scholarly journals TinyDroid: A Lightweight and Efficient Model for Android Malware Detection and Classification

2018 ◽  
Vol 2018 ◽  
pp. 1-9
Author(s):  
Tieming Chen ◽  
Qingyu Mao ◽  
Yimin Yang ◽  
Mingqi Lv ◽  
Jianming Zhu
Keyword(s):  
Malware Detection ◽  
Growth Trend ◽  
Android Malware ◽  
Detection Model ◽  
Android Malware Detection ◽  
Android Applications ◽  
Opcode Sequence ◽  
N Gram ◽  
Static Detection ◽  
Malware Detection And Classification

With the popularity of Android applications, Android malware has an exponential growth trend. In order to detect Android malware effectively, this paper proposes a novel lightweight static detection model, TinyDroid, using instruction simplification and machine learning technique. First, a symbol-based simplification method is proposed to abstract the opcode sequence decompiled from Android Dalvik Executable files. Then, N-gram is employed to extract features from the simplified opcode sequence, and a classifier is trained for the malware detection and classification tasks. To improve the efficiency and scalability of the proposed detection model, a compression procedure is also used to reduce features and select exemplars for the malware sample dataset. TinyDroid is compared against the state-of-the-art antivirus tools in real world using Drebin dataset. The experimental results show that TinyDroid can get a higher accuracy rate and lower false alarm rate with satisfied efficiency.

scholarly journals An Android Malware Detection Model Based on DT-SVM

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Min Yang ◽  
Xingshu Chen ◽  
Yonggang Luo ◽  
Hang Zhang
Keyword(s):  
Decision Tree ◽  
Malware Detection ◽  
Small Sample ◽  
Support Vector ◽  
Android Malware ◽  
Detection Model ◽  
Model Based ◽  
Android Malware Detection ◽  
Svm Algorithm ◽  
N Gram

In order to improve the accuracy and efficiency of Android malware detection, an Android malware detection model based on decision tree (DT) with support vector machine (SVM) algorithm (DT-SVM) is proposed. Firstly, the original opcode, Dalvik opcode, is extracted by reversing Android software, and the eigenvector of the sample is generated by using the n-gram model. Then, a decision tree is generated via training the sample and updating decision nodes as SVM nodes from the bottom up according to the evaluation result of the test set in the decision path. The model effectively combines DT with SVM. Under the premise of maintaining a high-accuracy decision path, SVM is used to effectively reduce the overfitting problem in DT and thus improve the generalization ability, and maintain the superiority of SVM for the small sample training set. Finally, to test our approach, several simulation experiments are carried out, and the results demonstrate that the improved algorithm has better accuracy and higher speed as compared with other malware detection approaches.

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals N-gram Opcode Analysis for Android Malware Detection

2016 ◽  
Vol 1 (1) ◽  
pp. 231-255 ◽  
Author(s):  
BooJoong Kang ◽  
◽  
Suleiman Y. Yerima ◽  
Sakir Sezer ◽  
Kieran McLaughlin ◽  
...  
Keyword(s):  
Malware Detection ◽  
Android Malware ◽  
Android Malware Detection ◽  
N Gram

scholarly journals Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Xin Wang ◽  
Dafang Zhang ◽  
Xin Su ◽  
Wenjia Li
Keyword(s):  
Machine Learning ◽  
Information Fusion ◽  
Malware Detection ◽  
Parallel Machine ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Android Malware ◽  
Detection Model ◽  
Android Apps ◽  
Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

Sign in / Sign up

Export Citation Format

Share Document