A Hybrid Detection Method for Android Malware

Fang, Qi; Yang, Xiaohui; Ji, Ce

doi:10.1109/itnec.2019.8729017

Cited by 8 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [41], Android malware was detected by observing run-time-related events along with sensitive APIs and permissions by Zhu et al Apart from this, the authors in [42] and [43] proposed two absolutely different hybrid detection techniques by merging and combining the permissions with network traffic features. On similar lines, the authors in [44], [45], and [46] worked on malware detection by analyzing the combination of static and dynamic features.…”

Section: Hybrid Detectionmentioning

confidence: 98%

Blockchain Based Detection of Android Malware using Ranked Permissions

Gupta

Sethi

Chaudhary

et al. 2021

IJEAT

View full text Add to dashboard Cite

Android mobile devices are a prime target for a huge number of cyber-criminals as they aim to create malware for disrupting and damaging the servers, clients, or networks. Android malware are in the form of malicious apps, that get downloaded on mobile devices via the Play Store or third-party app markets. Such malicious apps pose serious threats like system damage, information leakage, financial loss to user, etc. Thus, predicting which apps contain malicious behavior will help in preventing malware attacks on mobile devices. Identifying Android malware has become a major challenge because of the ever-increasing number of permissions that applications ask for, to enhance the experience of the users. And most of the times, permissions and other features defined in normal and malicious apps are generally the same. In this paper, we aim to detect Android malware using machine learning, deep learning, and natural language processing techniques. To delve into the problem, we use the Android manifest files which provide us with features like permissions which become the basis for detecting Android malware. We have used the concept of information value for ranking permissions. Further, we have proposed a consensus-based blockchain framework for making more concrete predictions as blockchain have high reliability and low cost. The experimental results demonstrate that the proposed model gives the detection accuracy of 95.44% with the Random Forest classifier. This accuracy is achieved with top 45 permissions ranked according to Information Value.

show abstract

Section: Hybrid Detectionmentioning

confidence: 98%

Blockchain Based Detection of Android Malware using Ranked Permissions

Gupta

Sethi

Chaudhary

et al. 2021

IJEAT

View full text Add to dashboard Cite

show abstract

“…erefore, some scholars have combined static analysis and dynamic analysis to produce hybrid analysis. In [29], the authors proposed a hybrid detection method that performs dynamic detection on these suspicious applications which are detected by static detection. In [30], the authors compiled static and dynamic features from benign and malicious applications such as API call sequence, system command, manifest permission, and intent.…”

Section: Related Workmentioning

confidence: 99%

FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection

Shao

Xiong

Cai

2021

Security and Communication Networks

View full text Add to dashboard Cite

As the number of Android malware applications continues to grow at a high rate, detecting malware to protect the system security and user privacy is becoming increasingly urgent. Each malware application belongs to a specific family, and there is a gap in the number of malware families. The accuracy of detection can be improved if malware family information is well utilized and certain strategies are adopted to balance the variability among samples. In addition, the performance of a base classifier is limited. If an ensemble classifier or an ensemble method can be adopted, the detection effect can be further improved. Therefore, this paper proposes a novel malware family-based bagging algorithm for Android malware detection, called FB2Droid, to perform malware detection. First, five features are extracted from the Android application package. Then, the relief feature selection algorithm is used for feature selection. Next, we designed two different sampling strategies based on different families of malware to alleviate the sample imbalance in the dataset. Combined with the two sampling strategies, the traditional bagging algorithm is improved to integrate the classifier. In the experiment, several classifiers were used to evaluate the proposed scheme. The experimental results show that the proposed sampling strategy and the improved bagging algorithm can effectively improve the detection accuracy of these classifiers.

show abstract

“…Fang et al [19] suggested a hybrid analysis method which performs dynamic analysis on the results of static analysis. During the static analysis phase, they decompiled the app's APK file to extract permissions from the manifest file as well as any occurrence of API features existing in smali files.…”

Section: Related Workmentioning

confidence: 99%

“…Moreover, none of them is offered as a web app and only the work in Reference [17] is open source. ML techniques are exploited in half of the works included in the Table, namely References [10,13,14,16,19]. Finally, it is worth mentioning that there exists a number of free online Android app analysis tools, including AMAaaS [21] and VirusTotal [22].…”

Section: Related Workmentioning

confidence: 99%

Two Anatomists Are Better than One—Dual-Level Android Malware Detection

et al. 2020

View full text Add to dashboard Cite

The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, that is, fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-à-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics.

show abstract

A Hybrid Detection Method for Android Malware

Cited by 8 publications

References 10 publications

Blockchain Based Detection of Android Malware using Ranked Permissions

Blockchain Based Detection of Android Malware using Ranked Permissions

FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection

Two Anatomists Are Better than One—Dual-Level Android Malware Detection

Contact Info

Product

Resources

About