Android Malware Detection Using TCN with Bytecode Image

Zhang, Wenhui; Luktarhan, Nurbol; Ding, Chao; Lu, Bei

doi:10.3390/sym13071107

Cited by 36 publications

(17 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They used a CNN model, which has a precision of 98.3%, to classify malware without relying on any special features. In [ 22 , 24 , 41 , 42 ] CNN and TCN models were used to classify malware with texture features. The proposed deep learning models directly collect the malware images for classification without selecting the special features using descriptors.…”

Section: Resultsmentioning

confidence: 99%

“…Gradient boosting [ 23 ] uses an ensemble of weak prediction models, usually decision trees, to classify malware. A temporal convolutional network (TCN) [ 24 ] is influenced by convolutional architectures, which combine easiness, vector autoregression prediction, and enormously long memory for malware classification. A general meta-approach to machine learning called ensemble learning combines the predictions from various models to improve malware classification performance [ 25 ].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation

Ullah

Naeem

et al. 2022

Sensors

View full text Add to dashboard Cite

Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation

Ullah

Naeem

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…When it comes to extracting images from DEX files, reference [15] used the same method, though they only used the data segment. Reference [16] created grayscale graphics by combining the data segment of DEX files with Android Computational Intelligence and Neuroscience Manifest.xml entries. Such inputs are converted into a temporal convolutional network (TCN) in order to detect mobile malware.…”

Section: Literature Reviewmentioning

confidence: 99%

Explainable Artificial Intelligence-Based IoT Device Malware Detection Mechanism Using Image Visualization and Fine-Tuned CNN-Based Transfer Learning Model

Naeem

Alshammari

Ullah

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Automated malware detection is a prominent issue in the world of network security because of the rising number and complexity of malware threats. It is time-consuming and resource intensive to manually analyze all malware files in an application using traditional malware detection methods. Polymorphism and code obfuscation were created by malware authors to bypass the standard signature-based detection methods used by antivirus vendors. Malware detection using deep learning (DL) approaches has recently been implemented in an effort to address this problem. This study compares the detection of IoT device malware using three current state-of-the-art CNN models that have been pretrained. Large-scale learning performance using GNB, SVM, DT, LR, K-NN, and ensemble classifiers with CNN models is also included in the results. In light of the findings, a pretrained Inception-v3 CNN-based transfer learned model with fine-tuned strategy is proposed to identify IoT device malware by utilizing color image malware display of android Dalvik Executable File (DEX). Inception-v3 retrieves the malware’s most important features. After that, a global max-pooling layer is applied, and a SoftMax classifier is used to classify the features. Finally, gradient-weighted class activation mapping (Grad-CAM) along the t-distributed stochastic neighbor embedding (t-SNE) is used to understand the overall performance of the proposed method. The proposed method achieved an accuracy of 98.5% and 91%, respectively, in the binary and multiclass prediction of malware images from IoT devices, exceeding the comparison methods in different evaluation parameters.

show abstract

“…Finally, the hybrid method is proposed to increase classification success and eliminate the limitations of static and dynamic methods. However, it requires more processing time and memory space, making it very difficult to use on mobile devices with limited resources 16 . In addition to these main approaches, probabilistic detection methods are also available 17 .…”

Section: Introductionmentioning

confidence: 99%

“…However, it requires more processing time and memory space, making it very difficult to use on mobile devices with limited resources. 16 In addition to these main approaches, probabilistic detection methods are also available. 17 Probabilistic estimation is made based on different parameters such as compute load, memory usage, and comprehensibility.…”

mentioning

confidence: 99%

AMD‐CNN: Android malware detection via feature graph and convolutional neural networks

Arslan

Taşyürek

2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Android malware has become a serious threat to mobile device users, and effective detection and defence architectures are needed to solve this problem. Recently, machine learning techniques have been widely used to deal with Android malicious apps. These methods are based on a simple feature set and have difficulty detecting up‐to‐date malware. Therefore, more robust and efficient classification methodologies are needed. In this article, AMD‐CNN, an Android malware detection tool, is proposed, and it uses graphical representations to detect malicious apks. In the first step, the features related to the androidmanifest.xml file are extracted and converted into a vector consisting of one or zero. The feature vector is then converted to 2D‐code images and used in training the CNN network. The model needs low‐resource consumption to run on mobile devices and allow real‐time applications to be analyzed. The experiments with 1920 malicious and benign apks show that the malware detection rate (accuracy) was 96.2% and precision, recall, and F‐score values were 97.9%, 98.2%, and 98.1%, respectively. The average time and memory space to analyze each application are 0.035 s and 3.38 MB. AMD‐CNN is an efficient and robust tool and has advantages over previous studies.

show abstract

Android Malware Detection Using TCN with Bytecode Image

Cited by 36 publications

References 23 publications

Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation

Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation

Explainable Artificial Intelligence-Based IoT Device Malware Detection Mechanism Using Image Visualization and Fine-Tuned CNN-Based Transfer Learning Model

AMD‐CNN: Android malware detection via feature graph and convolutional neural networks

Contact Info

Product

Resources

About