Android malware detection based on system call sequences and LSTM

Xiao, Xi; Zhang, Shaofeng; Mercaldo, Francesco; Hu, Guangwu; Sangaiah, Arun Kumar

doi:10.1007/s11042-017-5104-0

Cited by 193 publications

(96 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…is called dynamic analysis. Before executing the malware sample, the appropriate monitoring tools like Process Monitor [13] and Capture BAT [14] (for file system and registry monitoring), Process Explorer [15] and Process Hackerreplace [16] (for process monitoring), Wireshark [17] (for network monitoring) and Regshot [18] (for system change detection) are installed and activated. Various techniques that can be applied to perform dynamic analysis include function call monitoring, function parameter analysis, information flow tracking, instruction traces and autostart extensibility points etc.…”

Section: Dynamic Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Malware Detection and Analysis Tools

Talukder¹,

Talukder²

2020

IJNSA

View full text Add to dashboard Cite

The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.

show abstract

Section: Dynamic Analysismentioning

confidence: 99%

“…Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12][13][14], based on system call sequences and LSTM [15].…”

mentioning

confidence: 99%

A Survey on Malware Detection and Analysis Tools

Talukder¹,

Talukder²

2020

IJNSA

View full text Add to dashboard Cite

show abstract

“…Methods commonly used for natural language processing are used to preprocess system call traces. The n-gram method is used to construct the system call databases of normal behavior by a sliding window with a single length or multiple lengths [9,10]. Aron Laszka et al [11,12] investigated and claimed that the optimal n-gram is 6-gram in UNM dataset and 7-gram in ADFA-LD dataset.…”

Section: Previous Workmentioning

confidence: 99%

A New Method of Fuzzy Support Vector Machine Algorithm for Intrusion Detection

Liu

2020

Applied Sciences

View full text Add to dashboard Cite

Since SVM is sensitive to noises and outliers of system call sequence data. A new fuzzy support vector machine algorithm based on SVDD is presented in this paper. In our algorithm, the noises and outliers are identified by a hypersphere with minimum volume while containing the maximum of the samples. The definition of fuzzy membership is considered by not only the relation between a sample and hyperplane, but also relation between samples. For each sample inside the hypersphere, the fuzzy membership function is a linear function of the distance between the sample and the hyperplane. The greater the distance, the greater the weight coefficient. For each sample outside the hypersphere, the membership function is an exponential function of the distance between the sample and the hyperplane. The greater the distance, the smaller the weight coefficient. Compared with the traditional fuzzy membership definition based on the relation between a sample and its cluster center, our method effectively distinguishes the noises or outlies from support vectors and assigns them appropriate weight coefficients even though they are distributed on the boundary between the positive and the negative classes. The experiments show that the fuzzy support vector proposed in this paper is more robust than the support vector machine and fuzzy support vector machines based on the distance of a sample and its cluster center.

show abstract

“…KMCCG cannot only improve the learning accuracy, but also maintain robustness to impulse noise. (2) In view of the issue that the algorithm KMCCG will produce a growing RBF network, the sparsification criterion based on the angle is used to control the network structure. (3) For a special time series analysis application in relation to malware prediction, KMCCG is accordingly used to achieve this task, which verifies that our proposed algorithm can achieve higher prediction accuracy with less training time.…”

Section: Introductionmentioning

confidence: 99%

“…The results demonstrate that our proposed algorithm not only has a short training time, but also can achieve high prediction accuracy. network (DNN), then some satisfactory results are achieved in dealing with practical applications, e.g., malware analysis [1,2]. However, there still exists several issues that need to be addressed in using SVM, ANN, and DNN, such as long training time and difficulty in parameter determination.…”

mentioning

confidence: 99%

Kernel Mixture Correntropy Conjugate Gradient Algorithm for Time Series Prediction

Xue

Luo

Gao

et al. 2019

Entropy

View full text Add to dashboard Cite

Kernel adaptive filtering (KAF) is an effective nonlinear learning algorithm, which has been widely used in time series prediction. The traditional KAF is based on the stochastic gradient descent (SGD) method, which has slow convergence speed and low filtering accuracy. Hence, a kernel conjugate gradient (KCG) algorithm has been proposed with low computational complexity, while achieving comparable performance to some KAF algorithms, e.g., the kernel recursive least squares (KRLS). However, the robust learning performance is unsatisfactory, when using KCG. Meanwhile, correntropy as a local similarity measure defined in kernel space, can address large outliers in robust signal processing. On the basis of correntropy, the mixture correntropy is developed, which uses the mixture of two Gaussian functions as a kernel function to further improve the learning performance. Accordingly, this article proposes a novel KCG algorithm, named the kernel mixture correntropy conjugate gradient (KMCCG), with the help of the mixture correntropy criterion (MCC). The proposed algorithm has less computational complexity and can achieve better performance in non-Gaussian noise environments. To further control the growing radial basis function (RBF) network in this algorithm, we also use a simple sparsification criterion based on the angle between elements in the reproducing kernel Hilbert space (RKHS). The prediction simulation results on a synthetic chaotic time series and a real benchmark dataset show that the proposed algorithm can achieve better computational performance. In addition, the proposed algorithm is also successfully applied to the practical tasks of malware prediction in the field of malware analysis. The results demonstrate that our proposed algorithm not only has a short training time, but also can achieve high prediction accuracy.

show abstract

Android malware detection based on system call sequences and LSTM

Cited by 193 publications

References 23 publications

A Survey on Malware Detection and Analysis Tools

A Survey on Malware Detection and Analysis Tools

A New Method of Fuzzy Support Vector Machine Algorithm for Intrusion Detection

Kernel Mixture Correntropy Conjugate Gradient Algorithm for Time Series Prediction

Contact Info

Product

Resources

About