Identifying Android malware with system call co‐occurrence matrices

Xiao, Xi; Xiao, Xianni; Jiang, Yong; Liu, Xuejiao; Ye, Runguo

doi:10.1002/ett.3016

Cited by 29 publications

(12 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Knowledge-based temporal abstraction (KBTA) is used to transform raw data into time-based features. [119] One type of feature is the co-occurrence matrix vector. The co-occurrence matrix is established based on the system call sequence and is then normalized and finally transformed into a vector.…”

Section: ) Feature Selectionmentioning

confidence: 99%

“…Taking the feature of system calls as an example, Refs. [119], [140], and [199] analyze the application based on the sequence of system calls when the application is running. Conversely, Refs.…”

Section: ) Dynamic Featuresmentioning

confidence: 99%

“…[94], [109], [115], [119], [138], [139], [142], [144], [145], [147]- [149], [154], [163], [167], [177], [188], [193], [202], [206], [214]- [216], [218], [244], [248] Linear Model (LM)…”

Section: ) Machine Learning Models and Algorithms Used In Android Maunclassified

“…[3], [88], [100]- [103], [105], [107]- [109], [113]- [117], [119], [121], [136], [137], [139], [140], [143], [147], [151]- [153], [155], [157], [162], [166], [167], [169], [175]- [177], [179]- [181], [183], [187], [189], [190], [192], [193], [195], [202], [207], [212]- [216] K-Nearest Neighbors (KNN)…”

Section: ) Machine Learning Models and Algorithms Used In Android Mamentioning

confidence: 99%

“…[3], [90], [94], [102], [105], [108], [109], [111], [114], [115], [119] , [139], [142], [145], [147], [150]- [153], [163], [170], [171], [173], [177], [179], [186], [189], [190], [192], [193], [195], [200], [205], [206], [208], [215], [245] Online Learning (OL)…”

Section: ) Machine Learning Models and Algorithms Used In Android Maunclassified

See 4 more Smart Citations

A Review of Android Malware Detection Approaches Based on Machine Learning

et al. 2020

View full text Add to dashboard Cite

Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. We believe our work complements the previous reviews by surveying a wider range of aspects of the topic. This paper presents a comprehensive survey of Android malware detection approaches based on machine learning. We briefly introduce some background on Android applications, including the Android system architecture, security mechanisms, and classification of Android malware. Then, taking machine learning as the focus, we analyze and summarize the research status from key perspectives such as sample acquisition, data preprocessing, feature selection, machine learning models, algorithms, and the evaluation of detection effectiveness. Finally, we assess the future prospects for research into Android malware detection based on machine learning. This review will help academics gain a full picture of Android malware detection based on machine learning. It could then serve as a basis for subsequent researchers to start new work and help to guide research in the field more generally.

show abstract

Section: ) Feature Selectionmentioning

confidence: 99%

Section: ) Dynamic Featuresmentioning

confidence: 99%

“…[94], [109], [115], [119], [138], [139], [142], [144], [145], [147]- [149], [154], [163], [167], [177], [188], [193], [202], [206], [214]- [216], [218], [244], [248] Linear Model (LM)…”

Section: ) Machine Learning Models and Algorithms Used In Android Maunclassified

Section: ) Machine Learning Models and Algorithms Used In Android Mamentioning

confidence: 99%

Section: ) Machine Learning Models and Algorithms Used In Android Maunclassified

See 3 more Smart Citations

A Review of Android Malware Detection Approaches Based on Machine Learning

et al. 2020

View full text Add to dashboard Cite

show abstract

Detection of malware applications from centrality measures of syscall graph

Surendran¹,

Thomas²

2022

Concurrency and Computation

View full text Add to dashboard Cite

These days it is found that malware authors tend to create new variants of existing Android malware by using various kinds of obfuscation techniques. These kinds of obfuscated malware applications can bypass all the current antimalware products which rely on static analysis techniques to detect the malicious behavior. Hence, it is essential to develop innovative dynamic analysis mechanisms for Android malware detection. It is known that, the malicious behavior of statically obfuscated malware applications can get reflected in the system call (syscall) trace generated by them. Most of the existing syscall based mechanisms depend only on the features derived from the syscall counts for malware detection. These syscall count related features are inadequate to capture many other useful characteristics related to the syscalls in a sequence.In order to overcome this limitation, we modeled the syscall trace of an application as an ordered graph which enabled to infer various kinds of features in the form of centrality measures related to that syscall trace of the application. Then, these centrality measures are fed to an ML model to predict the malicious behavior. From the implementation results, we found that our mechanism can detect malware apps with an accuracy of 0.99.

show abstract