scholarly journals Contaminant removal for Android malware detection systems

2017 ◽  
Author(s):  
Lichao Sun ◽  
Xiaokai Wei ◽  
Jiawei Zhang ◽  
Lifang He ◽  
Philip S. Yu ◽  
...  
Keyword(s):  
Malware Detection ◽  
Contaminant Removal ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection

scholarly journals Adversarial Samples on Android Malware Detection Systems for IoT Systems

Sensors ◽  
2019 ◽  
Vol 19 (4) ◽  
pp. 974 ◽  
Author(s):  
Xiaolei Liu ◽  
Xiaojiang Du ◽  
Xiaosong Zhang ◽  
Qingxin Zhu ◽  
Hao Wang ◽  
...  
Keyword(s):  
Detection System ◽  
Fitness Function ◽  
Malware Detection ◽  
Security Analysis ◽  
Machine Learning Algorithms ◽  
Android Malware ◽  
Testing Framework ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Iot Devices

Many IoT (Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a testing framework for learning-based Android malware detection systems (TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android application with a success rate of nearly 100% and can perform black-box testing on the system.

Permission-based Android Malware Detection System Using Feature Selection with Genetic Algorithm

2019 ◽  
Vol 29 (02) ◽  
pp. 245-262 ◽  
Author(s):  
Oktay Yildiz ◽  
Ibrahim Alper Doğru
Keyword(s):  
Genetic Algorithm ◽  
Feature Selection ◽  
Detection System ◽  
Malware Detection ◽  
Support Vector ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Vector Machines ◽  
Accuracy Result

As the use of smartphones increases, Android, as a Linux-based open source mobile operating system (OS), has become the most popular mobile OS in time. Due to the widespread use of Android, malware developers mostly target Android devices and users. Malware detection systems to be developed for Android devices are important for this reason. Machine learning methods are being increasingly used for detection and analysis of Android malware. This study presents a method for detecting Android malware using feature selection with genetic algorithm (GA). Three different classifier methods with different feature subsets that were selected using GA were implemented for detecting and analyzing Android malware comparatively. A combination of Support Vector Machines and a GA yielded the best accuracy result of 98.45% with the 16 selected permissions using the dataset of 1740 samples consisting of 1119 malwares and 621 benign samples.

scholarly journals Deep-Droid: Deep Learning for Android Malware Detection

2020 ◽  
Vol 9 (12) ◽  
pp. 122-125
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Malware Detection ◽  
Learning Approaches ◽  
Android Malware ◽  
Detection Systems ◽  
Learning Framework ◽  
The Past ◽  
Android Malware Detection ◽  
Android Os

Android OS, which is the most prevalent operating system (OS), has enjoyed immense popularity for smart phones over the past few years. Seizing this opportunity, cybercrime will occur in the form of piracy and malware. Traditional detection does not suffice to combat newly created advanced malware. So, there is a need for smart malware detection systems to reduce malicious activities risk. Machine learning approaches have been showing promising results in classifying malware where most of the method are shallow learners like Random Forest (RF) in recent years. In this paper, we propose Deep-Droid as a deep learning framework, for detection Android malware. Hence, our Deep-Droid model is a deep learner that outperforms exiting cutting-edge machine learning approaches. All experiments performed on two datasets (Drebin-215 & Malgenome-215) to assess our Deep-Droid model. The results of experiments show the effectiveness and robustness of Deep-Droid. Our Deep-Droid model achieved accuracy over 98.5%.

scholarly journals On the Feasibility of Adversarial Sample Creation Using the Android System API

Information ◽  
2020 ◽  
Vol 11 (9) ◽  
pp. 433
Author(s):  
Fabrizio Cara ◽  
Michele Scalas ◽  
Giorgio Giacinto ◽  
Davide Maiorca
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Random Noise ◽  
Malware Detection ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Expert Analysis ◽  
The Impact

Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks.

scholarly journals Android Malware Detection through Machine Learning Techniques: A Review

2020 ◽  
Vol 16 (02) ◽  
pp. 14
Author(s):  
Abikoye Oluwakemi Christiana ◽  
Benjamin Aruwa Gyunka ◽  
Akande Noah
Keyword(s):  
Machine Learning ◽  
Malware Detection ◽  
Social Engineering ◽  
Machine Learning Techniques ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Android Os ◽  
Learning Techniques ◽  
The Individual

<p class="0abstract">The open source nature of Android Operating System has attracted wider adoption of the system by multiple types of developers. This phenomenon has further fostered an exponential proliferation of devices running the Android OS into different sectors of the economy. Although this development has brought about great technological advancements and ease of doing businesses (e-commerce) and social interactions, they have however become strong mediums for the uncontrolled rising cyberattacks and espionage against business infrastructures and the individual users of these mobile devices. Different cyberattacks techniques exist but attacks through malicious applications have taken the lead aside other attack methods like social engineering. Android malware have evolved in sophistications and intelligence that they have become highly resistant to existing detection systems especially those that are signature-based. Machine learning techniques have risen to become a more competent choice for combating the kind of sophistications and novelty deployed by emerging Android malwares. The models created via machine learning methods work by first learning the existing patterns of malware behaviour and then use this knowledge to separate or identify any such similar behaviour from unknown attacks. This paper provided a comprehensive review of machine learning techniques and their applications in Android malware detection as found in contemporary literature.</p>

scholarly journals On defending against label flipping attacks on malware detection systems

2020 ◽  
Vol 32 (18) ◽  
pp. 14781-14800 ◽  
Author(s):  
Rahim Taheri ◽  
Reza Javidan ◽  
Mohammad Shojafar ◽  
Zahra Pooranian ◽  
Ali Miri ◽  
...  
Keyword(s):  
Machine Learning ◽  
State Of The Art ◽  
Malware Detection ◽  
Detection Problem ◽  
Classification Rate ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Noise Rate ◽  
Internet Of Thing

Abstract Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.

scholarly journals A static analysis approach for Android permission-based malware detection systems

PLoS ONE ◽  
2021 ◽  
Vol 16 (9) ◽  
pp. e0257968
Author(s):  
Juliza Mohamad Arif ◽  
Mohd Faizal Ab Razak ◽  
Suryanti Awang ◽  
Sharfah Ratibah Tuan Mat ◽  
Nor Syahidatul Nadiah Ismail ◽  
...  
Keyword(s):  
Static Analysis ◽  
Malware Detection ◽  
Feature Selection Method ◽  
Selection Method ◽  
Random Forest Algorithm ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Security Evaluations ◽  
Android Permission

The evolution of malware is causing mobile devices to crash with increasing frequency. Therefore, adequate security evaluations that detect Android malware are crucial. Two techniques can be used in this regard: Static analysis, which meticulously examines the full codes of applications, and dynamic analysis, which monitors malware behaviour. While both perform security evaluations successfully, there is still room for improvement. The goal of this research is to examine the effectiveness of static analysis to detect Android malware by using permission-based features. This study proposes machine learning with different sets of classifiers was used to evaluate Android malware detection. The feature selection method in this study was applied to determine which features were most capable of distinguishing malware. A total of 5,000 Drebin malware samples and 5,000 Androzoo benign samples were utilised. The performances of the different sets of classifiers were then compared. The results indicated that with a TPR value of 91.6%, the Random Forest algorithm achieved the highest level of accuracy in malware detection.

Android Malware Detection Techniques: A Literature Review

2020 ◽  
Vol 14 ◽  
Author(s):  
Meghna Dhalaria ◽  
Ekta Gandotra
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Malware Detection ◽  
Future Research ◽  
Android Malware ◽  
Detection Techniques ◽  
Android Malware Detection ◽  
Future Research Directions ◽  
To Come ◽  
Tools And Techniques

Purpose: This paper provides the basics of Android malware, its evolution and tools and techniques for malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future research directions which could help researchers to come up with robust and accurate techniques for classification of Android malware. Design/Methodology/Approach: This paper provides a review of the basics of Android malware, its evolution timeline and detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically for extracting features and finally classifying these using machine learning and deep learning algorithms. Findings: The number of Android users is expanding very fast due to the popularity of Android devices. As a result, there are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome the constraints of earlier approaches for malware detection. As the evolving malware are complex and sophisticated, earlier approaches like signature based and machine learning based are not able to identify these timely and accurately. The findings from the review shows various limitations of earlier techniques i.e. requires more detection time, high false positive and false negative rate, low accuracy in detecting sophisticated malware and less flexible. Originality/value: This paper provides a systematic and comprehensive review on the tools and techniques being employed for analysis, classification and identification of Android malicious applications. It includes the timeline of Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of extracting features and finally using these features for their detection and classification using machine learning and deep learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides future research directions and insights which could help researchers to come up with innovative and robust techniques for detecting and classifying the Android malware.

Sign in / Sign up

Export Citation Format

Share Document