DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Yerima, Suleiman Y.; Sezer, Sakir

doi:10.1109/tcyb.2017.2777960

Cited by 135 publications

(68 citation statements)

References 46 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DroidFusion [4] is a novel classifier fusion approach for Android malware detection which was evaluated on static features i.e. permissions, API calls, intents, commands, and other static app properties.…”

Section: Related Workmentioning

confidence: 99%

“…The dates ranged from 14th February 2012 to 16th January 2016. This initial set of 36,183 applications contained 13,805 malware apps and 22,378 benign (clean) applications from McAfee (Intel Security) and have been utilized in our previous work [4]. The apps were processed using a bespoke APK analysis tool developed in Python to extract static features.…”

Section: A Datasetsmentioning

confidence: 99%

“…Furthermore, code from system libraries and third-party ad libraries were filtered out during the feature extraction process using a list of commonly used ad libraries from [25]. An overview of the utilised feature extraction process can be found in [4].…”

Section: B Application Features Extractionmentioning

confidence: 99%

“…The machine learning classifiers evaluated in the longitudinal performance study include Naïve Bayes (NB), Simple Logistic (SL), Random Forest (RF), Support Vector Machine (SVM), and J48 Decision Tree. For the evaluation, four metrics are considered: True Positive Rate (TPR), False Positive Rate (FPR), Overall accuracy (ACC) and Weighted F-measure (W-FM) [4]. TPR represents the rate of correct classification of the malicious applications, while FPR represents the rate of misclassification of the clean (benign) applications.…”

Section: Machine Learning Classifires and Evaluation Metricsmentioning

confidence: 99%

See 3 more Smart Citations

Longitudinal performance analysis of machine learning based Android malware detectors

Yerima

Khan

2019

2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

Self Cite

View full text Add to dashboard Cite

This paper presents a longitudinal study of the performance of machine learning classifiers for Android malware detection. The study is undertaken using features extracted from Android applications first seen between 2012 and 2016. The aim is to investigate the extent of performance decay over time for various machine learning classifiers trained with static features extracted from date-labelled benign and malware application sets. Using date-labelled apps allows for true mimicking of zero-day testing, thus providing a more realistic view of performance than the conventional methods of evaluation that do not take date of appearance into account. In this study, all the investigated machine learning classifiers showed progressive diminishing performance when tested on sets of samples from a later time period. Overall, it was found that false positive rate (misclassifying benign samples as malicious) increased more substantially compared to the fall in True Positive rate (correct classification of malicious apps) when older models were tested on newer app samples.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: A Datasetsmentioning

confidence: 99%

Section: B Application Features Extractionmentioning

confidence: 99%

Section: Machine Learning Classifires and Evaluation Metricsmentioning

confidence: 99%

See 2 more Smart Citations

Longitudinal performance analysis of machine learning based Android malware detectors

Yerima

Khan

2019

2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Moreover, the method calls and function arguments and instructions were used in [78]. Furthermore, some dangerous Linux commands such as Su, Chmod and Exec have been used as features to reveal the apps' malicious behaviour in some static frameworks like [48,79]. Also, in [79], the apps have been checked to detect the presence of embedded Dex, Jar, So, or ELF files which can reveal the apps' behaviour.…”

Section: Code-based Featuresmentioning

confidence: 99%

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

The widespread use of Android-based smartphones made it an important target for malicious applications' developers. So, a large number of frameworks have been proposed to tackle the huge number of daily published malwares. Despite there are many review papers that have been conducted in order to shed light on the works that achieved in Android malware analysing domain, the number of conducted review papers do not fit with the importance of this research field and with the volume of achieved works. Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system. Furthermore, none of the existing review papers contains a schematic model that makes it easy for the reader to know the methods and methodologies used in a particular field of research without much effort. This paper aims at proposing a comprehensive taxonomy and suggesting a new schematic review approach. To this end, a review of a large number of works that achieved between 2009 and 2019 has been conducted. The achieved study includes more than 200 papers that have different goals such as apps' behaviour analysis, automatic user interface triggers or packer/unpacker frameworks development. Also, a comprehensive taxonomy has been proposed so that most of the previous works can be classified under it. To the best of our knowledge, the suggested taxonomy is the widest and the most comprehensive in terms of the covered research trends. Moreover, we have proposed a detailed schematic model (called Schematic Review Model) illustrates the process of detecting the malignant applications of an Android in the light of the studied works and the proposed taxonomy. To our knowledge, this is the first time that the Android malware detection methods have been explained in this way with this amount of detail. Furthermore, the studied researches have been analysed according to multiple criteria such as used analysing method, used features, used detection method, and used dataset. Also, the features used in the studied works were discussed in detail by dividing it into multiple classes. Moreover, the challenges facing Android's malware analysing methods were discussed in detail. Finally, it has been concluded that there are gaps between the size and the goal of the conducted works and the number of malicious apps published every day, so some future works areas have been proposed and discussed.

show abstract

MUDROID: Android malware detection and classification based on permission and behavior for autonomous vehicles

Tang,

Da,

Wang

et al. 2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

With the growing popularity of autonomous vehicles, ensuring their safety has become a significant concern. Vehicle manufacturers have incorporated the Android operating system to enhance user convenience. However, the Android operating system's diversity and vulnerability may significantly impact autonomous vehicles because these natures lead to a critical threat in autonomous vehicle security: Android malware. The complex nature of multi‐data sources fusion in autonomous driving systems has resulted in low detection efficiency and accuracy for Android malware. Given the security requirements for autonomous‐driving systems, this article presents an Android malware classification method centered around the multifeature fusion and deep learning architecture designed to detect and classify Android malware within autonomous‐driving systems. The proposed MUDROID framework relies on the Android permission mechanism and behavioral feature to formulate a malware classification model. Comprising four essential components—feature extraction, representation, multifeature fusion, and classifier training, MUDROID leverages the advantages of CNN and GCN combination model and is adept at extracting and interpreting multidimensional features, consequently constructing a multifeature fusion classifier to amplify the efficiency and accuracy of Android malware detection and classification. The experiment results support MUDROID's superior classification performance, with an impressive Android malware detection accuracy rate of 98.69% and family classification (95.42%). The proposed method can detect and classify Android malware effectively, thus elevating the security and robustness of the self‐driving system. Additionally, the approach in this article also addresses feature representation issues in detecting malware variants, facilitating the recognition of Android malware variants across diverse platforms.

show abstract

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Cited by 135 publications

References 46 publications

Longitudinal performance analysis of machine learning based Android malware detectors

Longitudinal performance analysis of machine learning based Android malware detectors

The Android malware detection systems between hope and reality

MUDROID: Android malware detection and classification based on permission and behavior for autonomous vehicles

Contact Info

Product

Resources

About