Android malware detection based on image-based features and machine learning techniques

Android is the most widely used operating system in smartphones. Mobile users can download and access apps easily from the play store. Due to lack of security awareness and risk associated with mobile apps, malware apps would be downloaded by normal users in general. The consequences after installing a malware app are unpredictable. Malware apps can gather user personal data, browsing history, user profiles, user sensitive data like passwords. Hence, android malware detection is essential for providing security to mobile users. Android malware detection using machine learning is done either by extracting static features (opcodes, permissions, intents, system commands) or by extracting dynamic features (log behavior, system calls, dataflow). In this paper, opcode sequences are extracted from malware and benign apps, and Recurrent Neural Networks are proposed on extracted sequences. Benign apps are collected from the play store, apkpure.com and malware apps are collected from the virus share website. The proposed Recurrent Neural Network model could achieve 96% accuracy for android malware detection.

show abstract

“…Unver. H [13] converted the android apps into grayscale images. Local and Global features are extracted from grayscale images.…”

Section: Literature Reviewmentioning

confidence: 99%

Android Malware Detection with Deep Learning using RNN from Opcode Sequences

Lakshmanarao

Shashi

2022

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

show abstract

“…[ 32 ] implemented and introduced a color visualization method on classes.dex and AndroidManifest.xml files in malware Android apps and classify the images using CNN-ResNet models. In [ 33 ] paper, classical machine algorithms such as Random Forest, K-nearest Neighbors, Decision Tree, Bagging, AdaBoost, and Gradient Boost were used for classification after constructing feature vectors from gray images, yielded from converting APK contents such as classes.dex to images. [ 34 ] proposed an approach to enhance blockchain user security by implementing RGB image visualization technique on three types of files in Android apps: classes.dex, AndroidManifest.xml, and Certificate.…”

Section: Related Workmentioning

confidence: 99%

“…Some of them used DREBIN alone, such as [ 31 , 36 ], and some of them used only AMD, such as [ 39 ]. However, most of them used a combination of both [ 32 , 33 , 35 , 37 ].…”

Section: Related Workmentioning

confidence: 99%

Android malware analysis in a nutshell

2022

View full text Add to dashboard Cite

This paper offers a comprehensive analysis model for android malware. The model presents the essential factors affecting the analysis results of android malware that are vision-based. Current android malware analysis and solutions might consider one or some of these factors while building their malware predictive systems. However, this paper comprehensively highlights these factors and their impacts through a deep empirical study. The study comprises 22 CNN (Convolutional Neural Network) algorithms, 21 of them are well-known, and one proposed algorithm. Additionally, several types of files are considered before converting them to images, and two benchmark android malware datasets are utilized. Finally, comprehensive evaluation metrics are measured to assess the produced predictive models from the security and complexity perspectives. Consequently, guiding researchers and developers to plan and build efficient malware analysis systems that meet their requirements and resources. The results reveal that some factors might significantly impact the performance of the malware analysis solution. For example, from a security perspective, the accuracy, F1-score, precision, and recall are improved by 131.29%, 236.44%, 192%, and 131.29%, respectively, when changing one factor and fixing all other factors under study. Similar results are observed in the case of complexity assessment, including testing time, CPU usage, storage size, and pre-processing speed, proving the importance of the proposed android malware analysis model.

show abstract

“…e static analysis approach can be affected by code obfuscation and code manipulation techniques [32]. Ünver and Bakour [27] proposed a framework for distinguishing between the Android applications as software or malware. Yang and Wen [33] inspected unzipped files from APK files using images patterns with the help of a random forest classifier.…”

Section: Image-basedmentioning

confidence: 99%

PICAndro: Packet InspeCtion-Based Android Malware Detection

Sihag

Choudhary

Vardhan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The post-COVID epidemic world has increased dependence on online businesses for day-to-day life transactions over the Internet, especially using the smartphone or handheld devices. This increased dependence has led to new attack surfaces which need to be evaluated by security researchers. The large market share of Android attracts malware authors to launch more sophisticated malware (12000 per day). The need to detect them is becoming crucial. Therefore, in this paper, we propose PICAndro that can enhance the accuracy and the depth of malware detection and categorization using packet inspection of captured network traffic. The identified network interactions are represented as images, which are fed in the CNN engine. It shows improved performance with the accuracy of 99.12% and 98.91% for malware detection and malware class detection, respectively, with high precision.

show abstract

Android malware detection based on image-based features and machine learning techniques

Cited by 30 publications

References 36 publications

Android Malware Detection with Deep Learning using RNN from Opcode Sequences

Android Malware Detection with Deep Learning using RNN from Opcode Sequences

Android malware analysis in a nutshell

PICAndro: Packet InspeCtion-Based Android Malware Detection

Contact Info

Product

Resources

About