A multi-view context-aware approach to Android malware detection and malicious code localization

Narayanan, Annamalai; Chandramohan, Mahinthan; Chen, Li Hui; Liu, Yang

doi:10.1007/s10664-017-9539-8

Cited by 75 publications

(55 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secondly, we also would like to use them as different features, just like multiviews [20]. So the second mode, called the horizontal one, combines them via the matrix extension (denoted as A cfg ⊕ A dfg ).…”

Section: Graph Encodingmentioning

confidence: 99%

“…DroidOL [13] is an online machine learning based framework, which extracts features from inter-procedural control-flow sub-graphs. MKLDroid [20] integrates context-aware multiple views to detect Android malware, where all views are built from inter-procedural control flow graphs. However, most of these approaches only consider control flow properties, leaving data flow properties out of consideration.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

CDGDroid: Android Malware Detection Based on Deep Learning Using CFG and DFG

Ren

Qin

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Android malware has become a serious threat in our daily digital life, and thus there is a pressing need to effectively detect or defend against them. Recent techniques have relied on the extraction of lightweight syntactic features that are suitable for machine learning classification, but despite of their promising results, the features they extract are often too simple to characterise Android applications, and thus may be insufficient when used to detect Android malware. In this paper, we propose CDGDroid, an effective approach for Android malware detection based on deep learning. We use the semantics graph representations, that is, control flow graph, data flow graph, and their possible combinations, as the features to characterise Android applications. We encode the graphs into matrices, and use them to train the classification model via Convolutional Neural Network (CNN). We have conducted some experiments on Marvin, Drebin, VirusShare and ContagioDump datasets to evaluate our approach and have identified that the classification model taking the horizontal combination of CFG and DFG as features offers the best performance in terms of accuracy among all combinations. We have also conducted experiments to compare our approach against Yeganeh Safaei et al.'s approach, Allix et al.'s approach, Drebin and many antivirus tools gathered in VirusTotal, and the experimental results have confirmed that our classification model gives a better performance than the others.

show abstract

Section: Graph Encodingmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

CDGDroid: Android Malware Detection Based on Deep Learning Using CFG and DFG

Ren

Qin

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In addition, having a new literature review can be influenced on the research studies and explore some technical details in malware detection using data mining techniques. Of course, some research [13][14][15][16][17] had discussed the malware detection approaches. There are some defects in the surveyed research.…”

mentioning

confidence: 99%

A state-of-the-art survey of malware detection approaches using data mining techniques

Souri

Hosseini

2018

Hum. Cent. Comput. Inf. Sci.

304

166

View full text Add to dashboard Cite

Data mining techniques have been concentrated for malware detection in the recent decade. The battle between security analyzers and malware scholars is everlasting as innovation grows. The proposed methodologies are not adequate while evolutionary and complex nature of malware is changing quickly and therefore turn out to be harder to recognize. This paper presents a systematic and detailed survey of the malware detection mechanisms using data mining techniques. In addition, it classifies the malware detection approaches in two main categories including signature-based methods and behavior-based detection. The main contributions of this paper are: (1) providing a summary of the current challenges related to the malware detection approaches in data mining, (2) presenting a systematic and categorized overview of the current approaches to machine learning mechanisms, (3) exploring the structure of the significant methods in the malware detection approach and (4) discussing the important factors of classification malware approaches in the data mining. The detection approaches have been compared with each other according to their importance factors. The advantages and disadvantages of them were discussed in terms of data mining models, their evaluation method and their proficiency. This survey helps researchers to have a general comprehension of the malware detection field and for specialists to do consequent examinations.

show abstract

“…To this end, they study the social behaviors that affect the spread of malware, model these spread behaviors with multiple epidemic models, and predict the infection time and order among markets for well-known malware families. Paper [82] proposes a unified framework that systematically integrates multiple views of apps for performing comprehensive malware detection and malicious code localisation. Based on the modularized attack features, paper [83] audits the AMTs at runtime by applying the dynamic code generation and loading techniques to produce malware.…”

Section: Related Workmentioning

confidence: 99%

Detection and analysis of web-based malware and vulnerability

Wang¹

View full text Add to dashboard Cite

Context-Sensitive Grammar (PCSG) from a large number of samples of one specific grammar. The feature of PCSG can help us to generate samples whose syntax and semantics are correct with high probability. The experimental results demonstrate that both the bug finding capability and code coverage of fuzzing are advanced. We further improve coverage-based greybox fuzzing by proposing a new grammaraware approach for programs that process structured inputs. In details, our approach requires the grammar of test inputs, which is often publicly available. Based on the grammar, we propose a grammar-aware trimming strategy to trim test inputs at the tree level. Besides, we introduce two grammar-aware mutation strategies (i.e., enhanced dictionary-based mutation and tree-based mutation). Tree-based mutation works by replacing sub-trees of the Abstract Syntax Tree (AST) of parsed test inputs. With grammar-awareness, we can effectively mutate test inputs while keeping the input structure valid, quickly carrying the fuzzing exploration into width and depth. We conduct experiments to evaluate the effectiveness of it on one XML engine, libplist and two JavaScript engines, WebKit, and Jerryscript. The results demonstrate that our approach outperforms other fuzzing tools in both code coverage and the bug-finding capability.

show abstract

A multi-view context-aware approach to Android malware detection and malicious code localization

Cited by 75 publications

References 54 publications

CDGDroid: Android Malware Detection Based on Deep Learning Using CFG and DFG

CDGDroid: Android Malware Detection Based on Deep Learning Using CFG and DFG

A state-of-the-art survey of malware detection approaches using data mining techniques

Detection and analysis of web-based malware and vulnerability

Contact Info

Product

Resources

About