Android Malware Detection Using Parallel Machine Learning Classifiers

Yerima, Suleiman Y.; Sezer, Sakir; Muttik, Igor

doi:10.1109/ngmast.2014.23

Cited by 87 publications

(43 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Figure 3, is a graph of the respective weighted F-measures. The results of DroidFusion are also compared to those of three classifier combination methods: Majority Vote, Maximum Probability and Average of Probabilities [13], and a meta learning method known as MultiScheme. The MultiScheme approach evaluates a given number of base classifiers in order to select the best model.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Yerima

Sezer

2019

IEEE Trans. Cybern.

Self Cite

147

View full text Add to dashboard Cite

Abstract-Android malware has continued to grow in volume and complexity posing significant threats to the security of mobile devices and the services they enable. This has prompted increasing interest in employing machine learning to improve Android malware detection. In this paper we present a novel classifier fusion approach based on a multilevel architecture that enables effective combination of machine learning algorithms for improved accuracy. The framework (called DroidFusion), generates a model by training base classifiers at a lower level and then applies a set of ranking-based algorithms on their predictive accuracies at the higher level in order to derive a final classifier. The induced multilevel DroidFusion model can then be utilized as an improved accuracy predictor for Android malware detection. We present experimental results on four separate datasets to demonstrate the effectiveness of our proposed approach. Furthermore, we demonstrate that the DroidFusion method can also effectively enable the fusion of ensemble learning algorithms for improved accuracy. Finally, we show that the prediction accuracy of DroidFusion, despite only utilizing a computational approach in the higher level, can outperform Stacked Generalization, a well-known classifier fusion method that employs a meta-classifier approach in its higher level.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Yerima et al [13] compared several classifier fusion methods i.e. Majority vote, Product of probabilities, Maximum probability, and Average of probabilities using J48, Naive Bayes, PART, RIDOR, and Simple Logistic classfiers.…”

Section: Android Malware Detection With Classifier Fusionmentioning

confidence: 99%

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Yerima

Sezer

2019

IEEE Trans. Cybern.

Self Cite

147

View full text Add to dashboard Cite

show abstract

“…En iyi doğruluk oranının olasılıkların çarpımı şemasından geldiği görülmüştür. Şemanın tüm performans sonuçlarının tek sınıflandırıcılardan daha iyi olduğu görülmüştür [13]. Şekil 5'te bu yaklaşımın mimarisi gösterilmiştir.…”

Section: Mobi̇l Kötücül Yazilim (Mobile Malware)unclassified

“…Bileşik paralel sınıflandırıcı yaklaşımı [13] Suarez-Tangil ve arkadaşları metin madenciliği ve bilgi alma tekniklerine dayalı bir sistem olan Dendroid'i önermişlerdir. Bu çalışmada, akıllı telefon kötücül yazılım örnekleri ve ailelerinin onların yazılım bileşenlerinde mevcut olan kod yapılarına dayanarak otomatik olarak analiz edilmesi için metin madenciliği yaklaşımlarının kullanımları araştırılmıştır.…”

Section: Veri̇ Setleri̇ üZeri̇nden Kötücül Yazilim Tespi̇ti̇ Yaklaşimlunclassified

Android Kötücül Yazilim Tespi̇ti̇ Yaklaşimlari

Doğru¹,

Dinçer²

2017

Uluslararasi Bi̇lgi̇ Güvenli̇ği̇ Mühendi̇sli̇ği̇ Dergi̇si̇

View full text Add to dashboard Cite

ÖZETMobil cihazlar, mobil uygulamaların işlevselliklerinin gelişmesiyle birlikte hem iş hem günlük hayatta vazgeçilmez cihazlar olmaya başlamıştır. Kendi cihazını getir iş modeli ile beraber bu cihazlar iş ve kamu kurumlarının ağlarına bağlanarak, beraberinde kötücül yazılımların tüm risklerini organizasyona taşımaktadır. Kötücül davranış, bilgiye ve cihaza yetkisiz erişim dolayısıyla hem kurum hem kişiye karşı ciddi ölçüde tehdit oluşturmaya başlamıştır. Android, açık kaynak çekirdek politikası sebebiyle bu tehditlere çok daha fazla açık bir platformdur. Bu kötücül yazılımları tespit edip önlem almak için tespit mekanizmaları geliştirilmekte, buna karşılık olarak kötücül yazılım geliştiricileri dönüşüm gibi güçlü tekniklerle bu tespit tekniklerinden kaçmayı amaçlamaktadır. Bu çalışmada, Android kötücül yazılım tespiti yaklaşımları sunan farklı çalışmalar incelenmiştir ve bu çalışmalar çeşitli ölçütler bakımından karşılaştırılmıştır.Anahtar Kelimeler: Android malware, kötücül yazılım, kötücül yazılım tespiti, dinamik yaklaşım, statik yaklaşım, imza tabanlı yaklaşım, hibrit yaklaşım ANDROID MALWARE DETECTION APPROACHES ABSTRACTWith the development of the functionality of mobile applications, mobile devices have become essential in both business and daily life. Bring your own device business model permits the employees to connect their own devices to the networks of business and public institutions and carry all the risks of malware together with the organization. Malicious behavior via unprivileged access to information and device has been a serious threat to both organizations and individuals. Android has open source kernel policy, so it is more vulnerable to these threats. Detection approaches have been developed for the mitigation and detection of malware by time. In response to this, malware developers aim to hide from these detection techniques by developing complicated techniques like obfuscation. In this study, various studies presenting Android malware detection approaches have been reviewed and compared in terms of various criteria.

show abstract

“…Previous work has also used app permissions to pinpoint malware [12,13,14]. Sarma et al [12] use risk signals extracted from app permissions, e.g., rare critical permissions (RCP) and rare pairs of critical permissions (RPCP), to train SVM and inform users of the risks vs. benefits tradeoffs of apps.…”

Section: Research In Android Malware Detectionmentioning

confidence: 99%

FairPlay: Fraud and Malware Detection in Google Play

Rahman

Cărbunar

et al. 2016

Proceedings of the 2016 SIAM International Conference on Data Mining

View full text Add to dashboard Cite

Fraudulent behaviors in Google's Android app market fuel search rank abuse and malware proliferation. We present FairPlay, a novel system that uncovers both malware and search rank fraud apps, by picking out trails that fraudsters leave behind. To identify suspicious apps, FairPlay's PCF algorithm correlates review activities and uniquely combines detected review relations with linguistic and behavioral signals gleaned from longitudinal Google Play app data. We contribute a new longitudinal app dataset to the community, which consists of over 87K apps, 2.9M reviews, and 2.4M reviewers, collected over half a year. FairPlay achieves over 95% accuracy in classifying gold standard datasets of malware, fraudulent and legitimate apps. We show that 75% of the identified malware apps engage in search rank fraud. FairPlay discovers hundreds of fraudulent apps that currently evade Google Bouncer's detection technology, and reveals a new type of attack campaign, where users are harassed into writing positive reviews, and install and review other apps.

show abstract

Android Malware Detection Using Parallel Machine Learning Classifiers

Cited by 87 publications

References 16 publications

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Android Kötücül Yazilim Tespi̇ti̇ Yaklaşimlari

FairPlay: Fraud and Malware Detection in Google Play

Contact Info

Product

Resources

About