Android Malware Detection Using Complex-Flows

Shen, Feng; Vecchio, Justin Del; Mohaisen, Aziz; Ko, Steven Y.; Ziarek, Lukasz

doi:10.1109/tmc.2018.2861405

Cited by 52 publications

(30 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…EC2 [42] performs Android malware families prediction through static and dynamic features with the ensemble of supervised and unsupervised classifiers. e closest research studies to our work are presented by Kang et al [19,20], Shen et al [21], and Arp et al [12]. Several efforts [19][20][21] features based on expert analysis to manually extract features, and the evaluation result with the SVM classifier presents a malware detection accuracy of 94%.…”

Section: Malware Family Identificationmentioning

confidence: 80%

“…e closest research studies to our work are presented by Kang et al [19,20], Shen et al [21], and Arp et al [12]. Several efforts [19][20][21] features based on expert analysis to manually extract features, and the evaluation result with the SVM classifier presents a malware detection accuracy of 94%. Compared with these approaches, we use the combination of conventional static features and n-opcode, which can specifically describe the characterization of Android applications.…”

Section: Malware Family Identificationmentioning

confidence: 80%

“…(i) We propose a lightweight defense system for malware detection on smartphones. Unlike all related works [8,[11][12][13][19][20][21], we systematically analyze the combination of conventional static features and n-opcode to make full use of them on malware detection and categorization. (ii) We propose a novel ensemble learning algorithm based on five state-of-the-art supervised classifiers to overcome the drawbacks of them and improve the performance on malware detection.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MobiSentry: Towards Easy and Effective Detection of Android Malware on Smartphones

Ren

Liu

Cheng

et al. 2018

Mobile Information Systems

View full text Add to dashboard Cite

Android platform is increasingly targeted by attackers due to its popularity and openness. Traditional defenses to malware are largely reliant on expert analysis to design the discriminative features manually, which are easy to bypass with the use of sophisticated detection avoidance techniques. Therefore, more effective and easy-to-use approaches for detection of Android malware are in demand. In this paper, we present MobiSentry, a novel lightweight defense system for malware classification and categorization on smartphones. Besides conventional static features such as permissions and API calls, MobiSentry also employs the N-gram features of operation codes (n-opcode). We present two comprehensive performance comparisons among several state-of-the-art classification algorithms with multiple evaluation metrics: (1) malware detection on 184,486 benign applications and 21,306 malware samples, and (2) malware categorization on DREBIN, the largest labeled Android malware datasets. We utilize the ensemble of these supervised classifiers to design MobiSentry, which outperforms several related approaches and gives a satisfying performance in the evaluation. Furthermore, we integrate MobiSentry with Android OS that enables smartphones with Android to extract features and to predict whether the application is benign or malicious. Experimental results on real smartphones show that users can easily and effectively protect their devices against malware through this system with a small run-time overhead.

show abstract

Section: Malware Family Identificationmentioning

confidence: 80%

Section: Malware Family Identificationmentioning

confidence: 80%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MobiSentry: Towards Easy and Effective Detection of Android Malware on Smartphones

Ren

Liu

Cheng

et al. 2018

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…While MaMaDroid does not specifically use the n-grams, it has the same effect in capturing the order of events (here API calls). Similar is the work of Shen et al [64], where n-grams are used over data flows to identify the sub-flows order. Event ordering The basic idea of event order to characterize processes was first explored by Forrest et al in their seminal work [23].…”

Section: Related Workmentioning

confidence: 90%

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Mohaisen¹,

Alrawi²,

Park³

et al. 2018

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.

show abstract

“…Another example arise in the context of software classification, where the objective of the adversary is to force the machine learning algorithm to misclassify a malicious software (malware) as a benign one, for example [20], [21], [22]. In that context, there has been several works that provide involved approaches for such a task.…”

Section: Understanding the Space Of Robust Machine Learningmentioning

confidence: 99%

Computer Systems Have 99 Problems, Let's Not Make Machine Learning Another One

Mohaisen

Chen

2019

2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)

View full text Add to dashboard Cite

Machine learning techniques are finding many applications in computer systems, including many tasks that require decision making: network optimization, quality of service assurance, and security. We believe machine learning systems are here to stay, and to materialize on their potential we advocate a fresh look at various key issues that need further attention, including security as a requirement and system complexity, and how machine learning systems affect them. We also discuss reproducibility as a key requirement for sustainable machine learning systems, and leads to pursuing it.

show abstract

Android Malware Detection Using Complex-Flows

Cited by 52 publications

References 43 publications

MobiSentry: Towards Easy and Effective Detection of Android Malware on Smartphones

MobiSentry: Towards Easy and Effective Detection of Android Malware on Smartphones

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Computer Systems Have 99 Problems, Let's Not Make Machine Learning Another One

Contact Info

Product

Resources

About