A federated approach to Android malware classification through Perm-Maps

D’Angelo, Gianni; Palmieri, Francesco; Robustelli, Antonio

doi:10.1007/s10586-021-03490-2

Cited by 18 publications

(15 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Among the dynamic and static features that can be extracted from malware, this article uses static features that include permission, API, and intent as follows like 36‐40 : Permission : The application‐related information of the android app (apk) are the main features of this applications and named permissions. The number of features of this type in each data set is presented in Table 2.…”

Section: Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

RAPSAMS: Robust affinity propagation clustering on static android malware stream

Katebi

Rezakhani

Joudaki

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

This article proposed RAPSAMS, extending affinity propagation (AP) clustering to be robust in malware steaming. We use AP, which has been suggested as an approach for clustering a set of samples that by passing messages in different clusters, represents malware stream clustering. Then, by generating and adding adversarial examples, a method has been proposed to attack this clustering algorithm and try to make a robust algorithm against the proposed attack. Malware clustering has become an active research area in mobile security, in which the knowledge is being exploited in large quantities of the generated malware stream. Different procedures have been used that apply clustering to the malware's static features. This article focuses on selecting the most appropriate examples as centers for Android malware clusters and tries to add some perturbation to fool the clustering algorithm. There are two important challenges in this regard: (i) How to find the best representations for clustering.(ii) How to manage extracted patterns that include important data flow characteristics with different distributions. Malware stream clustering poses many challenges to solve this problem, including dealing with malware that is imported online, being able to process malware quickly and incrementally, dealing appropriately with time constraints, and the way that can manage important features patterns of malware stream.To examine the adaptability of the proposed methods of defense and attack, analyses were performed. The proposed approaches are tested on a couple of malware Android dataset benchmarks, namely, Contagio, Genome, and Drebin. We use permission, API, and intent features of these datasets. The obtained results from false positive rate (FPR) recognize that the amounts of the known algorithm for clustering, AP, increases to more than 50% afterward an offense occurs in a number of instances (like: Genome dataset in permission and intent features). Furthermore, by applying the label flipping attack (LFA) the accuracy measures decrease lower than 85% in all instances. Also, the proposed defense method decreased the FPR value by less than 30%, and the accuracy increased by more than 91%, in all cases. Consequently, the AP clustering will be robust against LFAs.

show abstract

Section: Performance Evaluationmentioning

confidence: 99%

“…• Genome dataset: The dataset was gathered by analysts in ASF of USA and includes 1200 malware instances. 35 Among the dynamic and static features that can be extracted from malware, this article uses static features that include permission, API, and intent as follows like [36][37][38][39][40] :…”

Section: Datasetsmentioning

confidence: 99%

RAPSAMS: Robust affinity propagation clustering on static android malware stream

Katebi

Rezakhani

Joudaki

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Additionally [ 36 ], combined Opcodes, API packages, and API functions to construct RGB images and then use CNN for classification. [ 37 ] mapped permissions to severity levels [ 38 ]to create images to be fed to the CNN model for malware classification. Other methods such as [ 39 ] used network interactions as features to be converted to images to be input for CNN.…”

Section: Related Workmentioning

confidence: 99%

“…Some of them used DREBIN alone, such as [ 31 , 36 ], and some of them used only AMD, such as [ 39 ]. However, most of them used a combination of both [ 32 , 33 , 35 , 37 ].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Android malware analysis in a nutshell

2022

View full text Add to dashboard Cite

This paper offers a comprehensive analysis model for android malware. The model presents the essential factors affecting the analysis results of android malware that are vision-based. Current android malware analysis and solutions might consider one or some of these factors while building their malware predictive systems. However, this paper comprehensively highlights these factors and their impacts through a deep empirical study. The study comprises 22 CNN (Convolutional Neural Network) algorithms, 21 of them are well-known, and one proposed algorithm. Additionally, several types of files are considered before converting them to images, and two benchmark android malware datasets are utilized. Finally, comprehensive evaluation metrics are measured to assess the produced predictive models from the security and complexity perspectives. Consequently, guiding researchers and developers to plan and build efficient malware analysis systems that meet their requirements and resources. The results reveal that some factors might significantly impact the performance of the malware analysis solution. For example, from a security perspective, the accuracy, F1-score, precision, and recall are improved by 131.29%, 236.44%, 192%, and 131.29%, respectively, when changing one factor and fixing all other factors under study. Similar results are observed in the case of complexity assessment, including testing time, CPU usage, storage size, and pre-processing speed, proving the importance of the proposed android malware analysis model.

show abstract