Web-Based Android Malicious Software Detection and Classification System

Doğru, İbrahim Alper; Kiraz, Ömer

doi:10.3390/app8091622

Cited by 23 publications

(11 citation statements)

References 29 publications

(53 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mostly, these methods are non-signature-based and are capable of handling some of the common bottlenecks of traditional signature-based detection methods, such as the detection of "unknown" and "zero-day" malware. Based on the feature extraction method, ML-based techniques are grouped as static, dynamic and hybrid [12]. In the static method, the Android app is not executed, while the dynamic method executes samples in a controlled environment.…”

Section: Machine-learning-based Android Malware Detectionmentioning

confidence: 99%

“…The following research works have been done in the direction of providing online services and platforms to perform analysis and classification of Android malware, quite similar to what we proposed in this article. In [12], the author developed a web-based Android malware detection and classification application following client-server architecture which helps users to submit and analyze apps based on static analysis. In Table 1, a summary of the key features of various similar platforms is presented.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting

Kumar¹,

Agarwal

Shandilya³

et al. 2020

Future Internet

View full text Add to dashboard Cite

Android malware has become the topmost threat for the ubiquitous and useful Android ecosystem. Multiple solutions leveraging big data and machine-learning capabilities to detect Android malware are being constantly developed. Too often, these solutions are either limited to research output or remain isolated and incapable of reaching end users or malware researchers. An earlier work named PACE (Platform for Android Malware Classification and Performance Evaluation), was introduced as a unified solution to offer open and easy implementation access to several machine-learning-based Android malware detection techniques, that makes most of the research reproducible in this domain. The benefits of PACE are offered through three interfaces: Representational State Transfer (REST) Application Programming Interface (API), Web Interface, and Android Debug Bridge (ADB) interface. These multiple interfaces enable users with different expertise such as IT administrators, security practitioners, malware researchers, etc. to use their offered services. In this paper, we propose PACER (Platform for Android Malware Classification, Performance Evaluation, and Threat Reporting), which extends PACE by adding threat intelligence and reporting functionality for the end-user device through the ADB interface. A prototype of the proposed platform is introduced, and our vision is that it will help malware analysts and end users to tackle challenges and reduce the amount of manual work.

show abstract

Section: Machine-learning-based Android Malware Detectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting

Kumar¹,

Agarwal

Shandilya³

et al. 2020

Future Internet

View full text Add to dashboard Cite

show abstract

“…Their system detects malware by observing the network patterns of applications and the same research claims that there is pattern similarity of network traffic patterns of different applications with the same functions. A web-based android malware detection and classification system has been proposed [41] where they developed an auto-trigger view identification in addition to a droidbox structure. Android malicious software detection is outside the scope of this paper.…”

Section: Dynamic Analysis Processmentioning

confidence: 99%

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Bruce¹,

Kim

Kang

et al. 2019

Applied Sciences

View full text Add to dashboard Cite

Data-driven public security networking and computer systems are always under threat from malicious codes known as malware; therefore, a large amount of research and development is taking place to find effective countermeasures. These countermeasures are mainly based on dynamic and statistical analysis. Because of the obfuscation techniques used by the malware authors, security researchers and the anti-virus industry are facing a colossal issue regarding the extraction of hidden payloads within packed executable extraction. Based on this understanding, we first propose a method to de-obfuscate and unpack the malware samples. Additional, cross-method-based big data analysis to dynamically and statistically extract features from malware has been proposed. The Application Programming Interface (API) call sequences that reflect the malware behavior of its code have been used to detect behavior such as network traffic, modifying a file, writing to stderr or stdout, modifying a registry value, creating a process. Furthermore, we include a similarity analysis and machine learning algorithms to profile and classify malware behaviors. The experimental results of the proposed method show that malware detection accuracy is very useful to discover potential threats and can help the decision-maker to deploy appropriate countermeasures.

show abstract

“…Thus, it is substantially important to consider the data aggregations caused re-identification at the ultimate app owners' end ( Figure 1). Therefore, a concrete classification of PII on the above issue is highly needed to reduce the risk of specific PII leakage [23]. Existing privacy risk-models do not consider this data aggregation fact [20,[39][40][41].…”

Section: Problem Statement and Motivationmentioning

confidence: 99%

“…However, identity profiling by app producing companies via 'app permissions' is nothing new [7,9,17,18], rather personal data collected via app permissions' permissions' are frequently breaching user's PII [14,19]. As today's mobile device are facilitated with advanced sensors, apps are allowed to collect diverse personal data [20][21][22][23].…”

Section: Introductionmentioning

confidence: 99%

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.

show abstract

Web-Based Android Malicious Software Detection and Classification System

Cited by 23 publications

References 29 publications

PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting

PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Personal Information Classification on Aggregated Android Application’s Permissions

Contact Info

Product

Resources

About