PICAndro: Packet InspeCtion-Based Android Malware Detection

Sihag, Vikas; Choudhary, Gaurav; Vardhan, Manu; Singh, Pradeep; Seo, Jungtaek

doi:10.1155/2021/9099476

Cited by 16 publications

(9 citation statements)

References 31 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We validated the model against the dataset described in the previous section. We also compared our proposed method with existing methods, specifically those proposed by Haq et al [44] and Sihag et al [45]. Their datasets were significantly similar to ours and are publicly available.…”

Section: Model Classification Capabilitiesmentioning

confidence: 72%

“…For comparison, Sihag et al [45] used a CNN engine to determine the maliciousness and type of malware by capturing network data packets to generate images, and they achieved accuracy levels of 99.12% and 98.91%, respectively. By contrast, Haq et al [44] used a method for generating images based on entire APK files and applied a CNN model based on transfer learning for training, obtaining an accuracy level of 96.4%.…”

Section: Model Classification Capabilitiesmentioning

confidence: 99%

See 1 more Smart Citation

Android-SEM: Generative Adversarial Network for Android Malware Semantic Enhancement Model Based on Transfer Learning

Huang¹,

Li²,

Qiao³

et al. 2022

Electronics

View full text Add to dashboard Cite

Currently, among the millions of Android applications, there exist numerous malicious programs that pose significant threats to people’s security and privacy. Therefore, it is imperative to develop approaches for detecting Android malware. Recently developed malware detection methods usually rely on various features, such as application programming interface (API) sequences, images, and permissions, thereby ignoring the importance of source code and the associated comments, which are not usually included in malware. Therefore, we propose Android-SEM, which is an Android source code semantic enhancement model based on transfer learning. Our proposed model is built upon the Transformer architecture to achieve a pretraining framework for generating code comments from malware source code. The performance of the pretraining framework is optimized using a generative adversarial network. Our proposed model relies on a novel regression model-based filter to retain high-quality comments and source code for feature fusion pertinent to semantic enhancement. Creatively, and contrary to conventional methods, we incorporated a quantum support vector machine (QSVM) for classifying malicious Android code by combining quantum machine learning and classical deep learning models. The results proved that Android-SEM achieves accuracy levels of 99.55% and 99.01% for malware detection and malware categorization, respectively.

show abstract

Section: Model Classification Capabilitiesmentioning

confidence: 72%

Section: Model Classification Capabilitiesmentioning

confidence: 99%

Android-SEM: Generative Adversarial Network for Android Malware Semantic Enhancement Model Based on Transfer Learning

Huang¹,

Li²,

Qiao³

et al. 2022

Electronics

View full text Add to dashboard Cite

show abstract

“…[ 37 ] mapped permissions to severity levels [ 38 ]to create images to be fed to the CNN model for malware classification. Other methods such as [ 39 ] used network interactions as features to be converted to images to be input for CNN.…”

Section: Related Workmentioning

confidence: 99%

“…The main ones were Drebin and AMD. Some of them used DREBIN alone, such as [ 31 , 36 ], and some of them used only AMD, such as [ 39 ]. However, most of them used a combination of both [ 32 , 33 , 35 , 37 ].…”

Section: Related Workmentioning

confidence: 99%

“…This can be clearly observed in the comparison conducted among the related work and our proposed analysis model, as shown in Table 1 . For example, in terms of the employed CNN algorithms used, most of the related works examined a few models such as VGG16, ResNet, and customized CNN algorithms such as in [ 30 – 32 , 34 – 37 , 39 ]. Moreover, they did not take into consideration all different file formats of Android malware samples.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Android malware analysis in a nutshell

2022

View full text Add to dashboard Cite

This paper offers a comprehensive analysis model for android malware. The model presents the essential factors affecting the analysis results of android malware that are vision-based. Current android malware analysis and solutions might consider one or some of these factors while building their malware predictive systems. However, this paper comprehensively highlights these factors and their impacts through a deep empirical study. The study comprises 22 CNN (Convolutional Neural Network) algorithms, 21 of them are well-known, and one proposed algorithm. Additionally, several types of files are considered before converting them to images, and two benchmark android malware datasets are utilized. Finally, comprehensive evaluation metrics are measured to assess the produced predictive models from the security and complexity perspectives. Consequently, guiding researchers and developers to plan and build efficient malware analysis systems that meet their requirements and resources. The results reveal that some factors might significantly impact the performance of the malware analysis solution. For example, from a security perspective, the accuracy, F1-score, precision, and recall are improved by 131.29%, 236.44%, 192%, and 131.29%, respectively, when changing one factor and fixing all other factors under study. Similar results are observed in the case of complexity assessment, including testing time, CPU usage, storage size, and pre-processing speed, proving the importance of the proposed android malware analysis model.

show abstract