Android Malware Permission-Based Multi-Class Classification Using Extremely Randomized Trees

Alswaina, Fahad; Elleithy, Khaled

doi:10.1109/access.2018.2883975

Cited by 39 publications

(24 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this research the problem of overlapping [16], [40] in the domain of multi-class classification [1], [42] is addressed. We suggest that using OVO [46] can improve the performance of base classifiers when treating problems with overlapping.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Addressing the Overlapping Data Problem in Classification Using the One-vs-One Decomposition Strategy

2019

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

“…Multi-class data [1], [42] are frequent in real-world tasks, being a generalization of data with only two classes (binary problems). Multi-class classification data have been traditionally addressed following two different approaches [24]: 1) Algorithm level approaches.…”

Section: Binary Decomposition Strategies For Datasets With Multipmentioning

confidence: 99%

Addressing the Overlapping Data Problem in Classification Using the One-vs-One Decomposition Strategy

2019

View full text Add to dashboard Cite

“…In addition, other malware use an obfuscation technique or encrypted methods which cannot be read or decrypted unless the app is executed. A set of papers [28][29][30][31][32][33][34][35][36][37][38][39]42,[46][47][48]50,52,53,[55][56][57]59,62,63,[65][66][67] used static analysis. Details on the static features used by the papers were discussed in Section 4, Features.…”

Section: Static Analysismentioning

confidence: 99%

“…In [39], the authors use three machine learning techniques: standard classifier such as SVM, ensemble classifier, and Neural Network to classify malware into families. In [48], Alswaina et al use two models to perform familial classification. The authors use the binary representation of the features and weighted importance.…”

Section: Model-basedmentioning

confidence: 99%

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

Self Cite

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

“…The work [39] addressed the concept drifting problem in malware detection, which bridged a fundamental research gap when dealing with evolving malicious software. Alswaina and Elleithy [41] adopted machine learning to analyze and identify the permissions requested by malware. The Extremely Randomized Trees were used to identify a small number of permissions that could be used to attribute the malware into the malware families.…”

Section: B Android Malware Family Classificationmentioning

confidence: 99%

A3CM: Automatic Capability Annotation for Android Malware

et al. 2019

View full text Add to dashboard Cite

Android malware poses serious security and privacy threats to the mobile users. Traditional malware detection and family classification technologies are becoming less effective due to the rapid evolution of the malware landscape, with the emerging of so-called zero-day-family malware families. To address this issue, our paper presents a novel research problem on automatically identifying the security/privacyrelated capabilities of any detected malware, which we refer to as Malware Capability Annotation (MCA). Motivated by the observation that known and zero-day-family malware families share the security/privacyrelated capabilities, MCA opens a new alternative way to effectively analyze zero-day-family malware (the malware that do not belong to any existing families) through exploring the related information and knowledge from known malware families. To address the MCA problem, we design a new MCA hunger solution, Automatic Capability Annotation for Android Malware (A3CM). A3CM works in the following four steps: 1) A3CM automatically extracts a set of semantic features such as permissions, API calls, network addresses from raw binary APKs to characterize malware samples; 2) A3CM applies a statistical embedding method to map the features into a joint feature space, so that malware samples can be represented as numerical vectors; 3) A3CM infers the malicious capabilities by using the multi-label classification model; 4) The trained multi-label model is used to annotate the malicious capabilities of the candidate malware samples. To facilitate the new research of MCA, we create a new ground truth dataset that consists of 6,899 annotated Android malware samples from 72 families. We carry out a large number of experiments based on the four representative security/privacy-related capabilities to evaluate the effectiveness of A3CM. Our results show that A3CM can achieve promising accuracy of 1.00, 0.98 and 0.63 in inferring multiple capabilities of known Android malware, small size-families' malware and zero-day-families' Android malware, respectively.

show abstract

Android Malware Permission-Based Multi-Class Classification Using Extremely Randomized Trees

Cited by 39 publications

References 30 publications

Addressing the Overlapping Data Problem in Classification Using the One-vs-One Decomposition Strategy

Addressing the Overlapping Data Problem in Classification Using the One-vs-One Decomposition Strategy

Android Malware Family Classification and Analysis: Current Status and Future Directions

A3CM: Automatic Capability Annotation for Android Malware

Contact Info

Product

Resources

About