An ML-Based Recognizer of Exfiltration Attack over Android Platform: MLGuard

Morcos, Martina; Gala, Mirko; Hamadi, Hussam Al; nandyala, sivaprasad; mcgillion, brian; Damiani, Ernesto

doi:10.36227/techrxiv.21602706.v1

Cited by 1 publication

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Because of this, we describe a novel method called FeVec, which uses automated feature vector representation to identify malware samples. The FeVec method utilizes feature hashing [67] and an NLP bag of words (N-grams) [68][69][70][71] to form fixed-size embeddings from concatenated instruction sequences. This step consists of two main steps.…”

Section: Clustering Preprocessingmentioning

confidence: 99%

See 1 more Smart Citation

A Proposed Artificial Intelligence Model for Android-Malware Detection

Taher,

Al Fandi,

Al Kfairy

et al. 2023

Informatics

Self Cite

View full text Add to dashboard Cite

There are a variety of reasons why smartphones have grown so pervasive in our daily lives. While their benefits are undeniable, Android users must be vigilant against malicious apps. The goal of this study was to develop a broad framework for detecting Android malware using multiple deep learning classifiers; this framework was given the name DroidMDetection. To provide precise, dynamic, Android malware detection and clustering of different families of malware, the framework makes use of unique methodologies built based on deep learning and natural language processing (NLP) techniques. When compared to other similar works, DroidMDetection (1) uses API calls and intents in addition to the common permissions to accomplish broad malware analysis, (2) uses digests of features in which a deep auto-encoder generates to cluster the detected malware samples into malware family groups, and (3) benefits from both methods of feature extraction and selection. Numerous reference datasets were used to conduct in-depth analyses of the framework. DroidMDetection’s detection rate was high, and the created clusters were relatively consistent, no matter the evaluation parameters. DroidMDetection surpasses state-of-the-art solutions MaMaDroid, DroidMalwareDetector, MalDozer, and DroidAPIMiner across all metrics we used to measure their effectiveness.

show abstract

Section: Clustering Preprocessingmentioning

confidence: 99%

“…Precision, accuracy, F1-score and recall are used to display the evaluation results. We evaluate the efficiency of family clustering using the coverage and homogeneity [71] measures. The generated family clusters are evaluated on their degree of purity using the homogeneity metric.…”

Section: Performance Metricsmentioning

confidence: 99%