A Hybrid Analysis-Based Approach to Android Malware Family Classification

Ding, Chao; Luktarhan, Nurbol; Lu, Bei; Zhang, Wenhui

doi:10.3390/e23081009

Cited by 32 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Karim et al [28] proposed a hybrid android smartphone botnet detection platform by exploiting the API calls, permissions as static features and network traffic-based dynamic features for detecting the botnets with high detection accuracy of 98% with RF algo. Ding et al [29] presented a ResLSTM based hybrid model using static features and traffic based dynamic features to achieve the detection accuracy of 99%. The subsequent section elaborates on the proposed android malapp detection framework.…”

Section: Hybrid Security Analysis Techniques With ML Algorithmsmentioning

confidence: 99%

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Kumar¹,

Indu²,

Walia³

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Android Smartphones are proliferating extensively in the digital world due to their widespread applications in a myriad of fields. The increased popularity of the android platform entices malware developers to design malicious apps to achieve their malevolent intents. Also, static analysis approaches fail to detect run-time behaviors of malicious apps. To address these issues, an optimal unification of static and dynamic features for smartphone security analysis is proposed. The proposed solution exploits both static and dynamic features for generating a highly distinct unified feature vector using graph based cross-diffusion strategy. Further, a unified feature is subjected to the fuzzy-based classification model to distinguish benign and malicious applications. The suggested framework is extensively experimentally validated through both qualitative and quantitative analysis and results are compared with the existing solutions. Performance evaluation over benchmarked datasets from Google Play Store, Drebin, Androzoo, AMD, and CICMalDroid2020 revealed that the suggested solution outperforms state-ofthe-art methods. We achieve average detection accuracy of 98.62% and F1 Score of 0.9916.

show abstract

Section: Hybrid Security Analysis Techniques With ML Algorithmsmentioning

confidence: 99%

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Kumar¹,

Indu²,

Walia³

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…In addition, a dynamic analysis of behavioral activity is processed. The combination of static analysis of permissions and intents and dynamic analysis of network traffic was introduced by Ding et al [76]. A hybrid solution seems the best option to identify malicious apps.…”

Section: A Android Malware Detection Systemsmentioning

confidence: 99%

“…Permissions are a great candidate for a feature set of Android malware detection systems over the years, as a full feature set of a detection machine or a part of it (i.e. [94], [95], [76], [10], [96], [52], [97], [16]). Therefore, the required permissions set was picked to enhance MaMaDroid.…”

Section: Mamadroid20mentioning

confidence: 99%

MaMaDroid2.0 -- The Holes of Control Flow Graphs

Berger¹,

Hajaj²,

Mariconti³

et al. 2022

Preprint

View full text Add to dashboard Cite

Android malware is a continuously expanding threat to billions of mobile users around the globe. Detection systems are updated constantly to address these threats. However, a backlash takes the form of evasion attacks, in which an adversary changes malicious samples such that those samples will be misclassified as benign. This paper fully inspects a well-known Android malware detection system, MaMaDroid, which analyzes the control flow graph of the application. Changes to the portion of benign samples in the train set and models are considered to see their effect on the classifier. The changes in the ratio between benign and malicious samples have a clear effect on each one of the models, resulting in a decrease of more than 40% in their detection rate. Moreover, adopted ML models are implemented as well, including 5-NN, Decision Tree, and Adaboost. Exploration of the six models reveals a typical behavior in different cases, of tree-based models and distance-based models. Moreover, three novel attacks that manipulate the CFG and their detection rates are described for each one of the targeted models. The attacks decrease the detection rate of most of the models to 0%, with regards to different ratios of benign to malicious apps. As a result, a new version of MaMaDroid is engineered. This model fuses the CFG of the app and static analysis of features of the app. This improved model is proved to be robust against evasion attacks targeting both CFG-based models and static analysis models, achieving a detection rate of more than 90% against each one of the attacks.

show abstract

“…These detection systems enumerate the RTT values, the number of packages that were sent and received, etc. A hybrid approach combines multiple types of features from different systems [17,55,56,57,58]. A famous hybrid Android malware detection system was suggested by Martín et al [55].…”

Section: Feature Types Of Ml-based Android Malware Detectionmentioning

confidence: 99%

Problem-Space Evasion Attacks in the Android OS: a Survey

Berger¹,

Hajaj²,

Dvir³

2022

Preprint

View full text Add to dashboard Cite

Android is the most popular OS worldwide. Therefore, it is a target for various kinds of malware. As a countermeasure, the security community works day and night to develop appropriate Android malware detection systems, with MLbased or DL-based systems considered as some of the most common types.Against these detection systems, intelligent adversaries develop a wide set of evasion attacks, in which an attacker slightly modifies a malware sample to evade its target detection system. In this survey, we address problem-space evasion attacks in the Android OS, where attackers manipulate actual APKs, rather than their extracted feature vector. We aim to explore these kind of attacks, frequently overlooked by the research community due to a lack of knowledge of the Android domain, or due to focusing on general mathematical evasion attacks -i.e., feature-space evasion attacks. We discuss the different aspects of problemspace evasion attacks, using a new taxonomy, which focuses on key ingredients of each problem-space attack, such as the attacker model, the attacker's mode of operation, and the functionality assessment of post-attack applications.

show abstract

A Hybrid Analysis-Based Approach to Android Malware Family Classification

Cited by 32 publications

References 19 publications

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

MaMaDroid2.0 -- The Holes of Control Flow Graphs

Problem-Space Evasion Attacks in the Android OS: a Survey

Contact Info

Product

Resources

About