DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model

Zhu, Huijuan; You, Zhu-Hong; Zhu, Zexuan; Shi, Wei-Lei; Chen, Xing; Cheng, Li

doi:10.1016/j.neucom.2017.07.030

Cited by 166 publications

(107 citation statements)

References 23 publications

Supporting

Mentioning

104

Contrasting

Unclassified

Order By: Relevance

“…In addition to Malytics, most baselines also provide good performance compared with Zhu [15]. This trend shows the tf -simhashing feature representation is rich and many classifiers can leverage it and provide good performance.…”

Section: Android Malware Detectionmentioning

confidence: 92%

“…Additionally, Hui-Juan's [15] feature extraction is on the basis of static analysis. For example, tf -simhashing feeding to SVM yields 93.35% (±0.16%), 08.00% (±0.48%), 94.77% (±0.25%), 93.44% (±0.16%) for AUC, FNR, precision, and accuracy respectively while Hui-Juan [15] reported 86.00% (±2.0%), 13.82% (±2.3%), 84.13% (±3.5%) and 84.93% (±1.8%) for AUC, FNR, precision, and accuracy respectively when they used SVM as the classifier. malware from the DexShare malware set while the total benign set was used.…”

Section: Android Malware Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Malytics: A Malware Detection Scheme

et al. 2018

View full text Add to dashboard Cite

An important problem of cyber-security is malware analysis. Besides good precision and recognition rate, a malware detection scheme needs to be able to generalize well for novel malware families (a.k.a zero-day attacks). It is important that the system does not require excessive computation particularly for deployment on the mobile devices.In this paper, we propose a novel scheme to detect malware which we call Malytics. It is not dependent on any particular tool or operating system. It extracts static features of any given binary file to distinguish malware from benign. Malytics consists of three stages: feature extraction, similarity measurement and classification. The three phases are implemented by a neural network with two hidden layers and an output layer. We show feature extraction, which is performed by tf -simhashing, is equivalent to the first layer of a particular neural network. We evaluate Malytics performance on both Android and Windows platforms. Malytics outperforms a wide range of learning-based techniques and also individual state-of-the-art models on both platforms. We also show Malytics is resilient and robust in addressing zero-day malware samples. The F1-score of Malytics is 97.21% and 99.45% on Android dex file and Windows PE files respectively, in the applied datasets. The speed and efficiency of Malytics are also evaluated.

show abstract

Section: Android Malware Detectionmentioning

confidence: 92%

Section: Android Malware Detectionmentioning

confidence: 99%

Malytics: A Malware Detection Scheme

et al. 2018

View full text Add to dashboard Cite

show abstract

“…The second tool is a server containing a database to be compared with the sent features to make a decision about the application. In [33], a static analysis-based framework has been proposed, where each of used permissions, sensitive APIs, monitoring system events and permission rate have been used as a feature for training and testing the used classifier. Then, a principal component analysis (PCA) algorithm was adopted for pre-processing the extracted features and an ensemble Rotation Forest RF has been used to classify the android apps into malware or benign.…”

Section: B Static Analysismentioning

confidence: 99%

“…Generally, the benign-ware dataset in most of the studied works such as [33,51,54,61,67,71,[85][86][87][88][89]125] was collected from the official Android app market (Google Play). In some other works, the benign dataset has been collected from the third-party markets such as in [49,94,126,127].…”

Section: Benign Datasetmentioning

confidence: 99%

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

The widespread use of Android-based smartphones made it an important target for malicious applications' developers. So, a large number of frameworks have been proposed to tackle the huge number of daily published malwares. Despite there are many review papers that have been conducted in order to shed light on the works that achieved in Android malware analysing domain, the number of conducted review papers do not fit with the importance of this research field and with the volume of achieved works. Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system. Furthermore, none of the existing review papers contains a schematic model that makes it easy for the reader to know the methods and methodologies used in a particular field of research without much effort. This paper aims at proposing a comprehensive taxonomy and suggesting a new schematic review approach. To this end, a review of a large number of works that achieved between 2009 and 2019 has been conducted. The achieved study includes more than 200 papers that have different goals such as apps' behaviour analysis, automatic user interface triggers or packer/unpacker frameworks development. Also, a comprehensive taxonomy has been proposed so that most of the previous works can be classified under it. To the best of our knowledge, the suggested taxonomy is the widest and the most comprehensive in terms of the covered research trends. Moreover, we have proposed a detailed schematic model (called Schematic Review Model) illustrates the process of detecting the malignant applications of an Android in the light of the studied works and the proposed taxonomy. To our knowledge, this is the first time that the Android malware detection methods have been explained in this way with this amount of detail. Furthermore, the studied researches have been analysed according to multiple criteria such as used analysing method, used features, used detection method, and used dataset. Also, the features used in the studied works were discussed in detail by dividing it into multiple classes. Moreover, the challenges facing Android's malware analysing methods were discussed in detail. Finally, it has been concluded that there are gaps between the size and the goal of the conducted works and the number of malicious apps published every day, so some future works areas have been proposed and discussed.

show abstract

“…Static methods analyze the executable file directly instead of running it. For example, DroidDet [9] statically detects malware by utilizing the rotation forest model. However, this work cannot resist the obfuscated attack.…”

Section: Introductionmentioning

confidence: 99%

Demadroid: Object Reference Graph-Based Malware Detection in Android

Wang

Zhang

2018

Security and Communication Networks

View full text Add to dashboard Cite

Smartphone usage has been continuously increasing in recent years. In addition, Android devices are widely used in our daily life, becoming the most attractive target for hackers. Therefore, malware analysis of Android platform is in urgent demand. Static analysis and dynamic analysis methods are two classical approaches. However, they also have some drawbacks. Motivated by this, we present Demadroid, a framework to implement the detection of Android malware. We obtain the dynamic information to build Object Reference Graph and propose -VF2 algorithm for graph matching. Extensive experiments show that Demadroid can efficiently identify the malicious features of malware. Furthermore, the system can effectively resist obfuscated attacks and the variants of known malware to meet the demand for actual use.

show abstract

DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model

Cited by 166 publications

References 23 publications

Malytics: A Malware Detection Scheme

Malytics: A Malware Detection Scheme

The Android malware detection systems between hope and reality

Demadroid: Object Reference Graph-Based Malware Detection in Android

Contact Info

Product

Resources

About