Static, Dynamic and Intrinsic Features Based Android Malware Detection Using Machine Learning

Mantoo, Bilal Ahmad; Khurana, Surinder Singh

doi:10.1007/978-3-030-29407-6_4

Cited by 16 publications

(10 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To evade the malware detection model, the attacker needs to extract features [6,7] and compute feature values that can evade detection without damaging the malware. This often requires knowledge of the structure inside the detector.…”

Section: Overviewmentioning

confidence: 99%

Code obfuscation based adversarial example generation method

Li¹

2023

International Conference on Internet of Things and Machine Learning (IoTML 2022)

View full text Add to dashboard Cite

Malware is still a big threat to network security, and various types of malware detectors are needed. Deep learning-based classifiers have substantially improved their ability to identify malware samples. However, these detectors suffer from adversarial examples. The samples were made by adding small, carefully selected perturbations to the normal software. Any vulnerability in malware detectors can pose a significant threat to the platforms they defend. However, existing attack methods may not meet the inherent limitations of malware. This paper proposes a new method to generate malware adversarial samples. The original malware is mutated into new samples through semantic analysis of malware, transplantation of code in the program and addition of code at the end. And used to fool the detector. Experiments show that compared with the existing methods, our method has a significant effect on the efficiency of generating adversarial examples and the success rate of the attack.

show abstract

Section: Overviewmentioning

confidence: 99%

Code obfuscation based adversarial example generation method

Li¹

2023

International Conference on Internet of Things and Machine Learning (IoTML 2022)

View full text Add to dashboard Cite

show abstract

“…It extracts static features [23] such as permission, code related information, API and based on them, identifying the nature of application. The second category observes activities during run-time to make decision about the application nature [24]. The third category combines properties from static and dynamic [25].…”

Section: Related Workmentioning

confidence: 99%

“…Combination of features can be exploited. Mantoo and Khurana [24] use this principle on permissions, system calls and intrinsic features with linear discriminant analysis as feature engineering technique. In [37], the authors associate log features related to file I/O, network flows, and cryptographic usage.…”

Section: Related Workmentioning

confidence: 99%

SVDroid: Singular Value Decomposition with CNN for Android Malware Classification

Tchakount,

Ebongue,

Manfouo

et al. 2023

IJCDS

View full text Add to dashboard Cite

During the last decade, Android malware detection has ever preoccupied researchers. The rhythm of creation of sophisticated malicious techniques obliges researchers to look for robust countermeasures. Singular Value Decomposition (SVD) is a powerful in signal processing for image compression. Unlike image-based deep learning detection that directly take images made of .dex properties, SVD-based processing of images is investigated in this work to recognize maliciousness. For that, we associate n-gram for completeness of properties extraction and Simhash for uniqueness of application signatures. SVDroid is proposed to transform applications based on n-gram and Simhash into 32 x 32 grayscale images, then to apply SVD to only remain with valuable features. Machine and deep learning algorithms are applied to automatically extract knowledge to profile applications. Experiments have been conducted on 135 malware and 135 benign applications. Results reveal that the association n-gram, Simhash along with the learning algorithm process positively contributes to the profiling. CNN outperforms six machine learning algorithms with an accuracy of 88.55% and an AUC of 93.45% on average. A study demonstrates that SVDroid is able to improve CNN-based image processing approaches. Exploitation of compression techniques such as SVD should be further studied in mobile malware detection.

show abstract

“…Machine learning (ML) is an approach in which the system learns a pattern, develops a model, and generates predictions by observing only the input data. In implementing malicious detection systems for Android applications, the machine learning analysis approach utilizes several features of the Android app including API calls, permissions, and control flows [17]. However, obtaining such features can be performed by static, dynamic, or hybrid approaches [18].…”

Section: B Static/dynamic Ml-based Analysismentioning

confidence: 99%

“…Various behavior-based characteristics can be acquired during the dynamic analysis such as network traffic activities [25], API calls [26], and system log files [27]. For further classification, the obtained behavioral features are combined in the features dataset [17]. However, since the dynamic analysis is performed in an isolated environment, the malware may change its behavior during its run-time.…”

Section: B Static/dynamic Ml-based Analysismentioning

confidence: 99%

An Automated Vision-Based Deep Learning Model for Efficient Detection of Android Malware Attacks

2022

View full text Add to dashboard Cite

Recently, cybersecurity experts and researchers have given special attention to developing cost-effective deep learning (DL)-based algorithms for Android malware detection (AMD) systems. However, the conventional AMD solutions necessitate extensive computations to achieve high accuracy in detecting Android malware apps. Consequently, there is a significant benefit in utilizing convolution neural networks (CNNs) in vision-based AMD applications to quickly and efficiently learn without prior stages of reverse engineering processes. Thus, this paper introduces an efficient and automated vision-based AMD model composed of 16 well-developed and fine-tuned CNN algorithms. This model precludes the need for a pre-designated features extraction process while generating accurate predictions of malware images with minimum cost and high detection speed. Such performance is achieved with colored or grayscale malware images, whether by using balanced or imbalanced datasets. Firstly, the bytecodes of the "classes.dex" files extracted from the Android benign and malware apps were converted to color and grayscale visual images before forwarding them to the developed CNN algorithms for classification. Then, the detection efficiency of the proposed AMD model was examined and evaluated using the imbalanced benchmark Leopard Android dataset that composes 14733 samples of malware apps and 2486 samples of benign apps. Finally, different experimental scenarios were conducted using balanced and imbalanced Android samples of color and grayscale images generated from the Leopard dataset; to extensively and sufficiently validate the detection and classification performance of the suggested model. A comprehensive assessment classification parameters in the evaluation experiments were applied to prove the high capability of the developed finetuned CNN algorithms in recognizing Android malware attacks with low computational overhead. As a result, the detection accuracy reached 99.40% for balanced samples and 98.05% for imbalanced samples. Furthermore, the proposed AMD model outperforms the existing approaches that utilize conventional vision-based algorithms and tested on the same benchmark Android dataset.

show abstract

Static, Dynamic and Intrinsic Features Based Android Malware Detection Using Machine Learning

Cited by 16 publications

References 1 publication

Code obfuscation based adversarial example generation method

Code obfuscation based adversarial example generation method

SVDroid: Singular Value Decomposition with CNN for Android Malware Classification

An Automated Vision-Based Deep Learning Model for Efficient Detection of Android Malware Attacks

Contact Info

Product

Resources

About