SVM-based malware detection for Android applications

Dai, Guqian; Ge, Jigang; Cai, Minghang; Xu, Daoqian; Li, Wenjia

doi:10.1145/2766498.2774991

Cited by 10 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DREBIN [4] trained Support Vector Machines for classifying malware using number of features: used hardware components, requested permissions, critical and suspicious API calls and network addresses. Similar static techniques can be found in [16,19,38,44,63]. Conversely, dynamic analysis detects malware at runtime.…”

Section: Detecting Malicious Applicationsmentioning

confidence: 80%

Detecting Malicious Collusion Between Mobile Software Applications: The Android TM Case

Asavoae

Blasco

Kalutarage

et al. 2017

Data Analytics and Decision Support for Cybersecurity

View full text Add to dashboard Cite

Malware has been a major problem in desktop computing for decades. With the recent trend towards mobile computing, malware is moving rapidly to mobile platforms. "Total mobile malware has grown 151% over the past year", according to McAfee's quarterly threat report from September 2016. By design, Android is 'open' to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sand-boxing, and permissions. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps for which combined permissions allow them to carry out attacks. In this chapter we report on recent and ongoing research results from our ACID project which suggest a number of reliable means to detect collusion, tackling the aforementioned problems. We present our conceptual work on the topic of collusion and discuss a number of automated tools arising from it.

show abstract

Section: Detecting Malicious Applicationsmentioning

confidence: 80%

Detecting Malicious Collusion Between Mobile Software Applications: The Android TM Case

Asavoae

Blasco

Kalutarage

et al. 2017

Data Analytics and Decision Support for Cybersecurity

View full text Add to dashboard Cite

show abstract

“…DREBIN [9] trained Support Vector Machines for classifying malwares using number of features: used hardware components, requested permissions, critical and suspicious API calls and network addresses. Similar static techniques can be found in [10][11][12][13][14]. Conversely, dynamic analysis detects malware at the run-time.…”

Section: Detecting Malicious Applicationsmentioning

confidence: 84%

Towards a threat assessment framework for apps collusion

2017

View full text Add to dashboard Cite

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel Security TM .

show abstract

“…Figure 6 shows the difference between our solution and the other malware detection schemes. Hybroid demonstrates an accuracy of 97.0% (Figure 6-a), while CIC2017 [13], DREBIN [3], SVM [8], and Adagio [10] demonstrate accuracy of 87.6%, 95.4%, 93.9%, and 89.3%, respectively. Other metrics, such as F1-score, precision, and recall, are also presented in Figures 6-b, 6-c, and 6-d.…”

Section: Performance Of Classifiersmentioning

confidence: 99%

Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Norouzian

Eckert

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid , a hybrid Android malware detection and categorization solution that utilizes program code structures as static behavioral features and network traffic as dynamic behavioral features for detection (binary classification) and categorization (multi-label classification). For static analysis, we introduce a naturallanguage-processing-inspired technique based on function call graph embeddings and design a graph-neural-network-based approach to convert the whole graph structure of an Android app to a vector. For dynamic analysis, we extract network flow features from the raw network traffic by capturing each application's network flow. Finally, Hybroid utilizes the network flow features combined with the graphs' vectors to detect and categorize the malware. Our solution demonstrates 97.0% accuracy on average for malware detection and 94.0% accuracy for malware categorization. Also, we report remarkable results in different performance metrics such as F1-score, precision, recall, and AUC.

show abstract

SVM-based malware detection for Android applications

Abstract: In this paper, we study a SVM-based malware detection scheme for Android application, which integrates both risky permission combinations and vulnerable API calls and use them as features in the SVM algorithm. Preliminary experiments have validated the proposed malware detection scheme.

Cited by 10 publications

References 3 publications

Detecting Malicious Collusion Between Mobile Software Applications: The Android TM Case

Detecting Malicious Collusion Between Mobile Software Applications: The Android TM Case

Towards a threat assessment framework for apps collusion

Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Contact Info

Product

Resources

About