (CHI). Result from Feature Selection will be evaluated together with result that not use Feature Selection. Accuracy Classification Feature Selection CFS result accuracy of 90.83%, GR and CHI of 91.25% and data that not use Feature Selection of 91.67%. The result of testing indicate that permission and broadcast receiver can be used in classyfing type of Malware, but the Feature Selection method that used have accuracy is a little below the data that are not using Feature Selection. Keywords: Classification Android Malware, Feature Selection, SVM and Multi Class SVM one against one
28
AL-Akhras, Mousa, Abdulrhman ALMohawes, Hani Omar, amer Atawneh, and Samah Alhazmi. "Android malicious attacks detection models using machine learning techniques based on permissions." International Journal of Data and Network Science 7, no. 4 (2023): 2053–76. http://dx.doi.org/10.5267/j.ijdns.2023.8.019.
Full textAbstract:
The Android operating system is the most used mobile operating system in the world, and it is one of the most popular operating systems for different kinds of devices from smartwatches, IoT, and TVs to mobiles and cockpits in cars. Security is the main challenge to any operating system. Android malware attacks and vulnerabilities are known as emerging risks for mobile devices. The development of Android malware has been observed to be at an accelerated speed. Most Android security breaches permitted by permission misuse are amongst the most critical and prevalent issues threatening Android OS security. This research performs several studies on malware and non-malware applications to provide a recently updated dataset. The goal of proposed models is to find a combination of noise-cleaning algorithms, features selection techniques, and classification algorithms that are noise-tolerant and can achieve high accuracy results in detecting new Android malware. The results from the empirical experiments show that the proposed models are able to detect Android malware with an accuracy that reaches 87%, despite the noise in the dataset. We also find that the best classification results are achieved using the RF algorithm. This work can be extended in many ways by applying higher noise ratios and running more classifiers and optimizers.
29
Ren, Bingfei, Chuanchang Liu, Bo Cheng, Jie Guo, and Junliang Chen. "MobiSentry: Towards Easy and Effective Detection of Android Malware on Smartphones." Mobile Information Systems 2018 (November 21, 2018): 1–14. http://dx.doi.org/10.1155/2018/4317501.
Full textAbstract:
Android platform is increasingly targeted by attackers due to its popularity and openness. Traditional defenses to malware are largely reliant on expert analysis to design the discriminative features manually, which are easy to bypass with the use of sophisticated detection avoidance techniques. Therefore, more effective and easy-to-use approaches for detection of Android malware are in demand. In this paper, we present MobiSentry, a novel lightweight defense system for malware classification and categorization on smartphones. Besides conventional static features such as permissions and API calls, MobiSentry also employs the N-gram features of operation codes (n-opcode). We present two comprehensive performance comparisons among several state-of-the-art classification algorithms with multiple evaluation metrics: (1) malware detection on 184,486 benign applications and 21,306 malware samples, and (2) malware categorization on DREBIN, the largest labeled Android malware datasets. We utilize the ensemble of these supervised classifiers to design MobiSentry, which outperforms several related approaches and gives a satisfying performance in the evaluation. Furthermore, we integrate MobiSentry with Android OS that enables smartphones with Android to extract features and to predict whether the application is benign or malicious. Experimental results on real smartphones show that users can easily and effectively protect their devices against malware through this system with a small run-time overhead.
30
Khatter, Kiran, and Sapna Malik. "Ranking and Risk Factor Scheme for Malicious applications detection and Classifications." International Journal of Information System Modeling and Design 9, no. 3 (July 2018): 67–84. http://dx.doi.org/10.4018/ijismd.2018070104.
Full textAbstract:
Being an open source operating system, android mobiles are attacked by hundreds of malware every year. Moreover, malware are using many veiled techniques that makes it difficult to detect them. Android official markets and the Google Play Store are also not left untouched by malware. This article presents the Ranking and Risk Factor Scheme (RRFS), a hybrid intrusion detection technique for Android devices for the detection of malicious android applications. Ranking and risk factor schemes perform an analysis of Android permissions requested and system calls invoked features by ranking these features with some criteria and calculating the risk factor of each application for the detection and classification of malicious applications of 81 malware families. In the results, the ranking and risk factor scheme outperforms several related approaches and has the detection and classification performance of 99.2% and 88.7%, respectively and proved fast, an energy-efficient technique for resource constraint mobile device
31
Chen, Tieming, Qingyu Mao, Yimin Yang, Mingqi Lv, and Jianming Zhu. "TinyDroid: A Lightweight and Efficient Model for Android Malware Detection and Classification." Mobile Information Systems 2018 (October 17, 2018): 1–9. http://dx.doi.org/10.1155/2018/4157156.
Full textAbstract:
With the popularity of Android applications, Android malware has an exponential growth trend. In order to detect Android malware effectively, this paper proposes a novel lightweight static detection model, TinyDroid, using instruction simplification and machine learning technique. First, a symbol-based simplification method is proposed to abstract the opcode sequence decompiled from Android Dalvik Executable files. Then, N-gram is employed to extract features from the simplified opcode sequence, and a classifier is trained for the malware detection and classification tasks. To improve the efficiency and scalability of the proposed detection model, a compression procedure is also used to reduce features and select exemplars for the malware sample dataset. TinyDroid is compared against the state-of-the-art antivirus tools in real world using Drebin dataset. The experimental results show that TinyDroid can get a higher accuracy rate and lower false alarm rate with satisfied efficiency.
32
Wu, Bozhi, Sen Chen, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, and Michael R. Lyu. "Why an Android App Is Classified as Malware." ACM Transactions on Software Engineering and Methodology 30, no. 2 (March 2021): 1–29. http://dx.doi.org/10.1145/3423096.
Full textAbstract:
Machine learning–(ML) based approach is considered as one of the most promising techniques for Android malware detection and has achieved high accuracy by leveraging commonly used features. In practice, most of the ML classifications only provide a binary label to mobile users and app security analysts. However, stakeholders are more interested in the reason why apps are classified as malicious in both academia and industry. This belongs to the research area of interpretable ML but in a specific research domain (i.e., mobile malware detection). Although several interpretable ML methods have been exhibited to explain the final classification results in many cutting-edge Artificial Intelligent–based research fields, until now, there is no study interpreting why an app is classified as malware or unveiling the domain-specific challenges. In this article, to fill this gap, we propose a novel and interpretable ML-based approach (named XMal ) to classify malware with high accuracy and explain the classification result meanwhile. (1) The first classification phase of XMal hinges multi-layer perceptron and attention mechanism and also pinpoints the key features most related to the classification result. (2) The second interpreting phase aims at automatically producing neural language descriptions to interpret the core malicious behaviors within apps. We evaluate the behavior description results by leveraging a human study and an in-depth quantitative analysis. Moreover, we further compare XMal with the existing interpretable ML-based methods (i.e., Drebin and LIME) to demonstrate the effectiveness of XMal . We find that XMal is able to reveal the malicious behaviors more accurately. Additionally, our experiments show that XMal can also interpret the reason why some samples are misclassified by ML classifiers. Our study peeks into the interpretable ML through the research of Android malware detection and analysis.
33
Acharya, Saket, Umashankar Rawat, and Roheet Bhatnagar. "A Comprehensive Review of Android Security: Threats, Vulnerabilities, Malware Detection, and Analysis." Security and Communication Networks 2022 (June 29, 2022): 1–34. http://dx.doi.org/10.1155/2022/7775917.
Full textAbstract:
The popularity and open-source nature of Android devices have resulted in a dramatic growth of Android malware. Malware developers are also able to evade the detection methods, reducing the efficiency of malware detection techniques. It is hence desirable that security researchers and experts come up with novel and more efficient methods to analyze existing and zero-day Android malware. Most of the researchers have focused on Android system security. However, to examine Android security, with a specific focus on malware development, investigation of malware prevention techniques and already known malware detection techniques needs a broad inclusion. To overcome the research gaps, this paper provides a broad review of current Android security concerns, security implementation enhancements, significant malware detected during 2017–2021, and stealth procedures used by the malware developers along with the current Android malware detection techniques. A comparative analysis is presented between this article and similar recent survey articles to fill the existing research gaps. In the end, a three-phase model is proposed to efficiently identify and characterize Android malware. In the first phase, a lightweight deep transfer learning approach is used to classify Android applications into benign and malicious. In the second phase, the malicious applications are executed in a virtual emulator to reduce the number of false positives. Finally, the malicious applications having the same characteristic ratio are grouped into their corresponding families using the topic modelling approach. The proposed model can efficiently detect, characterize, and provide a familial classification of Android malware with a good accuracy rate.
34
Acharya, Saket, Umashankar Rawat, and Roheet Bhatnagar. "A Low Computational Cost Method for Mobile Malware Detection Using Transfer Learning and Familial Classification Using Topic Modelling." Applied Computational Intelligence and Soft Computing 2022 (June 13, 2022): 1–22. http://dx.doi.org/10.1155/2022/4119500.
Full textAbstract:
With the extensive use of Android applications, malware growth has been increasing drastically. The high popularity of Android devices has motivated malware developers to attack these devices. In recent times, most researchers and scholars have used deep learning approaches to detect Android malware. Although deep learning techniques provide good accuracy and efficiency, they require high computational cost to train huge and complex data sets. Hence, there is a need for an approach that can efficiently detect novel malware variants with a minimum computational cost. This paper proposes a novel framework for detecting and clustering Android malware using the transfer learning and the topic modelling approach. The transfer learning approach minimizes new training data by transferring well-known features from a qualified source model to a destination model, and hence, a high amount of computational power is not required. In addition, the proposed framework clusters the detected malware variants into their corresponding families with the help of Latent Dirichlet Allocation and hierarchical clustering techniques. For performance assessment, we performed several experiments with more than 50K Android application samples. In addition, we compared the performance of our framework with that of similar existing traditional machine learning and deep learning models. The proposed framework provides better accuracy of 98.3% during the classification stage by using the transfer learning approach as compared to other state-of-the-art Android malware detection techniques. The high precision value of 98.7% is obtained during the clustering stage while grouping the obtained malicious applications into their corresponding malware families.
35
FAN, Wenhao, Dong LIU, Fan WU, Bihua TANG, and Yuan'an LIU. "Android Malware Detection Based on Functional Classification." IEICE Transactions on Information and Systems E105.D, no. 3 (March 1, 2022): 656–66. http://dx.doi.org/10.1587/transinf.2021edp7133.
Full text
36
SALAMATU, ALIYU SULAIMAN, SURAJUDEEN ADEBAYO OLAWALE, IDRIS ISMAILA, and A. BASHIR SULAIMON. "ANDROID MALWARE CLASSIFICATION USING WHALE OPTIMIZATION ALGORITHM." i-manager's Journal on Mobile Applications and Technologies 5, no. 2 (2018): 37. http://dx.doi.org/10.26634/jmt.5.2.15631.
Full text
37
Swetha, K., and K. V.D.Kiran. "Survey on Mobile Malware Analysis and Detection." International Journal of Engineering & Technology 7, no. 2.32 (May 31, 2018): 279. http://dx.doi.org/10.14419/ijet.v7i2.32.15584.
Full textAbstract:
The amazing advances of mobile phones enable their wide utilize. Since mobiles are joined with pariah applications, bundles of security and insurance issues are incited. But, current mobile malware analysis and detection advances are as yet flawed, incapable, and incomprehensive. On account of particular qualities of mobiles such as constrained assets, user action and neighborhood correspondence ability, consistent system network, versatile malware detection faces new difficulties, particularly on remarkable runtime malware area. This paper provides overview on malware classification, methodologies of assessment, analysis and on and off device detection methods on android. The work mainly focuses on different classification algorithms which are used as a part of dynamic malware detection on android.
38
Gómez, Alfonso, and Antonio Muñoz. "Deep Learning-Based Attack Detection and Classification in Android Devices." Electronics 12, no. 15 (July 28, 2023): 3253. http://dx.doi.org/10.3390/electronics12153253.
Full textAbstract:
The increasing proliferation of Androidbased devices, which currently dominate the market with a staggering 72% global market share, has made them a prime target for attackers. Consequently, the detection of Android malware has emerged as a critical research area. Both academia and industry have explored various approaches to develop robust and efficient solutions for Android malware detection and classification, yet it remains an ongoing challenge. In this study, we present a supervised learning technique that demonstrates promising results in Android malware detection. The key to our approach lies in the creation of a comprehensive labeled dataset, comprising over 18,000 samples classified into five distinct categories: Adware, Banking, SMS, Riskware, and Benign applications. The effectiveness of our proposed model is validated using well-established datasets such as CICMalDroid2020, CICMalDroid2017, and CICAndMal2017. Comparing our results with state-of-the-art techniques in terms of precision, recall, efficiency, and other relevant factors, our approach outperforms other semi-supervised methods in specific parameters. However, we acknowledge that our model does not exhibit significant deviations when compared to alternative approaches concerning certain aspects. Overall, our research contributes to the ongoing efforts in the development of advanced techniques for Android malware detection and classification. We believe that our findings will inspire further investigations, leading to enhanced security measures and protection for Android devices in the face of evolving threats.
39
Bhattacharya, Abhishek, and Radha Tamal Goswami. "Community Based Feature Selection Method for Detection of Android Malware." Journal of Global Information Management 26, no. 3 (July 2018): 54–77. http://dx.doi.org/10.4018/jgim.2018070105.
Full textAbstract:
The amount of malware has been rising drastically as the Android operating system enabled smartphones and tablets are gaining popularity around the world in last couple of years. One of the popular methods of static detection techniques is permission/feature-based detection of malware through the AndroidManifest.xml file using machine learning classifiers. Ignoring important features or keeping irrelevant features may specifically cause mystification to classification algorithms. Therefore, to reduce classification time and improve accuracy, different feature reduction tools have been used in past literature. Community detection is one of the major tools in social network analysis but its implementation in the context of malware detection is quite rare. In this article, the authors introduce a community-based feature reduction technique for Android malware detection. The proposed method is evaluated on two datasets consisting of 3004 benign components and 1363 malware components. The proposed community-based feature reduction technique produces a classification accuracy of 98.20% and ROC value up to 0.989.
40
Chen, Hui, Zhengqiang Li, Qingshan Jiang, Abdur Rasool, and Lifei Chen. "A Hierarchical Approach for Android Malware Detection Using Authorization-Sensitive Features." Electronics 10, no. 4 (February 10, 2021): 432. http://dx.doi.org/10.3390/electronics10040432.
Full textAbstract:
Android’s openness has made it a favorite for consumers and developers alike, driving strong app consumption growth. Meanwhile, its popularity also attracts attackers’ attention. Android malware is continually raising issues for the user’s privacy and security. Hence, it is of great practical value to develop a scientific and versatile system for Android malware detection. This paper presents a hierarchical approach to design a malware detection system for Android. It extracts four authorization-sensitive features: basic blocks, permissions, Application Programming Interfaces (APIs), and key functions, and layer-by-layer detects malware based on the similar module and the proposed deep learning model Convolutional Neural Network and eXtreme Gradient Boosting (CNNXGB). This detection approach focuses not only on classification but also on the details of the similarities between malware software. We serialize the key function in light of the sequence of API calls and pick up a similar module that captures the global semantics of malware. We propose a new method to convert the basic block into a multichannel picture and use Convolutional Neural Network (CNN) to learn features. We extract permissions and API calls based on their called frequency and train the classification model by XGBoost. A dynamic similar module feature library is created based on the extracted features to assess the sample’s behavior. The model is trained by utilizing 11,327 Android samples collected from Github, Google Play, Fdroid, and VirusShare. Promising experimental results demonstrate a higher accuracy of the proposed approach and its potential to detect Android malware attacks and reduce Android users’ security risks.
41
Wang, Xin, Dafang Zhang, Xin Su, and Wenjia Li. "Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion." Security and Communication Networks 2017 (2017): 1–14. http://dx.doi.org/10.1155/2017/6451260.
Full textAbstract:
In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.
42
Kim, Minki, Daehan Kim, Changha Hwang, Seongje Cho, Sangchul Han, and Minkyu Park. "Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions." Applied Sciences 11, no. 21 (November 1, 2021): 10244. http://dx.doi.org/10.3390/app112110244.
Full textAbstract:
Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered.
43
Menaouer, Brahami, Abdallah El Hadj Mohamed Islem, and Matta Nada. "Android Malware Detection Approach Using Stacked AutoEncoder and Convolutional Neural Networks." International Journal of Intelligent Information Technologies 19, no. 1 (September 8, 2023): 1–22. http://dx.doi.org/10.4018/ijiit.329956.
Full textAbstract:
In the past decade, Android has become a standard smartphone operating system. The mobile devices running on the Android operating system are particularly interesting to malware developers, as the users often keep personal information on their mobile devices. This paper proposes a deep learning model for mobile malware detection and classification. It is based on SAE for reducing the data dimensionality. Then, a CNN is utilized to detect and classify malware apps in Android devices through binary visualization. Tests were carried out with an original Android application (Drebin-215) dataset consisting of 15,036 applications. The conducted experiments prove that the classification performance achieves high accuracy of about 98.50%. Other performance measures used in the study are precision, recall, and F1-score. Finally, the accuracy and results of these techniques are analyzed by comparing the effectiveness with previous works.
44
Yusof, Muhammad, Madihah Mohd Saudi, and Farida Ridzuan. "Mobile Botnet Classification by using Hybrid Analysis." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 103. http://dx.doi.org/10.14419/ijet.v7i4.15.21429.
Full textAbstract:
The popularity and adoption of Android smartphones has attracted malware authors to spread the malware to smartphone users. The malware on smartphone comes in various forms such as Trojans, viruses, worms and mobile botnet. However, mobile botnet or Android botnet are more dangerous since they pose serious threats by stealing user credential information, distributing spam and sending distributed denial of service (DDoS) attacks. Mobile botnet is defined as a collection of compromised mobile smartphones and controlled by a botmaster through a command and control (C&C) channel to serve a malicious purpose. Current research is still lacking in terms of their low detection rate due to their selected features. It is expected that a hybrid analysis could improve the detection rate. Therefore, machine learning methods and hybrid analysis which combines static and dynamic analyses were used to analyse and classify system calls, permission and API calls. The objective of this paper is to leverage machine learning techniques to classify the Android applications (apps) as botnet or benign. The experiment used malware dataset from the Drebin for the training and mobile applications from Google Play Store for testing. The results showed that Random Forest Algorithm achieved the highest accuracy rate of 97.9%. In future, more significant approach by using different feature selection such as intent, string and system component will be further explored for a better detection and accuracy rate.
45
T, Sai Tejeshwar Reddy. "An Enhanced Novel GA-based Malware Detection in End Systems Using Structured and Unstructured Data by Comparing Support Vector Machine and Neural Network." Revista Gestão Inovação e Tecnologias 11, no. 2 (June 5, 2021): 1514–25. http://dx.doi.org/10.47059/revistageintec.v11i2.1777.
Full textAbstract:
Aim: The aim of the work is to perform android malware detection using Structured and Unstructured data by comparing Neural Network algorithms and SVM. Materials and Methods: consider two groups such as Support Vector Machine and Neural Network. For each algorithm take N=10 samples from the dataset collected and perform two iterations on each algorithm to identify the Malware Detection. Result: The accuracy results of the Neural Network model has potential up to (82.91%) and the Support Vector Machine algorithm has an accuracy of (79.67%) for Android malware detection with the significance value of (p=0.007). Conclusion: classification of android malware detection using Neural Network algorithm shows better accuracy than SVM.
46
Guendouz, Mohamed, and Abdelmalek Amine. "A New Feature Selection Method Based on Dragonfly Algorithm for Android Malware Detection Using Machine Learning Techniques." International Journal of Information Security and Privacy 17, no. 1 (March 10, 2023): 1–18. http://dx.doi.org/10.4018/ijisp.319018.
Full textAbstract:
Android is the most popular mobile OS; it has the highest market share worldwide on mobile devices. Due to its popularity and large availability among smartphone users from all around the world, it becomes the first target for cyber criminals who take advantage of its open-source nature to distribute malware through applications in order to steal sensitive data. To cope with this serious problem, many researchers have proposed different methods to detect malicious applications. Machine learning techniques are widely being used for malware detection. In this paper, the authors proposed a new method of feature selection based on the dragonfly algorithm, named BDA-FS, to improve the performance of Android malware detection. Different feature subsets selected by the application of this proposed method in combination with machine learning were used to build the classification model. Experimental results show that incorporating dragonfly algorithm into Android malware detection performed better classification accuracy with few features compared to machine learning without feature selection.
47
Lin, Ying-Dar, and Chun-Ying Huang. "Three-Phase Detection and Classification for Android Malware Based on Common Behaviors." Journal of Communications Software and Systems 12, no. 3 (September 21, 2016): 157. http://dx.doi.org/10.24138/jcomss.v12i3.80.
Full textAbstract:
Android is one of the most popular operating systems used in mobile devices. Its popularity also renders it a common target for attackers. We propose an efficient and accurate three-phase behavior-based approach for detecting and classifying malicious Android applications. In the proposedapproach, the first two phases detect a malicious application and the final phase classifies the detected malware. The first phase quickly filters out benign applications based on requested permissions and the remaining samples are passed to the slower second phase, which detects malicious applications based on system call sequences. The final phase classifies malware into known or unknown types based on behavioral or permission similarities. Our contributions are three-fold: First, we propose a self-contained approach for Android malware identification and classification. Second, we show that permission requests from an Application are beneficial to benign application filtering. Third, we show that system call sequences generated from an application running inside a virtual machine can be used for malware detection. The experiment results indicate that the multi-phase approach is more accurate than the single-phase approach. The proposed approach registered true positive and false positive rates of 97% and 3%, respectively. In addition, more than 98% of the samples were correctly classified into known or unknown types of malware based on permission similarities.We believe that our findings shed some lights on future development of malware detection and classification.
48
Ding, Chao, Nurbol Luktarhan, Bei Lu, and Wenhui Zhang. "A Hybrid Analysis-Based Approach to Android Malware Family Classification." Entropy 23, no. 8 (August 3, 2021): 1009. http://dx.doi.org/10.3390/e23081009.
Full textAbstract:
With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.
49
Lu, Tianliang, Yanhui Du, Li Ouyang, Qiuyu Chen, and Xirui Wang. "Android Malware Detection Based on a Hybrid Deep Learning Model." Security and Communication Networks 2020 (August 28, 2020): 1–11. http://dx.doi.org/10.1155/2020/8863617.
Full textAbstract:
In recent years, the number of malware on the Android platform has been increasing, and with the widespread use of code obfuscation technology, the accuracy of antivirus software and traditional detection algorithms is low. Current state-of-the-art research shows that researchers started applying deep learning methods for malware detection. We proposed an Android malware detection algorithm based on a hybrid deep learning model which combines deep belief network (DBN) and gate recurrent unit (GRU). First of all, analyze the Android malware; in addition to extracting static features, dynamic behavioral features with strong antiobfuscation ability are also extracted. Then, build a hybrid deep learning model for Android malware detection. Because the static features are relatively independent, the DBN is used to process the static features. Because the dynamic features have temporal correlation, the GRU is used to process the dynamic feature sequence. Finally, the training results of DBN and GRU are input into the BP neural network, and the final classification results are output. Experimental results show that, compared with the traditional machine learning algorithms, the Android malware detection model based on hybrid deep learning algorithms has a higher detection accuracy, and it also has a better detection effect on obfuscated malware.
50
Thakur, Deepak. "Classification of Android Malware using its Image Sections." International Journal of Advanced Trends in Computer Science and Engineering 9, no. 4 (August 25, 2020): 6151–55. http://dx.doi.org/10.30534/ijatcse/2020/288942020.
Full text