scholarly journals Two Anatomists Are Better than One—Dual-Level Android Malware Detection

Symmetry ◽  
2020 ◽  
Vol 12 (7) ◽  
pp. 1128 ◽  
Author(s):  
Vasileios Kouliaridis ◽  
Georgios Kambourakis ◽  
Dimitris Geneiatakis ◽  
Nektaria Potha
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Web Application ◽  
Classification Performance ◽  
Detection Accuracy ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Dynamic Instrumentation ◽  
Android Malware Detection ◽  
Hybrid Solutions

The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, that is, fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-à-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics.

Towards Deep Learning-Based Approach for Detecting Android Malware

2021 ◽  
pp. 2193-2219
Author(s):  
Jarrett Booz ◽  
Josh McGiff ◽  
William G. Hatcher ◽  
Wei Yu ◽  
James Nguyen ◽  
...  
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Learning Environment ◽  
Malware Detection ◽  
Extensive Study ◽  
Detection Accuracy ◽  
Android Malware ◽  
Android Malware Detection ◽  
Mobile Malware Detection ◽  
Optimal Settings

In this article, the authors implement a deep learning environment and fine-tune parameters to determine the optimal settings for the classification of Android malware from extracted permission data. By determining the optimal settings, the authors demonstrate the potential performance of a deep learning environment for Android malware detection. Specifically, an extensive study is conducted on various hyper-parameters to determine optimal configurations, and then a performance evaluation is carried out on those configurations to compare and maximize detection accuracy in our target networks. The results achieve a detection accuracy of approximately 95%, with an approximate F1 score of 93%. In addition, the evaluation is extended to include other machine learning frameworks, specifically comparing Microsoft Cognitive Toolkit (CNTK) and Theano with TensorFlow. The future needs are discussed in the realm of machine learning for mobile malware detection, including adversarial training, scalability, and the evaluation of additional data and features.

scholarly journals FG-Droid: Grouping Based Feature Size Reduction for Android Malware Detection through Machine Learning

2021 ◽  
Author(s):  
Recep Sinan ARSLAN
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Processing Time ◽  
High Accuracy ◽  
User Privacy ◽  
Accuracy Rate ◽  
Feature Size ◽  
Android Malware ◽  
Android Malware Detection ◽  
Android Os

Abstract The number of applications prepared for use on mobile devices has increased rapidly with the widespread use of the Android OS. This has resulted in the undesired installation of Android apks that violate user privacy or malicious. The increasing similarity between Android malware and benign applications makes it difficult to distinguish them from each other and causes a situation of concern for users. In this study, FG-Droid, a machine-learning based classifier with an efficient working system, using the method of grouping the features obtained by static analysis, was proposed. It was created as a result of experiments with Machine learning (ML), DNN, RNN, LSTM and GRU based models using Drebin, Genome and Arslan datasets. Experimental results reveal that FG-Droid has achieved 97.7% AUC score with a vector includes only 11 static features, and ExtraTree algorithm. FG-Droid analyze the applications with using the least number of features compare to previous studies, and required the least processing time for training and prediction. As a result, it has been shown that Android malware can be detected in high accuracy rate with an effective feature set and there is no need to use a large number of features extracted with different techniques (static, dynamic or hybrid).

Towards Deep Learning-Based Approach for Detecting Android Malware

2019 ◽  
Vol 7 (4) ◽  
pp. 1-24 ◽  
Author(s):  
Jarrett Booz ◽  
Josh McGiff ◽  
William G. Hatcher ◽  
Wei Yu ◽  
James Nguyen ◽  
...  
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Learning Environment ◽  
Malware Detection ◽  
Extensive Study ◽  
Detection Accuracy ◽  
Android Malware ◽  
Android Malware Detection ◽  
Mobile Malware Detection ◽  
Optimal Settings

In this article, the authors implement a deep learning environment and fine-tune parameters to determine the optimal settings for the classification of Android malware from extracted permission data. By determining the optimal settings, the authors demonstrate the potential performance of a deep learning environment for Android malware detection. Specifically, an extensive study is conducted on various hyper-parameters to determine optimal configurations, and then a performance evaluation is carried out on those configurations to compare and maximize detection accuracy in our target networks. The results achieve a detection accuracy of approximately 95%, with an approximate F1 score of 93%. In addition, the evaluation is extended to include other machine learning frameworks, specifically comparing Microsoft Cognitive Toolkit (CNTK) and Theano with TensorFlow. The future needs are discussed in the realm of machine learning for mobile malware detection, including adversarial training, scalability, and the evaluation of additional data and features.

scholarly journals Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Xin Wang ◽  
Dafang Zhang ◽  
Xin Su ◽  
Wenjia Li
Keyword(s):  
Machine Learning ◽  
Information Fusion ◽  
Malware Detection ◽  
Parallel Machine ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Android Malware ◽  
Detection Model ◽  
Android Apps ◽  
Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

scholarly journals Runtime Detection Framework for Android Malware

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
TaeGuen Kim ◽  
BooJoong Kang ◽  
Eul Gyu Im
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Suffix Tree ◽  
Malware Detection ◽  
Application Programming Interface ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Dynamic Features ◽  
Android Malware ◽  
Android Malware Detection

As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework.

scholarly journals On the Feasibility of Adversarial Sample Creation Using the Android System API

Information ◽  
2020 ◽  
Vol 11 (9) ◽  
pp. 433
Author(s):  
Fabrizio Cara ◽  
Michele Scalas ◽  
Giorgio Giacinto ◽  
Davide Maiorca
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Random Noise ◽  
Malware Detection ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Expert Analysis ◽  
The Impact

Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks.

scholarly journals What Static Analysis Can Utmost Offer for Android Malware Detection

2019 ◽  
Vol 48 (2) ◽  
pp. 235-240 ◽  
Author(s):  
Abdullah Talha Kabakus
Keyword(s):  
Static Analysis ◽  
Malware Detection ◽  
Machine Learning Techniques ◽  
Experimental Result ◽  
Android Malware ◽  
Static And Dynamic Analysis ◽  
Analysis Techniques ◽  
Android Malware Detection ◽  
Learning Techniques ◽  
Detection Approach

Malicious applications are widespread for Android despite the taken serious actions by the operating system. Static and dynamic analysis techniques are utilized to detect malware by identifying the signatures of malicious applications by inspecting both the resources and behaviors of malware, respectively. In this study, what static analysis can utmost offer to detect malware in Android ecosystem is discussed and experimented on commonly used datasets in the literature by proposing a novel Android malware detection approach based on static analysis techniques. Some novel static analysis features which are proved to be effective in terms of detecting malware in Android ecosystem and are underestimated by the related work in the literature are introduced by proving their effectiveness in this study. The experimental result shows that the proposed Android malware detection approach is very effective in terms of detecting Android malware. Each feature used by the proposed approach is evaluated by using different types of machine learning techniques in order to highlight its impact on detecting malware and inform the digital investigators. The accuracy of the proposed static analysis approach is calculated as high as 0.987 for 10,865 applications.

Android Malware Detection Techniques: A Literature Review

2020 ◽  
Vol 14 ◽  
Author(s):  
Meghna Dhalaria ◽  
Ekta Gandotra
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Malware Detection ◽  
Future Research ◽  
Android Malware ◽  
Detection Techniques ◽  
Android Malware Detection ◽  
Future Research Directions ◽  
To Come ◽  
Tools And Techniques

Purpose: This paper provides the basics of Android malware, its evolution and tools and techniques for malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future research directions which could help researchers to come up with robust and accurate techniques for classification of Android malware. Design/Methodology/Approach: This paper provides a review of the basics of Android malware, its evolution timeline and detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically for extracting features and finally classifying these using machine learning and deep learning algorithms. Findings: The number of Android users is expanding very fast due to the popularity of Android devices. As a result, there are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome the constraints of earlier approaches for malware detection. As the evolving malware are complex and sophisticated, earlier approaches like signature based and machine learning based are not able to identify these timely and accurately. The findings from the review shows various limitations of earlier techniques i.e. requires more detection time, high false positive and false negative rate, low accuracy in detecting sophisticated malware and less flexible. Originality/value: This paper provides a systematic and comprehensive review on the tools and techniques being employed for analysis, classification and identification of Android malicious applications. It includes the timeline of Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of extracting features and finally using these features for their detection and classification using machine learning and deep learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides future research directions and insights which could help researchers to come up with innovative and robust techniques for detecting and classifying the Android malware.

Sign in / Sign up

Export Citation Format

Share Document