Malware Detection Using Machine Learning Algorithms and Reverse Engineering of Android Java Code

Kędziora, Michał; Gawin, Paulina; Szczepanik, Michał; Jóźwiak, Ireneusz J.

doi:10.5121/ijnsa.2019.11101

Cited by 15 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Parsing tools can help learn which permissions, packages or services an application offers by analyzing the AndroidManifest.xml file, such as permission android.permission.call phone, which allows an application to misuse calling abilities. The paper elaborates exactly what sort of sensitive API the authors could name by decoding the classes.dex file with the Jadx-gui disassembler [19]. In certain cases, including two permissions in a single app can signify the app's possible malicious attacks.…”

Section: Figure 2 Static Binary Matrix Extractionmentioning

confidence: 99%

“…AdaBoost takes those classified samples and features used by decision trees and generates higher weights for correct results after training on those features again. (x,y) are the stored values by decision trees which are given as input values for AdaBoost to enhance accuracy, hence the model with the highest accuracy in fig19. This program performs in a way that when all the models are done training, the script generates a graph using the plt.bar command to display the algo that classifies most applications correctly.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

et al. 2022

View full text Add to dashboard Cite

Today, Android is one of the most used operating systems in smartphone technology. This is the main reason, Android has become the favorite target for hackers and attackers. Malicious codes are being embedded in Android applications in such a sophisticated manner that detecting and identifying an application as a malware has become the toughest job for security providers. In terms of ingenuity and cognition, Android malware has progressed to the point where they're more impervious to conventional detection techniques. Approaches based on machine learning have emerged as a much more effective way to tackle the intricacy and originality of developing Android threats. They function by first identifying current patterns of malware activity and then using this information to distinguish between identified threats and unidentified threats with unknown behavior. This research paper uses Reverse Engineered Android applications' features and Machine Learning algorithms to find vulnerabilities present in Smartphone applications. Our contribution is twofold. Firstly, we propose a model that incorporates more innovative static feature sets with the largest current datasets of malware samples than conventional methods. Secondly, we have used ensemble learning with machine learning algorithms such as AdaBoost, SVM, etc. to improve our model's performance. Our experimental results and findings exhibit 96.24% accuracy to detect extracted malware from Android applications, with a 0.3 False Positive Rate (FPR). The proposed model incorporates ignored detrimental features such as permissions, intents, API calls, and so on, trained by feeding a solitary arbitrary feature, extracted by reverse engineering as an input to the machine.

show abstract

Section: Figure 2 Static Binary Matrix Extractionmentioning

confidence: 99%

mentioning

confidence: 99%

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

et al. 2022

View full text Add to dashboard Cite

show abstract

“…As mentioned previously, the SVM is able to divide the different classes of components by the help of hyper planes. SVM classification algorithms are divided into linear SVM classification algorithms and nonlinear SVM classification algorithms [23]. Linear SVM classification algorithm classes are split between each other by the help of a straight line.…”

Section: Machine Learning Algorithmsmentioning

confidence: 99%

“…When we employ the SVM algorithms, it has a mathematical method known as the kernel trick. This method is able to make it feasible to obtain the same result like in case that you have added a lot of polynomial features, even in case that the polynomial may be of a very high degree, without being necessary to add all these polynomials [23].…”

Section: Machine Learning Algorithmsmentioning

confidence: 99%

Comparative Analysis of Intrusion Detection System Using Machine Learning and Deep Learning Algorithms

Note¹,

Ali²

2022

AETiC

View full text Add to dashboard Cite

Attacks against computer networks, “cyber-attacks”, are now common place affecting almost every Internet connected device on a daily basis. Organisations are now using machine learning and deep learning to thwart these types of attacks for their effectiveness without the need for human intervention. Machine learning offers the biggest advantage in their ability to detect, curtail, prevent, recover and even deal with untrained types of attacks without being explicitly programmed. This research will show the many different types of algorithms that are employed to fight against the different types of cyber-attacks, which are also explained. The classification algorithms, their implementation, accuracy and testing time are presented. The algorithms employed for this experiment were the Gaussian Naïve-Bayes algorithm, Logistic Regression Algorithm, SVM (Support Vector Machine) Algorithm, Stochastic Gradient Descent Algorithm, Decision Tree Algorithm, Random Forest Algorithm, Gradient Boosting Algorithm, K-Nearest Neighbour Algorithm, ANN (Artificial Neural Network) (here we also employed the Multilevel Perceptron Algorithm), Convolutional Neural Network (CNN) Algorithm and the Recurrent Neural Network (RNN) Algorithm. The study concluded that amongst the various machine learning algorithms, the Logistic Regression and Decision tree classifiers all took a very short time to be implemented giving an accuracy of over 90% for malware detection inside various test datasets. The Gaussian Naïve-Bayes classifier, though fast to implement, only gave an accuracy between 51-88%. The Multilevel Perceptron, non-linear SVM and Gradient Boosting algorithms all took a very long time to be implemented. The algorithm that performed with the greatest accuracy was the Random Forest Classification algorithm.

show abstract

“…A detection accuracy of 94.1% was achieved and an F-score of 92.4% which indicated that the model can successfully detect both malware and benign applications. [21] deployed reverse engineering method and the analysis of Random Forest, kNN, SVM, Naive Bayes and Logistic Regression on java code features in order to study the most effective algorithm for Android malware detection. The study showed that Random Forest had the best detection rate of 80.67% followed by k-NN with 80.33%.…”

Section: Related Workmentioning

confidence: 99%

Anomaly Android Malware Detection: A Comparative Analysis of Six Classifiers

Gyunka¹,

Abikoye

Adekunle³

2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

The high proliferation rate of Android devices has exposed the platform to wider vulnerabilities of increasing malware attacks. Emerging trends of the malware threats are employing highly sophisticated and dynamic detection avoidance techniques. This has continued to weaken the capacity of existing signature-based detection systems in their protection against new and unknown threats. Thus, the need for effective detection approaches for unknown and novel Android malware has remained a growing challenge in the field of mobile and information security. This study therefore aimed at investigating the best performing machine learning classification algorithm for the anomaly Android malware detection, leveraging on permission-based feature sets, by conduction a performance comparison analysis between six different classification algorithms namely: Naïve Bayes, Simple Logistics, Random Forest, PART, k-Nearest Neighbours (k-NN), and Support Vector Machine (SVM). The Machine learning tool that was used for the preprocessing of the feature sets and the classification processes is WEKA 3.8.2 suite. Findings of the study showed that Random Forest had the best detection result with false alarm rate of 2.2%, accuracy of 97.4%, error rate of 2.6% and ROC Area of 99.6%. The study concluded that, using Android permission features, Random Forest and k-Nearest Neighbours recoded best performances in Android malware detection, followed by Support Vector Machine and Simple Logistics classification algorithms. Partial Decision Tree (PART) performed relatively well, while Naïve Baye recorded the least performance. Consequently, the deployment of Random Forest model and k-NN model are recommended for the development of an anomaly Android malware detection paradigm.

show abstract

Malware Detection Using Machine Learning Algorithms and Reverse Engineering of Android Java Code

Cited by 15 publications

References 0 publications

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms

Comparative Analysis of Intrusion Detection System Using Machine Learning and Deep Learning Algorithms

Anomaly Android Malware Detection: A Comparative Analysis of Six Classifiers

Contact Info

Product

Resources

About