Adaptive and scalable Android malware detection through online learning

Narayanan, Annamalai; Liu, Yang; Chen, Li Hui; Liu, Jinliang

doi:10.1109/ijcnn.2016.7727508

Cited by 61 publications

(64 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To mitigate the attacks by Android malware, various research approaches have been proposed so far. The malware detection approaches can be classified into two categories; static analysis based detection [2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19] and dynamic analysis based detection [20][21][22][23][24]. The static analysis based methods use syntactic features that can be extracted without executing an application, whereas the dynamic analysis based methods use semantic features that can be monitored when an application is executed in a controlled environment.…”

Section: Introductionmentioning

confidence: 99%

A Multimodal Deep Learning Method for Android Malware Detection Using Various Features

Kim

Kang

Rho

et al. 2019

IEEE Trans.Inform.Forensic Secur.

390

159

View full text Add to dashboard Cite

Abstract-With the widespread use of smartphones, the number of malware has been increasing exponentially. Among smart devices, Android devices are the most targeted devices by malware because of their high popularity. This paper proposes a novel framework for Android malware detection. Our framework uses various kinds of features to reflect the properties of Android applications from various aspects, and the features are refined using our existence-based or similarity-based feature extraction method for effective feature representation on malware detection. Besides, a multimodal deep learning method is proposed to be used as a malware detection model. This paper is the first study of the multimodal deep learning to be used in the Android malware detection. With our detection model, it was possible to maximize the benefits of encompassing multiple feature types. To evaluate the performance, we carried out various experiments with a total of 41,260 samples. We compared the accuracy of our model with that of other deep neural network models. Furthermore, we evaluated our framework in various aspects including the efficiency in model updates, the usefulness of diverse features, and our feature representation method. In addition, we compared the performance of our framework with those of other existing methods including deep learning based methods.Index Terms-Android malware, malware detection, intrusion detection, machine learning, neural network.

show abstract

Section: Introductionmentioning

confidence: 99%

A Multimodal Deep Learning Method for Android Malware Detection Using Various Features

Kim

Kang

Rho

et al. 2019

IEEE Trans.Inform.Forensic Secur.

390

159

View full text Add to dashboard Cite

show abstract

“…CWLK captures both contextual and structural information, enabling it to achieve high accuracy in a batch learning setting. On the other hand, another recent work of ours, DroidOL [11], demonstrated that online learning based solutions are better suited for large-scale real-world automated malware detection than batch learning methods. However, DroidOL used a general purpose kernel which can only capture structural information from PRGs.…”

Section: Our Approachmentioning

confidence: 95%

Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning

Narayanan

Chandramohan

Chen

et al. 2017

IEEE Trans. Emerg. Top. Comput. Intell.

Self Cite

View full text Add to dashboard Cite

It is well-known that Android malware constantly evolves so as to evade detection. This causes the entire malware population to be non-stationary. Contrary to this fact, most of the prior works on Machine Learning based Android malware detection have assumed that the distribution of the observed malware characteristics (i.e., features) does not change over time.In this work, we address the problem of malware population drift and propose a novel online learning based framework to detect malware, named CASANDRA (Context-aware, Adaptive and Scalable ANDRoid mAlware detector). In order to perform accurate detection, a novel graph kernel that facilitates capturing apps' security-sensitive behaviors along with their context information from dependency graphs is proposed. Besides being accurate and scalable, CASANDRA has specific advantages: (i) being adaptive to the evolution in malware features over time (ii) explaining the significant features that led to an app's classification as being malicious or benign. In a large-scale comparative analysis, CASANDRA outperforms two state-of-the-art techniques on a benchmark dataset achieving 99.23% F-measure. When evaluated with more than 87,000 apps collected in-the-wild, CASANDRA achieves 89.92% accuracy, outperforming existing techniques by more than 25% in their typical batch learning setting and more than 7% when they are continuously retained, while maintaining comparable efficiency.

show abstract

“…To determine the features used in MobiTive, we perform a comparison of the extracting performance for most commonlyused features in previous malware detection approaches [13], [15], [17], [30], [31]. Based on the performance-based feature selection method, manifest properties and API calls are selected in our device-end scenario (Feature Selection).…”

Section: B Feature Preparationmentioning

confidence: 99%

“…However, the result tends to be more precise. Narayanan et al [30] presented an online SVM classifier, which uses the control flow graph generated from the source code as input. W. Enck et al [55] proposed TaintDroid, which is a taint analysis tool for Android apps.…”

Section: Related Workmentioning

confidence: 99%

A Performance-Sensitive Malware Detection System on Mobile Platform

Feng

Liu

Lin

2019

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Currently, Android malware detection is mostly performed on the server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the threat of attackers. Consequently, a last line of defense on mobile devices is necessary and much-needed.In this paper, we propose an effective Android malware detection system, MobiTive, leveraging customized deep neural networks to provide a real-time and responsive detection environment on mobile devices. MobiTive is a pre-installed solution rather than an app scanning and monitoring engine using after installation, which is more practical and secure. Although a deep learning-based approach can be maintained on server side efficiently for malware detection, original deep learning models cannot be directly deployed and executed on mobile devices due to various performance limitations, such as computation power, memory size, and energy. Therefore, we evaluate and investigate the following key points: (1) the performance of different feature extraction methods based on source code or binary code; (2) the performance of different feature type selections for deep learning on mobile devices; (3) the detection accuracy of different deep neural networks on mobile devices; (4) the real-time detection performance and accuracy on different mobile devices; (5) the potential based on the evolution trend of mobile devices' specifications; and finally we further propose a practical solution (MobiTive) to detect Android malware on mobile devices.

show abstract

Adaptive and scalable Android malware detection through online learning

Cited by 61 publications

References 15 publications

A Multimodal Deep Learning Method for Android Malware Detection Using Various Features

A Multimodal Deep Learning Method for Android Malware Detection Using Various Features

Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning

A Performance-Sensitive Malware Detection System on Mobile Platform

Contact Info

Product

Resources

About