Qing Yang,Xiaoliang Wang,Jing Zheng,Wenqi Ge,Ming Bai,Frank Jiang

DOI: https://doi.org/10.3837/tiis.2021.06.014

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

Buket Doğan,Esra Calik Bayazit,O. K. Sahingoz

DOI: https://doi.org/10.1109/hora55278.2022.9800057

2022-06-09

Abstract:In recent years, smart mobile devices have become indispensable due to the availability of office applications, the Internet, game applications, vehicle guidance or similar most of our daily lives applications in addition to traditional services such as voice calls, SMSs, and multimedia services. Due to Android's open source structure and easy development platforms, the number of applications on Google Play, the official Android app store increased day by day. This also brig some security related issues for the end users. The increased popularity of Android operating system on mobile devices, and the associated financial benefits attracted attackers for developing some malware for these devices, which results a significant increase in the number of Android malware applications. To detect this type of security threats, signature based detection (static detection) in generally preferred due to its easy applicability and fast identification ability. Therefore in this study it is aimed to implement an up-to-date, effective, and reliable malware detection system with the help of some deep learning algorithms. In the proposed system, RNN-based LSTM, BiLSTM and GRU algorithms are evaluated on CICInvesAndMal2019 data set which contains 8115 static features for malware detection. Experimental results show that the BiLSTM model outperforms other proposed RNN-based deep learning methods with an accuracy rate of 98.85 %.

Computer Science

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Nikola Milosevic,Junfan Huang

DOI: https://doi.org/10.48550/arXiv.1910.10660

2019-10-24

Abstract:In the past decade, the cyber-crime related to mobile devices has increased. Mobile devices, especially the ones running on Android operating system are particularly interesting to malware creators, as the users often keep the biggest amount of personal information on their mobile devices, such as their contacts, social media profiles, emails, and bank accounts. Both dynamic and static malware analysis is necessary to prevent and detect malware, as both techniques have their benefits and shortcomings. In this paper, we propose a deep learning technique that relies on LSTM and encoder-decoder neural network architectures for dynamic malware analysis based on CPU, memory and battery usage. The proposed system is able to detect and notify users about anomalies in system that is likely consequence of malware behaviour. The method was implemented as a part of OWASP Seraphimdroids anti-malware mechanism and notifies users about anomalies on their devices. The method proved to perform with an F1-score of 79.2%.

Cryptography and Security,Computers and Society,Machine Learning

Sanya Chaba,Rahul Kumar,Rohan Pant,Mayank Dave

DOI: https://doi.org/10.48550/arXiv.1709.08805

2017-09-26

Abstract:Static detection technologies based on signature-based approaches that are widely used in Android platform to detect malicious applications. It can accurately detect malware by extracting signatures from test data and then comparing the test data with the signature samples of virus and benign samples. However, this method is generally unable to detect unknown malware applications. This is because, sometimes, the machine code can be converted into assembly code, which can be easily read and understood by humans. Furthuremore, the attacker can then make sense of the assembly instructions and understand the functioning of the program from the same. Therefore we focus on observing the behaviour of the malicious software while it is actually running on a host system. The dynamic behaviours of an application are conducted by the system call sequences at the end. Hence, we observe the system call log of each application, use the same for the construction of our dataset, and finally use this dataset to classify an unknown application as malicious or benign.

Cryptography and Security

Shubham Shakya,Mayank Dave

DOI: https://doi.org/10.48550/arXiv.2208.06130

2022-08-12

Abstract:With the increasing popularity of Android in the last decade, Android is popular among users as well as attackers. The vast number of android users grabs the attention of attackers on android. Due to the continuous evolution of the variety and attacking techniques of android malware, our detection methods should need an update too. Most of the researcher's works are based on static features, and very few focus on dynamic features. In this paper, we are filling the literature gap by detecting android malware using System calls. We are running the malicious app in a monitored and controlled environment using an emulator to detect malware. Malicious behavior is activated with some simulated events during its runtime to activate its hostile behavior. Logs collected during the app's runtime are analyzed and fed to different machine learning models for Detection and Family classification of Malware. The result indicates that K-Nearest Neighbor and the Decision Tree gave the highest accuracy in malware detection and Family Classification respectively.

Cryptography and Security

Sandeep Sharma,Prachi Ahlawat,Kavita Khanna

DOI: https://doi.org/10.1002/spy2.347

2023-10-17

Security and Privacy

Abstract:Unprecedented growth and prevalent adoption of the Android Operating System (OS) have triggered a substantial transformation, not only within the smartphone industry but across various categories of intelligent devices. These intelligent devices store a wealth of sensitive data, making them enticing targets for malicious individuals who create harmful Android applications to steal this data for malicious purposes. While numerous Android malware detection methods have been proposed, the exponential growth in sophisticated and malicious Android apps presents an unprecedented challenge to existing detection techniques. Some of the researchers have attempted to classify malicious Android applications into families through static analysis of applications but most of them are evaluated on applications of previous API levels. This paper introduces a novel dataset compromising of 2019 to 2021 applications and proposes a Deep Learning based Malware Detection and Family Classification method (DeepMDFC) to detect and classify emerging malicious Android applications through static analysis and deep Artificial Neural Networks. Experimental findings indicate that DeepMDFC surpasses standard machine learning algorithms, achieving accuracy rates of 99.3% and 96.7% for Android malware detection and classification, respectively, with a limited size feature set. The performance of DeepMDFC is also assessed using the benchmark dataset (DREBIN) and results showed that DeepMDFC surpasses these methods in terms of performance. Furthermore, it leverages the proposed dataset to construct a prediction model that adeptly identifies malicious Android applications from both the years 2022 and 2023. This process the potency and resilience of DeepMDFC against emerging Android applications.

Abdelmonim Naway,Yuancheng LI

DOI: https://doi.org/10.48550/arXiv.1812.10360

2018-12-26

Cryptography and Security

Abstract:Android is the predominant mobile operating system for the past few years. The prevalence of devices that can be powered by Android magnetized not merely application developers but also malware developers with criminal intention to design and spread malicious applications that can affect the normal work of Android phones and tablets, steal personal information and credential data, or even worse lock the phone and ask for ransom. Researchers persistently devise countermeasures strategies to fight back malware. One of these strategies applied in the past five years is the use of deep learning methods in Android malware detection. This necessitates a review to inspect the accomplished work in order to know where the endeavors have been established, identify unresolved problems, and motivate future research directions. In this work, an extensive survey of static analysis, dynamic analysis, and hybrid analysis that utilized deep learning methods are reviewed with an elaborated discussion on their key concepts, contributions, and limitations.

Rajan Thangaveloo,Wong Wang Jing,Chiew Kang Leng,Johari Abdullah

DOI: https://doi.org/10.18517/ijaseit.10.2.10238

2020-03-28

Abstract:Android system has become a target for malware developers due to its huge market globally in recent years. The emergence of 5G in the market and limited protocols post a great challenge to the security in Android. Hence, various techniques have been taken by researchers to ensure high security in Android devices. There are three types of analysis namely static, dynamic and hybrid analysis used to detect and analyze the malicious application in Android. Due to evolving nature of the malware, it is very challenging for the existing techniques to detect and analyze it efficiently and accurately. This paper proposed a Dynamic Analysis Technique in Android Malware detection called DATDroid. The proposed technique consists of three phases, which includes feature extraction, feature selection and classification phases. A total of five features namely system call, errors and time of system call process, CPU usage, memory and network packets are extracted. During the classification 70% of the dataset was allocated for training phase and 30% for testing phase using machine learning algorithm. Our experimental results achieved an overall accuracy of 91.7% with lower false positive rates as compared to benchmarked method. DATDroid also achieved higher precision and recall rate of 93.1% and 90.0%, respectively. Hence our proposed technique has proven to be able to classify malware more accurately and reduce misclassification of malware application as benign significantly.

Dakshinamoorthy Karthikeyan,Arun Sivakumar,Chamundeswari Arumugam

DOI: https://doi.org/10.37394/23209.2022.19.27

2022-11-07

WSEAS TRANSACTIONS ON INFORMATION SCIENCE AND APPLICATIONS

Abstract:In recent years, mobile malware takes anywhere between several hours to several days to screen an app for malicious activity. More than 6000 apps are added to the Google Play Store everyday on average. Security analysts face an uphill battle against malware developers as the complexity of malware and code obfuscation techniques are constantly increasing. Currently, most research focuses on the development and application of machine learning techniques for malware detection. However, their success has been limited due to a lack of depth in the data sets available for training models. This paper uses a new method of Dynamic Analysis for Android apps to extract large amounts of information on the behavior of any app which can then be used for training models or to enable security analysts to take an informed decision quickly.

Mohammed K. Alzaylaee,Suleiman Y. Yerima,Sakir Sezer

DOI: https://doi.org/10.1016/j.cose.2019.101663

2019-11-23

Abstract:The Android operating system has been the most popular for smartphones and tablets since 2012. This popularity has led to a rapid raise of Android malware in recent years. The sophistication of Android malware obfuscation and detection avoidance methods have significantly improved, making many traditional malware detection methods obsolete. In this paper, we propose DL-Droid, a deep learning system to detect malicious Android applications through dynamic analysis using stateful input generation. Experiments performed with over 30,000 applications (benign and malware) on real devices are presented. Furthermore, experiments were also conducted to compare the detection performance and code coverage of the stateful input generation method with the commonly used stateless approach using the deep learning system. Our study reveals that DL-Droid can achieve up to 97.8% detection rate (with dynamic features only) and 99.6% detection rate (with dynamic + static features) respectively which outperforms traditional machine learning techniques. Furthermore, the results highlight the significance of enhanced input generation for dynamic analysis as DL-Droid with the state-based input generation is shown to outperform the existing state-of-the-art approaches.

Cryptography and Security,Machine Learning,Neural and Evolutionary Computing

Zhenlong Yuan,Yongqiang Lu,Zhaoguo Wang,Yibo Xue

DOI: https://doi.org/10.1145/2740070.2631434

IF: 1.937

2014-01-01

ACM SIGCOMM Computer Communication Review

Abstract:As smart:phones and mobile devices are rapidly becoming indispensable for many network users, mobile malware has become a serious threat in the network security and privacy. Especially on the popular Android platform, many malicious apps are hiding in a large number of normal apps, which makes the malware detection more challenging. In this paper, we propose a ML-based method that utilizes more than 200 features extracted from both static analysis and dynamic analysis of Android app for malv -are detection. The comparison of modeling results demonstrates that the deep learning technique is especially suitable for Android mahvare detection and can achieve a high level of 96% accuracy with real-world Android application sets.

Dongfang Li,Zhaoguo Wang,Yibo Xue

DOI: https://doi.org/10.1109/ICACCE.2018.8441737

2018-01-01

Abstract:The security issue of Android Smart Phones has been most concerned by the users these years. We propose a novel method to extract exhaustive features from Android applications and use the deep-learning-based method to detect malicious applications. Then we implement an automatic detection engine, DeepDetector, to detect malicious applications. Furthermore, the detection model can identify the fine-grained malware family at the same time. We conducted the evaluation and analysis with thousands of malicious applications and benign applications from a public dataset. The results show that DeepDetector can detect 97% of the malware at 0.1 % false positive rate (FPR) and achieves a 96% precision when showing the detailed malware families. Besides, the relationship between the detection performance and the architecture of the neural network is also discussed in our work.

Niall McLaughlin,Jesus Martinez del Rincon,BooJoong Kang,Suleiman Yerima,Paul Miller,Sakir Sezer,Yeganeh Safaei,Erik Trickel,Ziming Zhao,Adam Doupé,Gail Joon Ahn

DOI: https://doi.org/10.1145/3029806.3029823

2017-03-22

Abstract:In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

Zhenlong Yuan,Yongqiang Lu,Yibo Xue

DOI: https://doi.org/10.1109/tst.2016.7399288

2016-01-01

Tsinghua Science & Technology

Abstract:Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine (DroidDetector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test DroidDetector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. DroidDetector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.

Ya Pan,Xiuting Ge,Chunrong Fang,Yong Fan

DOI: https://doi.org/10.1109/ACCESS.2020.3002842

IF: 3.9

2020-01-01

IEEE Access

Abstract:Android malware has been in an increasing trend in recent years due to the pervasiveness of Android operating system. Android malware is installed and run on the smartphones without explicitly prompting the users or without the user's permission, and it poses great threats to users such as the leakage of personal information and advanced fraud. To address these threats, various techniques are proposed by researchers and practitioners. Static analysis is one of these techniques, which is widely applied to Android malware detection and can detect malware quickly and prohibit malware before installation. To provide a clarified overview of the latest work in Android malware detection using static analysis, we perform a systematic literature review by identifying 98 studies from January 2014 to March 2020. Based on the features of applications, we first divide static analysis in Android malware detection into four categories, which include Android characteristic-based method, opcode-based method, program graph-based method, and symbolic execution-based method. Then we assess the malware detection capability of static analysis, and we compare the performance of different models in Android malware detection by analyzing the results of empirical evidence. Finally, it is concluded that static analysis is effective to detect Android malware. Moreover, there is a preliminary result that neural network model outperforms the non-neural network model in Android malware detection. However, static analysis still faces many challenges. Thus, it is necessary to derive some novel techniques for improving Android malware detection based on the current research community. Moreover, it is essential to establish a unified platform that is used to evaluate the performance of a series of techniques in Android malware detection fairly.

Anuradha Dahiya,Sukhdip Singh,Gulshan Shrivastava

DOI: https://doi.org/10.1111/exsy.13488

IF: 3.3

2023-10-27

Expert Systems

Abstract:Android malware has been emerged as a significant threat, which includes exposure of confidential information, misrepresentation of facts and execution of applications without the knowledge of the users. Malware analysis plays an essential role in dealing with the unlawful behaviour of such malicious applications. Android malware analysis involves examining and understanding malware behaviour and its characteristics. It also includes potential adversarial impacts on Android devices. This paper presents a quick understanding and a holistic view of malware detection and analysis. The current investigation conducted a systematic literature review (SLR) to recognize the salient shifts in malware detection by examining a range of scholarly journals and conference papers. The SLR investigated 99 articles published between the years 2018 and 2023. The key observation of this SLR is that static analysis is the most implemented approach for detecting Android malware; Apktool and Androguard are the most frequently used tools. This study also conceded that deep learning and machine learning models have more potential to analyse the malicious behaviour of malware. Certain challenges are faced in Android malware analysis, that is, obfuscation techniques, dynamic code loading, and issues related to experimented datasets. Further, this study focuses on the following areas: the definition of the sample set, data optimisation and processing, feature extraction, machine learning application, and classifier validation. This investigation differs from previous analyses of Android malware detection by emphasizing additional methods based on machine learning.

computer science, artificial intelligence, theory & methods

Yao-Saint Yen,Hung-Min Sun

DOI: https://doi.org/10.20944/preprints201808.0034.v1

2018-01-01

Abstract:Using smartphone especially android platform has already got eighty percent market shares, due to aforementioned report, it becomes attacker’s primary goal. There is a growing number of private data onto smart phones and low safety defense measure, attackers can use multiple way to launch and to attack user’s smartphones.(e.g. Using different coding style to confuse the software of detecting malware). Existing android malware detection methods use multiple features, like safety sensor API, system call, control flow structure and data information flow, then using machine learning to check whether its malware or not. These feature provide app’s unique property and limitation, that is to say, from some perspectives it might suit for some specific attack, but wouldn’t suit for others. Nowadays most malware detection methods use only one aforementioned feature, and these methods mostly analysis to detect code, but facing the influence of malware’s code confusion and zero-day attack, aforementioned feature extraction method may cause wrong judge. So, it’s necessary to design an effective technique analysis to prevent malware. In this paper, we use the importance of word from apk, because of code confusion, some malware attackers only rename variables, if using general static analysis wouldn’t judge correctly, then use these importance value to go through our proposed method to generate picture, finally using convolutional neural network to see whether the apk file is malware or not.