Detecting Repackaged Android Applications Using Perceptual Hashing

Nguyen, Thanh H.; McDonald, J. Todd; Glisson, William Bradley; Andel, Todd R.

doi:10.24251/hicss.2020.813

Cited by 16 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Of the 1,260 samples, AVG was able to detect 689 samples (54.7%), Lookout 1,003 samples (79.6%), Norton 254 samples (20.2%), and TrendMicro was able to identify 966 samples (76.7%). Nguyen et al [17,30] reported similar results in a study of AV accuracy in detecting repackaged apps, where a newly repackaged botnet version of the popular Snapchat application was not detected by 12 different AV products including AVG, CM Security, Avast, Norton, Kaspersky, and others. In addition, the representative zero-day sample was not detected by online research engines such as Sandroid, AndroTotal, VirusTotal, and OPSWAT [17].…”

Section: Introductionmentioning

confidence: 72%

“…While academicians are interested in detecting malicious activity [17,[30][31], opportunities abound to improve Android malware detection accuracy in commercial AV. Zhou and Jiang [7] evaluated Android malware detection using the following antivirus programs: AVG Antivirus Free v2.9 (AVG), Lookout Security & Antivirus v6.9 (or Lookout), Norton Mobile Security Lite v2.5.0.379 (Norton), and TrendMicro Mobile Security Personal Edition v2.0.0.1294 (TrendMicro).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Machine Learning-Based Android Malware Detection Using Manifest Permissions

McDonald¹,

Herron²,

Glisson³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android's substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy.

show abstract

Section: Introductionmentioning

confidence: 72%

Section: Introductionmentioning

confidence: 99%

Machine Learning-Based Android Malware Detection Using Manifest Permissions

McDonald¹,

Herron²,

Glisson³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the static analysis, the static features are extracted by a specific reverse engineering technique, which does not require running the APK files. The significance of the reverse engineering technique in the static analysis is considered the initial step in preparing a set of features needed for the classification of malware tasks [52].…”

Section: Static Analysismentioning

confidence: 99%

Malware Classification Approaches Utilizing Binary and Text Embedding of Permissions

Zyout

Shatnawi

Najadat

2022

Preprint

View full text Add to dashboard Cite

The development of mobile applications is rapidly increasing with the advances in smartphone technology. These applications are intended to assist mobile users in accomplishing various daily tasks including e-commerce and online services. Many mobile applications were also developed to attack smartphone users. Hence, new challenges have been found such as the difficulty to distinguish between benign and malicious malware categories.In this paper, two approaches for classifying malware applications are presented, including Conv1d (Conventional one dimension) and LSTM (Long short Time Memory). The proposed approaches have modeled and solved the malware classification problem using the natural language processing method. Two encoding techniques, binary and text encoding, were conducted on android permissions as a preprocessing phase. In addition, two other classifiers, the Support Vector Machine (SVM) and K-Nearest Neighbor(KNN) were also reported. The two main approaches were evaluated on well-known dataset, the CICMalDroid2020. The Conv1d-approach and LSTM-approach using text encoding achieved the best classification, i.e., high precision and accuracy (98.16\%, 97.72\% and 96.63\%, 96.69\%, respectively). The Conv1d-approach on binary classification has outperformed the LSTM-approach model when compared with Mal-prem and datasets. The Conv1d-approach achieved the best performance, with 99.3\%,99.80\%, 98.90\%, and 98.95\% of accuracy.

show abstract

“…Just as example, in modern mobile devices the users can easily download applications from the official market but also from non official ones. These last can be untrustworthy and represent a serious threat for the users' data, in fact users usually consider third-party markets to find free versions of applications that are usually paid ones on the official market [1].…”

Section: Introductionmentioning

confidence: 99%

Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

et al. 2020

View full text Add to dashboard Cite

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

show abstract

Detecting Repackaged Android Applications Using Perceptual Hashing

Cited by 16 publications

References 27 publications

Machine Learning-Based Android Malware Detection Using Manifest Permissions

Machine Learning-Based Android Malware Detection Using Manifest Permissions

Malware Classification Approaches Utilizing Binary and Text Embedding of Permissions

Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

Contact Info

Product

Resources

About