Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Norouzian, Mohammad Reza; Xu, Peng; Eckert, Claudia; Zarras, Apostolis

doi:10.1007/978-3-030-91356-4_14

Cited by 10 publications

(13 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The comparison result of the proposed method with existing traffic analysis-based methods is presented in Table 7. As shown in the table, the hybrid system [69] achieved excellent results by analyzing both the malware code and TCP traffic. Current traffic analysis-based methods utilize TCP/IP traffic features, and extract upper layer protocol (e.g., HTTP) features if the TCP payload is not encrypted [70].…”

Section: A Malware Detectionmentioning

confidence: 91%

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Saeki

Kitayama

Koga³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

XLoader and FakeSpy, the two major smishing botnets targeting Japan, change their attack strategies over various timescales. Based on recent observations of the botnets and Twitter data, we present empirical facts about their strategies and activity patterns and applied some of these strategic and activity patterns to malware detection and malicious domain detection. All the proposed methods yielded small false positive and negative rates, and are expected to run on user devices owing to their small computational cost. Recent malware detection methods based on traffic analysis extract TCP/IP traffic features if the upper layers of TCP are encrypted. In this study, Frida's hooking capability was employed to decode the upper layers (WebSocket and JSON-RPC) to create a list of all commands flowing over the botnet channel. The command-level traffic analysis presents decisive attack features because commands are transmitted according to strategies developed by the attackers. The proposed malicious domain detection method, on the other hand, exploited the tendency of the attackers to create domains in batches. Previous researchers focused on how benign and malicious domains were registered and used on the name servers. The proposed method, on the other hand, focuses on the arrival rate of SMS messages with URL links. The error rates become significantly small when users do not receive such messages very often.

show abstract

Section: A Malware Detectionmentioning

confidence: 91%

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Saeki

Kitayama

Koga³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Although FCGs offer a global view of function calls executed by the program, they generally lack the intra-procedural information that CFGs provide. To address this, some approaches can be employed by jointly using FCGs and CFGs, where embeddings from CFGs are integrated into the nodes of the FCGs, to capture both intra-procedural and inter-procedural semantic [32,33,53]. In the case of Android malware analysis, a prevalent approach is to statically extract the API call sequences from the application and represent them using a FCG [56,58,59,82].…”

Section: Common Graphmentioning

confidence: 99%

“…The network activity generated by the program can also be monitored during its execution, and a network flow graph can be constructed with IP addresses and/or communication ports as nodes, and edges representing network flows. While some works solely rely on network traffic to detect malware activities [49,50], others enhance their detection capabilities by combining CFGs or FCGs with network data [32,33].…”

Section: Common Graphmentioning

confidence: 99%

“…In this survey, we focus on the analysis of malware detection methods with graph representation learning for Android, Windows and Web platforms, since the vast majority of current state-ofthe-art works are solely based on these platforms. For each of these platforms, we divided the Android-based Detection Network Flow Graph [32,33,49,50] System Call Graph [48] PDG [47] FCG [12, 32, 33, 35-47, 94, 95] CFG [32][33][34] Fig. state-of-the-art into sections based on the input graph structure.…”

Section: Common Graphmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Malware Detection with Graph Representation Learning

Bilot¹,

Madhoun²,

Agha³

et al. 2023

Preprint

View full text Add to dashboard Cite

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Malware and its mitigation; • Computing methodologies → Learning latent representations; Neural networks; Spectral methods.

show abstract

“…However, it has a high computational cost because the images demand a lot of calculation. In another paper, M. R. Norouzian et al [20] presented a 'Hybroid' framework that exhibited 97.0 percent accuracy by using program code structures as static behavioral features and network traffic as dynamic behavioral data. This approach has a dynamic payload problem because it uses a computer code structure.…”

Section: Related Workmentioning

confidence: 99%

MH-DLdroid: A Meta-Heuristic and Deep Learning-Based Hybrid Approach for Android Malware Detection

2022

IJIES

View full text Add to dashboard Cite

With the fast advancement of smartphone technology, the smartphone has emerged as the most prevailing instrument for accessing the Internet and obtaining a wide range of services with a click. Increased use of smartphones for online payments has attracted fraudsters, adding to an increase in malware outbreaks. Mobile application vulnerabilities and malware are the origins of various types of fraud and numerous cyber-attacks. Large datasets are frequently used for malware analysis; however, large datasets may contain many redundant, inappropriate, and noisy features, resulting in misclassification and low detection rates. This paper presents a hybrid approach to Android malware detection that reduces the dimensionality of datasets to reduce resource-intensive computation while preserving critical information. We present a novel hybrid approach for detecting Android malware based on a metaheuristic (modified Intelligent Water Drop Algorithm (IWD)) and Deep Learning (DL) techniques. The studies show that the proposed approach efficiently removes irrelevant attributes and attains significant detection performance with an F1-Score of 93.7%, a precision of 95.35, an accuracy of 99.12%, and a recall rate of 96.68%.

show abstract

Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Cited by 10 publications

References 28 publications

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

A Survey on Malware Detection with Graph Representation Learning

MH-DLdroid: A Meta-Heuristic and Deep Learning-Based Hybrid Approach for Android Malware Detection

Contact Info

Product

Resources

About