Black box analysis of android malware detectors

Nellaivadivelu, Guruswamy; Troia, Fabio Di; Stamp, Mark

doi:10.1016/j.array.2020.100022

Cited by 8 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is divided into the host application and the malicious plugins. The nine plugins the malware abuses are Online, Task, Update, File, Location, Contact, Camera, Radio, and WIFI [847]- [851].…”

Section: Spyware (Trojan Clicker)mentioning

confidence: 99%

“…This package impersonates IEC in some characteristics. Once installed, it installs the spyware on the device [847], [856]. Subsequently, the collected CNN models were then tested.…”

Section: Spyware Operation-electric-powdermentioning

confidence: 99%

“…Many attackers disguise their malware as TubeMate. It also displays multiple pop-up ads[324],[552]-[554].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

View full text Add to dashboard Cite

Billions of people globally use Android devices a . As such, these devices are highly targeted by security attackers. One of the most threatening attacks is to infect devices with malicious software (malware). Fortunately, there are various ways to counteract these attacks and prevent them. One of these methods is developing a comprehensive malware dataset that researchers can utilize for malware analysis, detection, prediction, and prevention systems. This paper introduces a unique, up-to-date, labeled Android malware dataset (Maloid-DS) comprising a comprehensive set of malware families that reached 345 families with 47,971 malware samples. First, we intensely studied existing datasets utilized by previous research works. These datasets are limited in (a) the number of studied families, (b) the number of samples under each family, (c) the number of new malware samples, (d) the proper categorization of the malware families, (e) the accurate mapping of the sample with its corresponding malware family, (f) providing well structuring of the malware families and subfamilies, and (g) presenting a profound description of each family behavior. All these limitations were seriously tackled by introducing Maloid-DS. The process of creating Maloid is detailed in this paper. Moreover, several case studies are demonstrated in this paper to show the value of Maloid and how different types of analysis systems and AI-based detection and prediction solutions could utilize it. While the full potential of Maloid-DS in real-world scenarios is subject to ongoing research and practical application, it represents a substantial contribution to the cybersecurity community, offering a broad and detailed foundation for protecting Android devices against malware threats.

show abstract

Section: Spyware (Trojan Clicker)mentioning

confidence: 99%

“…This package impersonates IEC in some characteristics. Once installed, it installs the spyware on the device [847], [856]. Subsequently, the collected CNN models were then tested.…”

Section: Spyware Operation-electric-powdermentioning

confidence: 99%

See 1 more Smart Citation

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Android consumers have the power to authorize or reject applications that have been installed (Sarkar et al, 2019). There are several ways to obfuscate code in an Android world, and many off-the-shelf code obfuscators are available for that reason (Nellaivadivelu et al, 2020).…”

Section: Importance Of Android Systemsmentioning

confidence: 99%

A machine learning technique for Android malicious attacks detection based on API calls

AL-Akhras,

Alghamdi,

Omar

et al. 2024

10.5267/j.dsl

View full text Add to dashboard Cite

Android malware is widespread and it is considered as one of the most threatening attacks recently. The threat is targeting to damage access data or information or leaking them; in general, malicious software consists of viruses, worms, and other malware. Current malware attempts to prevent being detected by any software or anti-virus. This paper describes recent Android malware detection static and interactive approaches as well as several open-source malware datasets. The paper also examines the most current state-of-the-art Android malware identification techniques including identifying by comparative evaluation the gaps between these techniques. As a result, an API-based dynamic malware detection framework is proposed for Android to provide a dynamic paradigm for malware detection. The proposed framework was closely inspected and checked for reliability where meaningful API packages and methods were discovered.

show abstract

“…[Mathews, 2019] utilized the LIME (Local Interpretable Model-Agnostic Explanations) algorithm to classify malware and provided a general explanation of explainable artificial intelligence (XAI), referencing important principles for evaluating explainability. [Nellaivadivelu et al, 2020] conducted a black-box study of the Android malware system, analyzing which features a classification model relies on for making decisions. [Fan et al, 2020] evaluated five distinct local and model-agnostic explanation approaches for Android malware analysis -LIME, Anchor, LORE (LOcal Rule-based Explanations) SHAP (Shapley Additive Explanations) , and LEMNA (Local Explanation Method using Nonlinear Approximation) [Guo et al, 2018]).…”

Section: Background and Related Workmentioning

confidence: 99%

Explaining the Effectiveness of Machine Learning in Malware Detection: Insights from Explainable AI

Bragança,

Rocha,

Souto

et al. 2023

Anais Do XXIII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2023)

View full text Add to dashboard Cite

We use Explainable Artificial Intelligence (XAI) to understand and assess the decisions made by ML models in Android malware detection. To evaluate malware detection, we conducted experiments using seven datasets. Our findings indicate that it is possible to accurately identify malware across multiple datasets. However, each dataset may have a different collection of features available. We also discuss the implications of incorporating expert-dependent features into the malware detection procedure. Such features have the potential to increase model accuracy by detecting minor indicators of harmful behaviour that automated algorithms may miss. However, because of the necessity for in-depth manual analysis, this strategy increases the resource and time requirements. It also risks adding human bias into the models and raises scaling issues in the continuously developing Android application landscape. Our results suggest that XAI techniques should be used to help malware analysis researchers understand how ML models work, rather than only concentrating on increasing accuracy.

show abstract

Black box analysis of android malware detectors

Cited by 8 publications

References 11 publications

Maloid-DS: Labeled Dataset for Android Malware Forensics

Maloid-DS: Labeled Dataset for Android Malware Forensics

A machine learning technique for Android malicious attacks detection based on API calls

Explaining the Effectiveness of Machine Learning in Malware Detection: Insights from Explainable AI

Contact Info

Product

Resources

About