Android malware classification using static code analysis and Apriori algorithm improved with particle swarm optimization

Adebayo, Olawale Surajudeen; AbdulAziz, Normaziah

doi:10.1109/wict.2014.7077314

Cited by 16 publications

(8 citation statements)

References 25 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malware classification approaches can be categorized into two heads. The first category refers to the non-evolutionary based classification approaches, where works such as [31], [32], [42], [43], [56] can be mentioned, while the second category refers to the branch of the evolutionary based classification approaches like in [1]. In this paper, our main focus relies on the evolutionary based approaches.…”

Section: Evolutionary Approaches For Malware Classificationmentioning

confidence: 99%

On the use of artificial malicious patterns for android malware detection

Jerbi

Dagdia

Bechikh

et al. 2020

Computers & Security

View full text Add to dashboard Cite

Malware programs currently represent the most serious threat to computer information systems. Despite the performed efforts of researchers in this field, detection tools still have limitations for one main reason. Actually, malware developers usually use obfuscation techniques consisting in a set of transformations that make the code and/or its execution difficult to analyze by hindering both manual and automated inspections. These techniques allow the malware to escape the detection tools, and hence to be seen as a benign program. To solve the obfuscation issue, many researchers have proposed to extract frequent Application Programming Interface (API) call sequences from previously encountered malware programs using pattern mining techniques and hence, build a base of fraudulent behaviors. Based on this process, it is worth mentioning that the performance of the detection process heavily depends on the base of examples of malware behaviors; also called malware patterns. In order to deal with this shortcoming, a dynamic detection method called Artificial Malware-based Detection (AMD) is proposed in this paper. AMD makes use of not only extracted malware patterns but also artificially generated ones. The artificial malware patterns are generated using an evolutionary (genetic) algorithm. The latter evolves a population of API call sequences with the aim to find new malware behaviors following a set of well-defined evolution rules. The artificial fraudulent behaviors are subsequently inserted into the base of examples in order to enrich it with unseen malware patterns. The main motivation behind the proposed AMD approach is to diversify the base of malware examples in order to maximize the detection rate. AMD has been tested on different Android malware data sets and compared against recent prominent works using commonly employed performance metrics. The performance analysis of the obtained results shows the merits of our AMD novel approach.

show abstract

Section: Evolutionary Approaches For Malware Classificationmentioning

confidence: 99%

On the use of artificial malicious patterns for android malware detection

Jerbi

Dagdia

Bechikh

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

“…This algorithm, PSO, has been applied successfully for the generation of candidate detector in negative selection algorithm for spam detection [14,15], virus detection [16], feature selection [17][18][19], anomaly detection [20,21], and intrusion and misuse detection [11,12]. PSO has also proved to be a successful optimizer in fuzzy system [12], multiobjective problems [22], and tracking system [23], fuzzy rule learning [24], and classifying malicious android applications [25].…”

Section: Related Workmentioning

confidence: 99%

“…The tests show that using Degree of freedom (DF) = (2-1) (2-1) = 1 with ∝ = 0.05, ℎ 2 = 3.841, for all McNemar's Test and previous calculated values are greater than distribution 2 values; therefore, there is a significant difference between the compared models and, therefore, AAR-PSO outperforms other models. The novelty in this work is the inclusion of improved detection algorithm with PSO using association rule for signature extraction, compared to the existing one in [25], which was based only on classification exercise using an improved apriori algorithm with particle swarm optimization for selection and data mining algorithms for classification.…”

Section: Conclusion and Recommendationmentioning

confidence: 99%

“…The authors wish to acknowledge the support of Federal Government of Nigeria under TETFUND Scholarship and International Islamic University Malaysia under the Endowment Grant research number EDW B14-123-1008. Authors also wish to acknowledge this work is a continuation of research in [25] with hyperlink https://ieeexplore.ieee .org/document/7077314.…”

Section: Acknowledgmentsmentioning

confidence: 99%

See 1 more Smart Citation

Improved Malware Detection Model with Apriori Association Rule and Particle Swarm Optimization

Adebayo

Aziz

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The incessant destruction and harmful tendency of malware on mobile devices has made malware detection an indispensable continuous field of research. Different matching/mismatching approaches have been adopted in the detection of malware which includes anomaly detection technique, misuse detection, or hybrid detection technique. In order to improve the detection rate of malicious application on the Android platform, a novel knowledge-based database discovery model that improves apriori association rule mining of a priori algorithm with Particle Swarm Optimization (PSO) is proposed. Particle swarm optimization (PSO) is used to optimize the random generation of candidate detectors and parameters associated with apriori algorithm (AA) for features selection. In this method, the candidate detectors generated by particle swarm optimization form rules using apriori association rule. These rule models are used together with extraction algorithm to classify and detect malicious android application. Using a number of rule detectors, the true positive rate of detecting malicious code is maximized, while the false positive rate of wrongful detection is minimized. The results of the experiments show that the proposed a priori association rule with Particle Swarm Optimization model has remarkable improvement over the existing contemporary detection models.

show abstract

“…Adebayo et al [52] presented a classification system of Android malware using candidate detectors generated from Apriori algorithm improved with particle swarm optimization to train three different supervised classifiers. In this method, features were extracted from Android applications byte-code through static code analysis, selected and used to train supervised classifiers.…”

Section: Apriorimentioning

confidence: 99%

Machine Learning for Analyzing Malware

Liu

Zeng

Yan

et al. 2017

JCSM

View full text Add to dashboard Cite

The Internet has become an indispensable part of people's work and life, but it also provides favorable communication conditions for malwares. Therefore, malwares are endless and spread faster and become one of the main threats of current network security. Based on the malware analysis process, from the original feature extraction and feature selection to malware analysis, this paper introduces the machine learning algorithms such as classification, clustering and association analysis, and how to use these machine learning algorithms to effectively analyze the malware and its variants.

show abstract

Android malware classification using static code analysis and Apriori algorithm improved with particle swarm optimization

Cited by 16 publications

References 25 publications

On the use of artificial malicious patterns for android malware detection

On the use of artificial malicious patterns for android malware detection

Improved Malware Detection Model with Apriori Association Rule and Particle Swarm Optimization

Machine Learning for Analyzing Malware

Contact Info

Product

Resources

About