Andrana: Quick and Accurate Malware Detection for Android

Bedford, Andrew; Garvin, Sébastien; Desharnais, Jules; Tawbi, Nadia; Ajakan, Hana; Audet, Frédéric; Lebel, Bernard

doi:10.1007/978-3-319-51966-1_2

Cited by 6 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this aforementioned perspective, the last decade, strong efforts have been achieved to generalize the problem, and to develop new approaches based on machine learning (ML) [11,16,17,39,50] (see Fig. 1, ❹).…”

Section: Emergence Of Machine Learning Algorithms To Detect Android Malwarementioning

confidence: 99%

“…As far as our knowledge, no attempts have been done towards improving Android malware detection systems based on machine learning algorithms. Whether one [11,16] or several algorithms [17,39,50] are evaluated, the evaluations are always carried out empirically, implying a manual process with few and/or default hyper-parameter combinations. Testing various algorithms along with a large set of hyper-parameters is a daunting task that costs a lot both in terms of time and resources [36].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DroidAutoML: A Microservice Architecture to Automate the Evaluation of Android Machine Learning Detection Systems

Bromberg

Gitzinger

2020

Distributed Applications and Interoperable Systems

View full text Add to dashboard Cite

The mobile ecosystem is witnessing an unprecedented increase in the number of malware in the wild. To fight this threat, actors from both research and industry are constantly innovating to bring concrete solutions to improve security and malware protection. Traditional solutions such as signature-based anti viruses have shown their limits in front of massive proliferation of new malware, which are most often only variants specifically designed to bypass signature-based detection. Accordingly, it paves the way to the emergence of new approaches based on Machine Learning (ML) technics to boost the detection of unknown malware variants. Unfortunately, these solutions are most often underexploited due to the time and resource costs required to adequately fine tune machine learning algorithms. In reality, in the Android community, state-of-the-art studies do not focus on model training, and most often go through an empirical study with a manual process to choose the learning strategy, and/or use default values as parameters to configure ML algorithms. However, in the ML domain, it is well known admitted that to solve efficiently a ML problem, the tunability of hyper-parameters is of the utmost importance. Nevertheless, as soon as the targeted ML problem involves a massive amount of data, there is a strong tension between feasibility of exploring all combinations and accuracy. This tension imposes to automate the search for optimal hyper-parameters applied to ML algorithms, that is not anymore possible to achieve manually. To this end, we propose a generic and scalable solution to automatically both configure and evaluate ML algorithms to efficiently detect Android malware detection systems. Our approach is based on devOps principles and a microservice architecture deployed over a set of nodes to scale and exhaustively test a large number of ML algorithms and hyper-parameters combinations. With our approach, we are able to systematically find the best fit to increase up to 11% the accuracy of two state-of-the-art Android malware detection systems.

show abstract

Section: Emergence Of Machine Learning Algorithms To Detect Android Malwarementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DroidAutoML: A Microservice Architecture to Automate the Evaluation of Android Machine Learning Detection Systems

Bromberg

Gitzinger

2020

Distributed Applications and Interoperable Systems

View full text Add to dashboard Cite

show abstract

“…Several tools leverages machine learning techniques and static analysis to categorize Android applications (written in Java) as either malicious or benign. The tool ANDRANA [3] relies on static analysis of the applications's code to create a vector of features for each application. Classification is then performed to determine if the observed features a typical to those previously observed in malware.…”

Section: Related Workmentioning

confidence: 99%

“…The end result of this first part of the chain is that processors 3 and 9 synchronously output method call events; events at matching positions in the streams represent the caller of a method (9) and the method being called (3). From this point on, the rest of the processing is straightforward.…”

Section: Security Propertiesmentioning

confidence: 99%

Monitoring of Security Properties Using BeepBeep

Boussaha

Khoury

Hallé

2018

Foundations and Practice of Security

View full text Add to dashboard Cite

Runtime enforcement is an effective method to ensure the compliance of program with user-defined security policies. In this paper we show how the stream event processor tool BeepBeep can be used to monitor the security properties of Java programs. The proposed approach relies on AspectJ to generate a trace capturing the program's runtime behavior. This trace is then processed by BeepBeep, a complex event processing tool that allows complex data-driven policies to be stated and verified with ease. Depending on the result returned by BeepBeep, AspectJ can then be used to halt the execution or take other corrective action. The proposed method offers multiple advantages, notable flexibility in devising and stating expressive user-defined security policies.

show abstract