A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms

Ma, Zhuo; Ge, Haoran; Liu, Yang; Zhao, Meng; Ma, Jianfeng

doi:10.1109/access.2019.2896003

Cited by 172 publications

(94 citation statements)

References 35 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Experiments with 1700 benign applications from Xiaomi markets and 1600 malicious applications demonstrate the effectiveness of FDP, which achieves a TP rate of 94.5% and only requires 15.052 s to analyze an application on average. e main contributions of our work can be summarized as follows:…”

Section: Introductionmentioning

confidence: 94%

“…Compared with permissions as features, application programming interfaces (APIs) represent the entire picture of application behavior provided by the Android system [15]. DroidAPIMiner [16] exploits data flow analysis to extract the numbers of APIs used in malicious applications and benign applications to analyze the difference between them, which is similar to these methods in [17,18].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Android Malware Detection Using Fine-Grained Features

Mao

Guan

et al. 2020

Scientific Programming

View full text Add to dashboard Cite

Nowadays, Android applications declare as many permissions as possible to provide more function for the users, which also poses severe security threat to them. Although many Android malware detection methods based on permissions have been developed, they are ineffective when malicious applications declare few dangerous permissions or when the dangerous permissions declared by malicious applications are similar with those declared by benign applications. This limitation is attributed to the use of too few information for classification. We propose a new method named fine-grained dangerous permission (FDP) method for detecting Android malicious applications, which gathers features that better represent the difference between malicious applications and benign applications. Among these features, the fine-grained feature of dangerous permissions applied in components is proposed for the first time. We evaluate 1700 benign applications and 1600 malicious applications and demonstrate that FDP achieves a TP rate of 94.5%. Furthermore, compared with other related detection approaches, FDP can detect more malware families and only requires 15.205 s to analyze one application on average, which demonstrates its applicability for practical implementation.

show abstract

Section: Introductionmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

Android Malware Detection Using Fine-Grained Features

Mao

Guan

et al. 2020

Scientific Programming

View full text Add to dashboard Cite

show abstract

“…However, the overhead between client and server and lack of real monitoring is a still challenging task in cloud environment. Mobile-and IoT-based detection approaches can use both static and dynamic features and improve detection rates on traditional and new generation of malware [34]. But, they have difficulties to detect complex malware and are not scalable for large bundle of apps.…”

Section: Papermentioning

confidence: 99%

Using a Subtractive Center Behavioral Model to Detect Malware

Aslan

Samet

Tanrıöver

2020

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.

show abstract

“…Static analysis is an effective mechanism in any Android malware or ransomware detection system [28] and API calls feature is a key static metric that is utilized to identify malicious behaviors [29][30][31]. Therefore, this paper provides a deep analysis of API calls to investigate the extent of their influence on the accuracy of the detection process.…”

Section: Introductionmentioning

confidence: 99%

Ransomware Detection System for Android Applications

Alsoghyer

Almomani

2019

Electronics

View full text Add to dashboard Cite

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim's device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages' calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user's device. API packages' calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

show abstract

A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms

Cited by 172 publications

References 35 publications

Android Malware Detection Using Fine-Grained Features

Android Malware Detection Using Fine-Grained Features

Using a Subtractive Center Behavioral Model to Detect Malware

Ransomware Detection System for Android Applications

Contact Info

Product

Resources

About