Android botnet detection using machine learning models based on a comprehensive static analysis approach

Hijawi, Wadi'; Alqatawna, Ja'far; Al-Zoubi, Ala’ M.; Hassonah, Mohammad A.; Faris, Hossam

doi:10.1016/j.jisa.2020.102735

Cited by 13 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Malware datasets used Smmarwar et al [167] CICInvesAndMal2019 Arif et al [168] AndroZoo, Drebin Manzanares et al [169] Drebin, AMD, VirusTotal, VirusShare Bhat et al [170] Virustotal, VirusShare, Drebin Elayan et al [171] CICAndMal2017 Syrris et al [172] Drebin Idrees et al [173] Contagiodump, Genome, Virus Total, theZoo, MalShare, VirusShare Rehman et al [174] M0DROID Martin et al [175] Koodous, AndroZoo Navarro et al [176] AndroZoo, [217] , VirusShare, AndroMalShare Milosevic et al [177] M0Droid Alzaylaee et al [178] McAfee Cai et al [179] AMD, Drebin Badhani et al [180] Andro-DumpSys, AndroZoo, Contagio , AndroMalShare , AMD, VirusTotal Hijawi et al [181] [218] Sheen et al [182] Genome Nisha et al [183] AndroZoo, VirusShare, Andro-MalShare, PRAGuard[226] Song et al [184] Not mentioned Zhang et al [185] Genome Yang et al [186] No malware Thiyagarajan et al [187] AndroZoo Qaisar et al [188] Android PRAGuard, Drebin, Open-source apps, Kharon, Androzoo, CICAAGM Appice et al [189] Alternative Chinese and Russian Markets, Android websites, malware forums, security blogs, Genome Zhu et al [190] VirusShare A. Altaher [191] Genome Su et al [192] Drebin, Genome, Contagio Mahindru et al [193] Genome , AndroMalShare, [218] Dehkordy et al [194] Drebin, AMD Nguyen et al [195] AMD, Drebin Taheri et al [196] Drebin, Contagio, Genome Mahesh et al [197] Private companies Firdaus et al [198] Drebin, Genome Shrivastava et al [199] Third-party applications Varsha et al [20...…”

Section: Related Workmentioning

confidence: 99%

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The first Android-ready "G1" phone debuted in late October 2008. Since then, the growth of Android malware has been explosive analogous to the rise in the popularity of Android. The major positive aspect of Android has been its open-source nature, which empowers app developers to expand their work. But at the same time, authors with malicious intentions pose grave threats to users. In the presence of such threats, Android malware detection is the need of an hour. Consequently, researchers have proposed various techniques involving static, dynamic, and hybrid analysis to address such threats using numerous features in the last decade. But the feature that most researchers have extensively used to perform malware analysis and detection in Android security is Android permission. Hence, to provide a clarified overview of the latest and past work done in Android malware analysis and detection, we perform a comprehensive literature review using permissions as a central feature or in combination with other components by collecting and analyzing 200 studies from January 2009 to February 2023. We extracted information such as the choice opted by researchers between analysis or detection, techniques used to select or rank the permissions feature set, features used along with permissions, detection models employed, the malware datasets used by researchers, and lastly, the limitations and challenges in the field of Android malware detection to propose some future research directions. Additionally, based on the information extracted, we answer the six research questions designed considering the above factors.

show abstract

Section: Related Workmentioning

confidence: 99%

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…In this study, we review the tricks designed to evade spam filters, normally based on machine learning algorithms, such as poisoning text, obfuscated words or hidden text salting. For this reason, we only include these spammer strategies without considering a final user perspective, such as cyber-attacks using backscatter spam (Hijawi et al 2021(Hijawi et al , 2017. We refer to social engineering as a set of techniques to seek to steal personal or sensitive confidential information from users using fake online companies, providers or people.…”

Section: Spammer Tricksmentioning

confidence: 99%

A review of spam email detection: analysis of spammer strategies and the dataset shift problem

et al. 2022

View full text Add to dashboard Cite

Spam emails have been traditionally seen as just annoying and unsolicited emails containing advertisements, but they increasingly include scams, malware or phishing. In order to ensure the security and integrity for the users, organisations and researchers aim to develop robust filters for spam email detection. Recently, most spam filters based on machine learning algorithms published in academic journals report very high performance, but users are still reporting a rising number of frauds and attacks via spam emails. Two main challenges can be found in this field: (a) it is a very dynamic environment prone to the dataset shift problem and (b) it suffers from the presence of an adversarial figure, i.e. the spammer. Unlike classical spam email reviews, this one is particularly focused on the problems that this constantly changing environment poses. Moreover, we analyse the different spammer strategies used for contaminating the emails, and we review the state-of-the-art techniques to develop filters based on machine learning. Finally, we empirically evaluate and present the consequences of ignoring the matter of dataset shift in this practical field. Experimental results show that this shift may lead to severe degradation in the estimated generalisation performance, with error rates reaching values up to $$48.81\%$$ 48.81 % .

show abstract

“…Chen et al [21] converted app opcodes to an image-like structure in order to perform data augmentation through a Generative Adversarial Network (GAN), while the works by Mahindru et al focused on assessing effective feature selection, mainly considering the usage of APIs and permissions as features [44,45]. Moreover, different works in the literature target specific types of attacks, such as botnets [33] or ransomware samples [17,47,57].…”

Section: Android Malware Detectionmentioning

confidence: 99%

Do gradient-based explanations tell anything about adversarial robustness to android malware?

Melis

Scalas²,

Demontis

et al. 2021

Int. J. Mach. Learn. & Cyber.

View full text Add to dashboard Cite

While machine-learning algorithms have demonstrated a strong ability in detecting Android malware, they can be evaded by sparse evasion attacks crafted by injecting a small set of fake components, e.g., permissions and system calls, without compromising intrusive functionality. Previous work has shown that, to improve robustness against such attacks, learning algorithms should avoid overemphasizing few discriminant features, providing instead decisions that rely upon a large subset of components. In this work, we investigate whether gradient-based attribution methods, used to explain classifiers' decisions by identifying the most relevant features, can be used to help identify and select more robust algorithms. To this end, we propose to exploit two different metrics that represent the evenness of explanations, and a new compact security measure called Adversarial Robustness Metric. Our experiments conducted on two different datasets and five classification algorithms for Android malware detection show that a strong connection exists between the uniformity of explanations and adversarial robustness. In particular, we found that popular techniques like Gradient*Input and Integrated Gradients are strongly correlated to security when applied to both linear and nonlinear detectors, while more elementary explanation techniques like the simple Gradient do not provide reliable information about the robustness of such classifiers.

show abstract

Android botnet detection using machine learning models based on a comprehensive static analysis approach

Cited by 13 publications

References 13 publications

A comprehensive review on permissions-based Android malware detection

A comprehensive review on permissions-based Android malware detection

A review of spam email detection: analysis of spammer strategies and the dataset shift problem

Do gradient-based explanations tell anything about adversarial robustness to android malware?

Contact Info

Product

Resources

About