Machine learning-based dynamic analysis of Android apps with improved code coverage

Yerima, Suleiman Y.; Alzaylaee, Mohammed K.; Sezer, Sakir

doi:10.1186/s13635-019-0087-1

Cited by 26 publications

(16 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yerima et al [27] researched the generation process of stateful events and designed a new method to improve the code coverage in dynamic analysis for malware detection.…”

Section: Dynamic Structural Feature-based Detection Methodsmentioning

confidence: 99%

A Mobile Malware Detection Method Based on Malicious Subgraphs Mining

Cui

Cheng

2021

Security and Communication Networks

View full text Add to dashboard Cite

As mobile phone is widely used in social network communication, it attracts numerous malicious attacks, which seriously threaten users’ personal privacy and data security. To improve the resilience to attack technologies, structural information analysis has been widely applied in mobile malware detection. However, the rapid improvement of mobile applications has brought an impressive growth of their internal structure in scale and attack technologies. It makes the timely analysis of structural information and malicious feature generation a heavy burden. In this paper, we propose a new Android malware identification approach based on malicious subgraph mining to improve the detection performance of large-scale graph structure analysis. Firstly, function call graphs (FCGs), sensitive permissions, and application programming interfaces (APIs) are generated from the decompiled files of malware. Secondly, two kinds of malicious subgraphs are generated from malware’s decompiled files and put into the feature set. At last, test applications’ safety can be automatically identified and classified into malware families by matching their FCGs with malicious structural features. To evaluate our approach, a dataset of 11,520 malware and benign applications is established. Experimental results indicate that our approach has better performance than three previous works and Androguard.

show abstract

“…Yerima et al [27] researched the generation process of stateful events and designed a new method to improve the code coverage in dynamic analysis for malware detection.…”

Section: Dynamic Structural Feature-based Detection Methodsmentioning

confidence: 99%

A Mobile Malware Detection Method Based on Malicious Subgraphs Mining

Cui

Cheng

2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The objects are Blue or Red; the dividing lines identify the border, so an object on the right side is called blue, meaning benign, a general scenario and likewise. This is an example of linear classification, but not all classifications are this basic, and functional groups are needed to differentiate between groups [57], [58].…”

Section: ) Algorithm Characteristics Appraisalmentioning

confidence: 99%

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

et al. 2022

View full text Add to dashboard Cite

Today, Android is one of the most used operating systems in smartphone technology. This is the main reason, Android has become the favorite target for hackers and attackers. Malicious codes are being embedded in Android applications in such a sophisticated manner that detecting and identifying an application as a malware has become the toughest job for security providers. In terms of ingenuity and cognition, Android malware has progressed to the point where they're more impervious to conventional detection techniques. Approaches based on machine learning have emerged as a much more effective way to tackle the intricacy and originality of developing Android threats. They function by first identifying current patterns of malware activity and then using this information to distinguish between identified threats and unidentified threats with unknown behavior. This research paper uses Reverse Engineered Android applications' features and Machine Learning algorithms to find vulnerabilities present in Smartphone applications. Our contribution is twofold. Firstly, we propose a model that incorporates more innovative static feature sets with the largest current datasets of malware samples than conventional methods. Secondly, we have used ensemble learning with machine learning algorithms such as AdaBoost, SVM, etc. to improve our model's performance. Our experimental results and findings exhibit 96.24% accuracy to detect extracted malware from Android applications, with a 0.3 False Positive Rate (FPR). The proposed model incorporates ignored detrimental features such as permissions, intents, API calls, and so on, trained by feeding a solitary arbitrary feature, extracted by reverse engineering as an input to the machine.

show abstract

“…Moreover, the virtual environment can easily be evaded by the botnets using different fingerprinting techniques. In addition, being a dynamic-analysis based approach, the systems effectiveness could be degraded by the lack of complete code coverage [17,18].…”

Section: Related Workmentioning

confidence: 99%

Deep Learning Techniques for Android Botnet Detection

Yerima

Alzaylaee

Shajan³

et al. 2021

Electronics

Self Cite

View full text Add to dashboard Cite

Android is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger botnet are becoming prevalent. This calls for more effective methods for detection of Android botnets. Recently, deep learning has gained attention as a machine learning based approach to enhance Android botnet detection. However, studies that extensively investigate the efficacy of various deep learning models for Android botnet detection are currently lacking. Hence, in this paper we present a comparative study of deep learning techniques for Android botnet detection using 6802 Android applications consisting of 1929 botnet applications from the ISCX botnet dataset. We evaluate the performance of several deep learning techniques including: CNN, DNN, LSTM, GRU, CNN-LSTM, and CNN-GRU models using 342 static features derived from the applications. In our experiments, the deep learning models achieved state-of-the-art results based on the ISCX botnet dataset and also outperformed the classical machine learning classifiers.

show abstract

Machine learning-based dynamic analysis of Android apps with improved code coverage

Cited by 26 publications

References 51 publications

A Mobile Malware Detection Method Based on Malicious Subgraphs Mining

A Mobile Malware Detection Method Based on Malicious Subgraphs Mining

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

Deep Learning Techniques for Android Botnet Detection

Contact Info

Product

Resources

About