Generative versus discriminative classifiers for android anomaly-based detection system using system calls filtering and abstraction process

Amamra, Abdelfattah; Robert, Jean‐Marc; Abraham, A.; Talhi, Chamseddine

doi:10.1002/sec.1555

Cited by 13 publications

(7 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"Means" refers to the average distance between the center of each cluster and the data. As a result, the K-means algorithm was used less [47,56,68,81,97,98,111,139].…”

Section: Algorithms Of Unsupervised Learningmentioning

confidence: 99%

Section: Rq3 What Are the Limitations Of The Current Research?mentioning

confidence: 99%

“…While we were not able to find any study that utilized unsupervised learning that focused on server and network attacks, we were able to identify the studies that focused on the client software [56,81,185,202] and client hardware [139,200]. Amara et al [81] improved abnormal-based detection technology by examining two factors that caused low accuracy in detection technology. is study extracted the main behavior of the application using a system called the filtering and abstraction process and characterized benign behavior using a machine learning classifier.…”

Section: Rq3 What Are the Limitations Of The Current Research?mentioning

confidence: 99%

See 2 more Smart Citations

A Systematic Overview of the Machine Learning Methods for Mobile Malware Detection

Kim

Lee

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

With the deployment of the 5G cellular system, the upsurge of diverse mobile applications and devices has increased the potential challenges and threats posed to users. Industry and academia have attempted to address cyber security challenges by implementing automated malware detection and machine learning algorithms. This study expands on previous research on machine learning-based mobile malware detection. We critically evaluate 154 selected articles and highlight their strengths and weaknesses as well as potential improvements. We explore the mobile malware detection techniques used in recent studies based on attack intentions, such as server, network, client software, client hardware, and user. In contrast to other SLR studies, our study classified the means of attack as supervised and unsupervised learning. Therefore, this article aims at providing researchers with in-depth knowledge in the field and identifying potential future research and a framework for a thorough evaluation. Furthermore, we review and summarize security challenges related to cybersecurity that can lead to more effective and practical research.

show abstract

“…"Means" refers to the average distance between the center of each cluster and the data. As a result, the K-means algorithm was used less [47,56,68,81,97,98,111,139].…”

Section: Algorithms Of Unsupervised Learningmentioning

confidence: 99%

Section: Rq3 What Are the Limitations Of The Current Research?mentioning

confidence: 99%

Section: Rq3 What Are the Limitations Of The Current Research?mentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Overview of the Machine Learning Methods for Mobile Malware Detection

Kim

Lee

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In Amamra et al (2016) , a malware detection mechanism using tracking behavioral system call traces was proposed. Malicious activities were predicted by examining the frequency of behavioral system calls with a previously trained classifier.…”

Section: Literature Reviewmentioning

confidence: 99%

AndroAnalyzer: android malicious software detection based on deep learning

Arslan¹

2021

PeerJ Computer Science

View full text Add to dashboard Cite

Background Technological developments have a significant effect on the development of smart devices. The use of smart devices has become widespread due to their extensive capabilities. The Android operating system is preferred in smart devices due to its open-source structure. This is the reason for its being the target of malware. The advancements in Android malware hiding and detection avoidance methods have overridden traditional malware detection methods. Methods In this study, a model employing AndroAnalyzer that uses static analysis and deep learning system is proposed. Tests were carried out with an original dataset consisting of 7,622 applications. Additional tests were conducted with machine learning techniques to compare it with the deep learning method using the obtained feature vector. Results Accuracy of 98.16% was achieved by presenting a better performance compared to traditional machine learning techniques. Values of recall, precision, and F-measure were 98.78, 99.24 and 98.90, respectively. The results showed that deep learning models using trace-based feature vectors outperform current cutting-edge technology approaches.

show abstract

“…Amamra et al presented a detection framework using system calls having the possibility to be implemented in the resource‐constrained environment. To address this issue, they proposed filtering and abstraction process on 200 popular applications.…”

Section: Related Workmentioning

confidence: 99%

Identification of Android malware using refined system calls

Deepa

Radhamani²,

Vinod

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

The ever increasing number of Android malware has always been a concern for cybersecurity professionals. Even though plenty of anti-malware solutions exist, we hypothesize that the performance of existing approaches can be improved by deriving relevant attributes through effective feature selection methods. In this paper, we propose a novel two-step feature selection approach based on Rough Set and Statistical Test named as RSST to extract refined system calls, which can effectively discriminate malware from benign apps. By refined set of system call, we mean the existence of highly relevant calls that are uniformly distributed thought target classes. Moreover, an optimal attribute set is created, which is devoid of redundant system calls.To address the problem of higher dimensional attribute set, we derived suboptimal system call space by applying the proposed feature selection method to maximize the separability between malware and benign samples. Comprehensive experiments conducted on three datasets resulted in an accuracy of 99.9%, Area Under Curve (AUC) of 1.0, with 1% False Positive Rate (FPR).However, other feature selectors (Information Gain, CFsSubsetEval, ChiSquare, FreqSel, and Symmetric Uncertainty) used in the domain of malware analysis resulted in the accuracy of 95.5% with 8.5% FPR. Moreover, the empirical analysis of RSST derived system calls outperformed other attributes such as permissions, opcodes, API, methods, call graphs, Droidbox attributes, and network traces.

show abstract

Generative versus discriminative classifiers for android anomaly-based detection system using system calls filtering and abstraction process

Cited by 13 publications

References 36 publications

A Systematic Overview of the Machine Learning Methods for Mobile Malware Detection

A Systematic Overview of the Machine Learning Methods for Mobile Malware Detection

AndroAnalyzer: android malicious software detection based on deep learning

Identification of Android malware using refined system calls

Contact Info

Product

Resources

About