A lot of malicious applications appears every day, threatening numerous users. Therefore, a surge of studies have been conducted to protect users from newly emerging malware by using machine learning algorithms. Albeit existing machine or deep learning-based Android malware detection approaches achieve high accuracy by using a combination of multiple features, it is not possible to employ them on our mobile devices due to the high cost for using them. In this paper, we propose MAPAS, a malware detection system, that achieves high accuracy and adaptable usages of computing resources. MAPAS analyzes behaviors of malicious applications based on API call graphs of them by using convolution neural networks (CNN). However, MAPAS does not use a classifier model generated by CNN, it only utilizes CNN for discovering common features of API call graphs of malware. For efficiently detecting malware, MAPAS employs a lightweight classifier that calculates a similarity between API call graphs used for malicious activities and API call graphs of applications that are going to be classified. To demonstrate the effectiveness and efficiency of MAPAS, we implement a prototype and thoroughly evaluate it. And, we compare MAPAS with a state-of-the-art Android malware detection approach, MaMaDroid. Our evaluation results demonstrate that MAPAS can classify applications 145.8% faster and uses memory around ten times lower than MaMaDroid. Also, MAPAS achieves higher accuracy (91.27%) than MaMaDroid (84.99%) for detecting unknown malware. In addition, MAPAS can generally detect any type of malware with high accuracy.
In the forthcoming era of IoT, where everything will be connected, mobile devices will play a key role in providing data sharing and user-centric services between devices. In such a service environment, if a mobile application is vulnerable to security threats and exposed to malicious behavior, malware can spread to hundreds of millions of connected devices. In particular, it is important to isolate and respond quickly to malicious mobile code. This requires the prediction of malicious behavior. Currently, security risk assessment schemes based on the permission use the description of the application or user review, but these schemes mostly offer a subjective evaluation, which inevitably reduces accuracy. In this paper, we thus propose a scheme for assessing security risk of Android mobile applications by analyzing their application programming interfaces (APIs) using machine learning. The key idea of the proposed scheme is to extract the APIs from the execution code of the application with reverse engineering analysis, such that each API can be compared with the malicious API database built from the existing malware dataset. Instead of simply judging the applications as malicious or benign, our scheme shows their risk as a score. To do this quantitative evaluation, we use an ensemble of tree boosting machine learning algorithms. To prove the practicality of the proposed scheme, we experiment with a set of benign and malicious real world samples, and compare our results with existing schemes. Experimental results show better performance and accuracy than conventional schemes based on Naive Bayes and simple ensemble algorithms. Our proposed scheme is expected to significantly contribute in responding rapidly to ever-more-intelligent malware of the future. INDEX TERMS Malware detection, machine learning, XGBoost, risk assessment.
As a great number of IoT and mobile devices are used in our daily lives, the security of mobile devices is being important than ever. If mobile devices which play a key role in connecting devices are exploited by malware to perform malicious behaviors, this can cause serious damage to other devices as well. Hence, a huge research effort has been put forward to prevent such situation. Among them, many studies attempted to detect malware based on APIs used in malware. In general, they showed the high accuracy in detecting malware, but they could not classify malware into detailed categories because their detection mechanisms do not consider the characteristics of each malware category. In this paper, we propose a malware detection and classification approach, named ACAMA, that can detect malware and categorize them with high accuracy. To show the effectiveness of ACAMA, we implement and evaluate it with previously proposed approaches. Our evaluation results demonstrate that ACAMA detects malware with 26% higher accuracy than a previous work. In addition, we show that ACAMA can successfully classify applications that another previous work, AVClass, cannot classify.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.