IntDroid

2021 ◽  
Vol 30 (3) ◽  
pp. 1-32
Author(s):  
Deqing Zou ◽  
Yueming Wu ◽  
Siru Yang ◽  
Anki Chauhan ◽  
Wei Yang ◽  
...  
Keyword(s):  
Social Network ◽  
Social Network Analysis ◽  
Network Analysis ◽  
Malware Detection ◽  
High Accuracy ◽  
Graph Representation ◽  
Android Malware ◽  
Android Malware Detection ◽  
Call Graphs ◽  
High Scalability

Android, the most popular mobile operating system, has attracted millions of users around the world. Meanwhile, the number of new Android malware instances has grown exponentially in recent years. On the one hand, existing Android malware detection systems have shown that distilling the program semantics into a graph representation and detecting malicious programs by conducting graph matching are able to achieve high accuracy on detecting Android malware. However, these traditional graph-based approaches always perform expensive program analysis and suffer from low scalability on malware detection. On the other hand, because of the high scalability of social network analysis, it has been applied to complete large-scale malware detection. However, the social-network-analysis-based method only considers simple semantic information (i.e., centrality) for achieving market-wide mobile malware scanning, which may limit the detection effectiveness when benign apps show some similar behaviors as malware. In this article, we aim to combine the high accuracy of traditional graph-based method with the high scalability of social-network-analysis--based method for Android malware detection. Instead of using traditional heavyweight static analysis, we treat function call graphs of apps as complex social networks and apply social-network--based centrality analysis to unearth the central nodes within call graphs. After obtaining the central nodes, the average intimacies between sensitive API calls and central nodes are computed to represent the semantic features of the graphs. We implement our approach in a tool called IntDroid and evaluate it on a dataset of 3,988 benign samples and 4,265 malicious samples. Experimental results show that IntDroid is capable of detecting Android malware with an F-measure of 97.1% while maintaining a True-positive Rate of 99.1%. Although the scalability is not as fast as a social-network-analysis--based method (i.e., MalScan ), compared to a traditional graph-based method, IntDroid is more than six times faster than MaMaDroid . Moreover, in a corpus of apps collected from GooglePlay market, IntDroid is able to identify 28 zero-day malware that can evade detection of existing tools, one of which has been downloaded and installed by more than ten million users. This app has also been flagged as malware by six anti-virus scanners in VirusTotal, one of which is Symantec Mobile Insight .

scholarly journals Social Network Analysis in Streaming Call Graphs

2015 ◽  
pp. 239-261 ◽  
Author(s):  
Rui Sarmento ◽  
Márcia Oliveira ◽  
Mário Cordeiro ◽  
Shazia Tabassum ◽  
João Gama
Keyword(s):  
Social Network ◽  
Social Network Analysis ◽  
Network Analysis ◽  
Call Graphs

scholarly journals High accuracy android malware detection using ensemble learning

2015 ◽  
Vol 9 (6) ◽  
pp. 313-320 ◽  
Author(s):  
Suleiman Y. Yerima ◽  
Igor Muttik ◽  
Sakir Sezer
Keyword(s):  
Ensemble Learning ◽  
Malware Detection ◽  
High Accuracy ◽  
Android Malware ◽  
Android Malware Detection

Why an Android App Is Classified as Malware

2021 ◽  
Vol 30 (2) ◽  
pp. 1-29
Author(s):  
Bozhi Wu ◽  
Sen Chen ◽  
Cuiyun Gao ◽  
Lingling Fan ◽  
Yang Liu ◽  
...  
Keyword(s):  
Human Study ◽  
Malware Detection ◽  
Research Area ◽  
High Accuracy ◽  
Classification Result ◽  
Android Malware ◽  
Research Fields ◽  
Android Malware Detection ◽  
Behavior Description ◽  
Malicious Behaviors

Machine learning–(ML) based approach is considered as one of the most promising techniques for Android malware detection and has achieved high accuracy by leveraging commonly used features. In practice, most of the ML classifications only provide a binary label to mobile users and app security analysts. However, stakeholders are more interested in the reason why apps are classified as malicious in both academia and industry. This belongs to the research area of interpretable ML but in a specific research domain (i.e., mobile malware detection). Although several interpretable ML methods have been exhibited to explain the final classification results in many cutting-edge Artificial Intelligent–based research fields, until now, there is no study interpreting why an app is classified as malware or unveiling the domain-specific challenges. In this article, to fill this gap, we propose a novel and interpretable ML-based approach (named XMal ) to classify malware with high accuracy and explain the classification result meanwhile. (1) The first classification phase of XMal hinges multi-layer perceptron and attention mechanism and also pinpoints the key features most related to the classification result. (2) The second interpreting phase aims at automatically producing neural language descriptions to interpret the core malicious behaviors within apps. We evaluate the behavior description results by leveraging a human study and an in-depth quantitative analysis. Moreover, we further compare XMal with the existing interpretable ML-based methods (i.e., Drebin and LIME) to demonstrate the effectiveness of XMal . We find that XMal is able to reveal the malicious behaviors more accurately. Additionally, our experiments show that XMal can also interpret the reason why some samples are misclassified by ML classifiers. Our study peeks into the interpretable ML through the research of Android malware detection and analysis.

scholarly journals Android Malware Detection via Graph Representation Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Pengbin Feng ◽  
Jianfeng Ma ◽  
Teng Li ◽  
Xindi Ma ◽  
Ning Xi ◽  
...  
Keyword(s):  
Neural Network ◽  
Semantic Information ◽  
Malware Detection ◽  
Representation Learning ◽  
Graph Representation ◽  
Security Level ◽  
Android Malware ◽  
Code Coverage ◽  
Android Malware Detection ◽  
Detection Approach

With the widespread usage of Android smartphones in our daily lives, the Android platform has become an attractive target for malware authors. There is an urgent need for developing an automatic malware detection approach to prevent the spread of malware. The low code coverage and poor efficiency of the dynamic analysis limit the large-scale deployment of malware detection methods based on dynamic features. Therefore, researchers have proposed a plethora of detection approaches based on abundant static features to provide efficient malware detection. This paper explores the direction of Android malware detection based on graph representation learning. Without complex feature graph construction, we propose a new Android malware detection approach based on lightweight static analysis via the graph neural network (GNN). Instead of directly extracting Application Programming Interface (API) call information, we further analyze the source code of Android applications to extract high-level semantic information, which increases the barrier of evading detection. Particularly, we construct approximate call graphs from function invocation relationships within an Android application to represent this application and further extract intrafunction attributes, including required permission, security level, and Smali instructions’ semantic information via Word2Vec, to form the node attributes within graph structures. Then, we use the graph neural network to generate a vector representation of the application, and then malware detection is performed on this representation space. We conduct experiments on real-world application samples. The experimental results demonstrate that our approach implements high effective malware detection and outperforms state-of-the-art detection approaches.

Learning features from enhanced function call graphs for Android malware detection

2021 ◽  
Vol 423 ◽  
pp. 301-307
Author(s):  
Minghui Cai ◽  
Yuan Jiang ◽  
Cuiying Gao ◽  
Heng Li ◽  
Wei Yuan
Keyword(s):  
Malware Detection ◽  
Android Malware ◽  
Android Malware Detection ◽  
Function Call ◽  
Call Graphs
Sign in / Sign up

Export Citation Format

Share Document