Android Malware Family Classification Based on Sensitive Opcode Sequence

Jiang, Jianguo; Li, Song; Yu, Min; Li, Gang; Liu, Chao; Chen, Kai; Liu, Hui; Huang, Weiqing

doi:10.1109/iscc47284.2019.8969656

Cited by 18 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, other malware use an obfuscation technique or encrypted methods which cannot be read or decrypted unless the app is executed. A set of papers [28][29][30][31][32][33][34][35][36][37][38][39]42,[46][47][48]50,52,53,[55][56][57]59,62,63,[65][66][67] used static analysis. Details on the static features used by the papers were discussed in Section 4, Features.…”

Section: Static Analysismentioning

confidence: 99%

“…In [66], the authors use a Nearest Neighbor classifier (NN) to classify malware into families. In [35], the authors preprocess the data and extract the sensitive opcode sequence. For the minor families, they use the oversampling technique to overcome this issue.…”

Section: Model-basedmentioning

confidence: 99%

“…In [29,32,35,38,39,42,46,47,50,56,59,60,[63][64][65], a subset of sensitive or suspicious API calls are utilized in their feature set.…”

Section: Static Featuresmentioning

confidence: 99%

“…Permissions used in the app are included as features in [29,38,39,48,59]. Moreover, in [35], sensitive opcode sequence, actions, and strings are utilized in their features. Garcia et al [46,64] added native code-based to their set of features.…”

Section: Static Featuresmentioning

confidence: 99%

“…Fasano et al [36] and Blanc et al [37] use a set of metrics generated from Smali files to measure the quality code of the app to be used as features. However, in [35,53,57,62,67], code-based analysis such as Java bytecode, bytecode frequency, opcode, or opcode sequence are used as features.…”

Section: Static Featuresmentioning

confidence: 99%

See 4 more Smart Citations

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

Section: Static Analysismentioning

confidence: 99%

Section: Model-basedmentioning

confidence: 99%

“…In [29,32,35,38,39,42,46,47,50,56,59,60,[63][64][65], a subset of sensitive or suspicious API calls are utilized in their feature set.…”

Section: Static Featuresmentioning

confidence: 99%

Section: Static Featuresmentioning

confidence: 99%

Section: Static Featuresmentioning

confidence: 99%

See 3 more Smart Citations

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

show abstract

Hybrid sequence‐based Android malware detection using natural language processing

Zhang

Xue

et al. 2021

Int J Intell Syst

View full text Add to dashboard Cite

Android platform has been the target of attackers due to its openness and increasing popularity. Android malware has explosively increased in recent years, which poses serious threats to Android security. Thus proposing efficient Android malware detection methods is curial in defeating malware. Various features extracted from static or dynamic analysis using machine learning have played an important role in malware detection recently. However, existing code obfuscation, code encryption, and dynamic code loading techniques can be employed to hinder systems that single based on static analysis, purely dynamic analysis systems cannot detect all potential code execution paths. To address these issues, we propose CoDroid, a sequence-based hybrid Android malware detection method, which utilizes the sequences of static opcode and dynamic system call. We treat one sequence as a sentence in the natural language processing and construct a CNN-BiLSTM-Attention classifier which consists of Convolutional Neural Networks (CNNs), the Bidirectional Long Short-Term Memory (BiLSTM) with an attention language model. We extensively evaluate CoDroid under a real-world data set and perform comprehensive analysis against other existing related detection methods. The evaluations show the effectiveness and flexibility of CoDroid across a variety of experimental settings.

show abstract

Malware Classification Based on Graph Neural Network Using Control Flow Graph

Xia

Cui

2021

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Android Malware Family Classification Based on Sensitive Opcode Sequence

Cited by 18 publications

References 12 publications

Android Malware Family Classification and Analysis: Current Status and Future Directions

Android Malware Family Classification and Analysis: Current Status and Future Directions

Hybrid sequence‐based Android malware detection using natural language processing

Malware Classification Based on Graph Neural Network Using Control Flow Graph

Contact Info

Product

Resources

About