On building machine learning pipelines for Android malware detection: a procedural survey of practices, challenges and opportunities

Koushki, Masoud Mehrabi; Abualhaol, Ibrahim; Raju, Anandharaju Durai; Zhou, Yang; Giagone, Ronnie Salvador; Huang, Shaoxiong

doi:10.1186/s42400-022-00119-8

Cited by 9 publications

(5 citation statements)

References 83 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An essential and intricate aspect of organizing malware analysis lies in the comprehensive consideration of all aspects and attributes of Android applications, while safeguarding the retention of critical features. Several recent review papers provide comprehensive overviews of past works and research efforts in Android malware analysis [8][9][10][11]. This assumes paramount significance and complexity, notably due to increase in use of obfuscation techniques.…”

Section: Related Workmentioning

confidence: 99%

Android Malware Detection using HexCode Features

Anand,

Singh,

Dhoundiyal

2024

Preprint

View full text Add to dashboard Cite

With the widespread adoption of smartphones, Android has emerged as a preferred and highly targeted platform by malware. The proliferation of malware for Android devices has been exponential and to counter this Android malware detection together with familial classification has to be automated. This paper introduces a dual-pronged approach for Android malware detection and familial classification. The proposed approach employs a static analysis approach to extract Java ARchive (JAR) files from Android application packages (APKs). Our methodology involves utilizing extensive hex strings derived from JAR files and applying n-gram sliding window technique to extract features. To validate the robustness of our model and assess its versatility, we employed both standard and obfuscated malware datasets. A range of machine learning models, including Naive Bayes(NB), Random Forest(RF), Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Decision Tree (DT) and a Convolutional Neural Network (CNN) for familial classification, were employed. The experiments encompassed non-obfuscated malware samples (5560), obfuscated malware samples (15479), and benign samples (6200). Additionally, we conducted a comparative analysis of our model's performance against existing methods, including those based on deep learning.

show abstract

Section: Related Workmentioning

confidence: 99%

Android Malware Detection using HexCode Features

Anand,

Singh,

Dhoundiyal

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…ML algorithms can analyze memory dumps and recognize patterns associated with malware, rootkits, and other malicious activities. it has been used for over a past decade to detect the malwares [5]. By training on labeled data, ML models can learn to identify anomalies and deviations from normal system behavior [6].…”

Section: Machine Learning (Ml) In Memory Analysismentioning

confidence: 99%

Machine Learning and Deep Learning Based Model for the Detection of Rootkits Using Memory Analysis

Noor,

Qadir

2023

Applied Sciences

View full text Add to dashboard Cite

Rootkits are malicious programs designed to conceal their activities on compromised systems, making them challenging to detect using conventional methods. As the threat landscape continually evolves, rootkits pose a serious threat by stealthily concealing malicious activities, making their early detection crucial to prevent data breaches and system compromise. A promising strategy for monitoring system activities involves analyzing volatile memory. This study proposes a rootkit detection model that combines memory analysis with Machine Learning (ML) and Deep Learning (DL) techniques. The model aims to identify suspicious patterns and behaviors associated with rootkits by analyzing the contents of a system’s volatile memory. To train the model, a diverse dataset of known rootkit samples is employed, and ML and deep learning algorithms are utilized. Through extensive experimentation and evaluation using SVM, RF, DT, k-NN, and LSTM algorithms, it is determined that SVM achieves the highest accuracy rate of 96.2%, whereas Execution Time (ET) shows that k-NN depicts the best performance, and LSTM (a DL model) shows the worst performance among the tested algorithms. This research contributes to the development of advanced defense mechanisms and enhances system security against the constantly evolving threat of rootkit attacks.

show abstract

“…However, despite this surge in research activity, most of the review papers that are cited do not primarily focus on examining hybrid approaches. For example, Shu et al [20], Koushki et al [21], and Meijin et al [22] review papers include discussions on malware detection that involve static, dynamic, and hybrid approaches. It is crucial to have a focused review that considers the distinct characteristics of hybrid approaches compared to other approaches, such as static and dynamic approaches.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Android Malware Detection: A Review of Heuristic-Based Approach

Yunmar,

Kusumawardani,

Widyawan

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Over the last decade, numerous research efforts have been dedicated to countering malicious mobile applications. Given its market share, Android OS has been the primary target for most of these apps. Researchers have devised numerous solutions to protect Android devices and their users, categorizing them into static and dynamic approaches. Each of these approaches has its own advantages and disadvantages. The hybrid approach aims to combine the benefits of both. This study closely examines the hybrid solutions proposed between 2012 and 2023, highlighting their strengths and limitations. The objective of this study is to provide a comprehensive review of existing research on Android malware detection using a hybrid approach. Our review identifies several issues related to hybrid detection approaches, including datasets, feature utilization and selection, working environments, detection order mechanisms, integrity of the detection step, detection algorithms, and the use of automated input generation. Key findings of this study include: (i) the majority of studies have not adequately addressed on-device detection and have overlooked the importance of system usability, (ii) many studies rely on outdated datasets that do not accurately represent the current threat landscape, (iii) there is a need for a methodology to detect zero-day attacks, and (iv) most research has not paid attention to the impact of automated input generation on malware behavior and code coverage. We also discuss some open issues and future directions on the aspect that will help to substantiate the hybrid approach study.INDEX TERMS Android malware, heuristic-based detection, hybrid approach.

show abstract

On building machine learning pipelines for Android malware detection: a procedural survey of practices, challenges and opportunities

Cited by 9 publications

References 83 publications

Android Malware Detection using HexCode Features

Android Malware Detection using HexCode Features

Machine Learning and Deep Learning Based Model for the Detection of Rootkits Using Memory Analysis

Hybrid Android Malware Detection: A Review of Heuristic-Based Approach

Contact Info

Product

Resources

About