Kaijun Liu,Shengwei Xu,Guoai Xu,Miao Zhang,Dawei Sun,Haifeng Liu

DOI: https://doi.org/10.1109/access.2020.3006143

IF: 3.9

2020-01-01

IEEE Access

Abstract:Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. We believe our work complements the previous reviews by surveying a wider range of aspects of the topic. This paper presents a comprehensive survey of Android malware detection approaches based on machine learning. We briefly introduce some background on Android applications, including the Android system architecture, security mechanisms, and classification of Android malware. Then, taking machine learning as the focus, we analyze and summarize the research status from key perspectives such as sample acquisition, data preprocessing, feature selection, machine learning models, algorithms, and the evaluation of detection effectiveness. Finally, we assess the future prospects for research into Android malware detection based on machine learning. This review will help academics gain a full picture of Android malware detection based on machine learning. It could then serve as a basis for subsequent researchers to start new work and help to guide research in the field more generally.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meghna Dhalaria,Ekta Gandotra

DOI: https://doi.org/10.2174/1872212114999200710143847

2021-03-09

Recent Patents on Engineering

Abstract:Objective: This paper provides the basics of Android malware, its evolution and tools and techniques for malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future research directions which could help researchers to come up with robust and accurate techniques for the classification of Android malware. Methods: This paper provides a review of the basics of Android malware, its evolution timeline and detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically for extracting features and finally classifying these using machine learning and deep learning algorithms. Results: The number of Android users is increasing at an exponential rate due to the popularity of Android devices. As a result, there are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome the constraints of earlier approaches for malware detection. As the evolving malware is complex and sophisticated, earlier approaches like signature-based and machine learning-based approaches are not able to identify it timely and accurately. The findings from the review show various limitations of earlier techniques, i.e. requirement of more detection time, high false-positive and false-negative rates, low accuracy in detecting sophisticated malware and less flexibility. Conclusion: This paper provides a systematic and comprehensive review on the tools and techniques being employed for analysis, classification and identification of Android malicious applications. It includes the timeline of Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of extracting features and finally using these features for their detection and classification using machine learning and deep learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides future research directions and insights that could help researchers to come up with innovative and robust techniques for detecting and classifying Android malware.

Yajin Zhou,Xuxian Jiang

DOI: https://doi.org/10.1109/sp.2012.16

2012-01-01

Abstract:The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Anuradha Dahiya,Sukhdip Singh,Gulshan Shrivastava

DOI: https://doi.org/10.1111/exsy.13488

IF: 3.3

2023-10-27

Expert Systems

Abstract:Android malware has been emerged as a significant threat, which includes exposure of confidential information, misrepresentation of facts and execution of applications without the knowledge of the users. Malware analysis plays an essential role in dealing with the unlawful behaviour of such malicious applications. Android malware analysis involves examining and understanding malware behaviour and its characteristics. It also includes potential adversarial impacts on Android devices. This paper presents a quick understanding and a holistic view of malware detection and analysis. The current investigation conducted a systematic literature review (SLR) to recognize the salient shifts in malware detection by examining a range of scholarly journals and conference papers. The SLR investigated 99 articles published between the years 2018 and 2023. The key observation of this SLR is that static analysis is the most implemented approach for detecting Android malware; Apktool and Androguard are the most frequently used tools. This study also conceded that deep learning and machine learning models have more potential to analyse the malicious behaviour of malware. Certain challenges are faced in Android malware analysis, that is, obfuscation techniques, dynamic code loading, and issues related to experimented datasets. Further, this study focuses on the following areas: the definition of the sample set, data optimisation and processing, feature extraction, machine learning application, and classifier validation. This investigation differs from previous analyses of Android malware detection by emphasizing additional methods based on machine learning.

computer science, artificial intelligence, theory & methods

Abdelmonim Naway,Yuancheng LI

DOI: https://doi.org/10.48550/arXiv.1812.10360

2018-12-26

Cryptography and Security

Abstract:Android is the predominant mobile operating system for the past few years. The prevalence of devices that can be powered by Android magnetized not merely application developers but also malware developers with criminal intention to design and spread malicious applications that can affect the normal work of Android phones and tablets, steal personal information and credential data, or even worse lock the phone and ask for ransom. Researchers persistently devise countermeasures strategies to fight back malware. One of these strategies applied in the past five years is the use of deep learning methods in Android malware detection. This necessitates a review to inspect the accomplished work in order to know where the endeavors have been established, identify unresolved problems, and motivate future research directions. In this work, an extensive survey of static analysis, dynamic analysis, and hybrid analysis that utilized deep learning methods are reviewed with an elaborated discussion on their key concepts, contributions, and limitations.

Md Naseef-Ur-Rahman Chowdhury,Ahshanul Haque,Hamdy Soliman,Mohammad Sahinur Hossen,Tanjim Fatima,Imtiaz Ahmed

2023-03-15

Abstract:Malware for Android is becoming increasingly dangerous to the safety of mobile devices and the data they hold. Although machine learning(ML) techniques have been shown to be effective at detecting malware for Android, a comprehensive analysis of the methods used is required. We review the current state of Android malware detection us ing machine learning in this paper. We begin by providing an overview of Android malware and the security issues it causes. Then, we look at the various supervised, unsupervised, and deep learning machine learning approaches that have been utilized for Android malware detection. Addi tionally, we present a comparison of the performance of various Android malware detection methods and talk about the performance evaluation metrics that are utilized to evaluate their efficacy. Finally, we draw atten tion to the drawbacks and difficulties of the methods that are currently in use and suggest possible future directions for research in this area. In addition to providing insights into the current state of Android malware detection using machine learning, our review provides a comprehensive overview of the subject.

Cryptography and Security,Artificial Intelligence

Saket Acharya,Umashankar Rawat,Roheet Bhatnagar

DOI: https://doi.org/10.1155/2022/7775917

IF: 1.968

2022-06-30

Security and Communication Networks

Abstract:The popularity and open-source nature of Android devices have resulted in a dramatic growth of Android malware. Malware developers are also able to evade the detection methods, reducing the efficiency of malware detection techniques. It is hence desirable that security researchers and experts come up with novel and more efficient methods to analyze existing and zero-day Android malware. Most of the researchers have focused on Android system security. However, to examine Android security, with a specific focus on malware development, investigation of malware prevention techniques and already known malware detection techniques needs a broad inclusion. To overcome the research gaps, this paper provides a broad review of current Android security concerns, security implementation enhancements, significant malware detected during 2017–2021, and stealth procedures used by the malware developers along with the current Android malware detection techniques. A comparative analysis is presented between this article and similar recent survey articles to fill the existing research gaps. In the end, a three-phase model is proposed to efficiently identify and characterize Android malware. In the first phase, a lightweight deep transfer learning approach is used to classify Android applications into benign and malicious. In the second phase, the malicious applications are executed in a virtual emulator to reduce the number of false positives. Finally, the malicious applications having the same characteristic ratio are grouped into their corresponding families using the topic modelling approach. The proposed model can efficiently detect, characterize, and provide a familial classification of Android malware with a good accuracy rate.

computer science, information systems,telecommunications

Rajesh Kumar,Zhang Xiaosong,Riaz Ullah Khan,Jay Kumar,Ijaz Ahad

DOI: https://doi.org/10.1145/3194452.3194465

2018-01-01

Abstract:The across the board reception of android devices and their ability to get to critical private and secret data have brought about these devices being focused by malware engineers. Existing android malware analysis techniques categorized into static and dynamic analysis. In this paper, we introduce two machine learning supported methodologies for static analysis of android malware. The First approach based on statically analysis, content is found through probability statistics which reduces the uncertainty of information. Feature extraction were proposed based on the analysis of existing dataset. Our both approaches were used to high-dimension data into low-dimensional data so as to reduce the dimension and the uncertainty of the extracted features. In training phase the complexity was reduced 16.7% of the original time and detect the unknown malware families were improved.

Suhaib Jasim Hamdi,Naaman Omar,Adel AL-zebari,Karwan Jameel Merceedi,Abdulraheem Jamil Ahmed,Nareen O. M. Salim,Sheren Sadiq Hasan,Shakir Fattah Kak,Ibrahim Mahmood Ibrahim,Hajar Maseeh Yasin,Azar Abid Salih

DOI: https://doi.org/10.9734/ajrcos/2021/v11i330266

2021-09-07

Asian Journal of Research in Computer Science

Abstract:Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. Android is now the world's most popular OS. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices, they are incorporated in many aspects of our everyday lives. In today’s digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. Android OS, which is the most prevalent operating system (OS), has enjoyed immense popularity for smart phones over the past few years. Seizing this opportunity, cybercrime will occur in the form of piracy and malware. Traditional detection does not suffice to combat newly created advanced malware. So, there is a need for smart malware detection systems to reduce malicious activities risk. The present paper includes a thorough comparison that summarizes and analyses the various detection techniques.

Juliza Mohamad Arif,Mohd Faizal Ab Razak,Suryanti Awang,Sharfah Ratibah Tuan Mat,Nor Syahidatul Nadiah Ismail,Ahmad Firdaus

DOI: https://doi.org/10.1109/icsecs52883.2021.00112

2021-08-01

Abstract:Android malware has become more widespread in recent years due to the growing popularity of Android mobile. Android malware is installed without the user’s consent on a mobile device and exhibits significant risks to users, including personal information disclosure and fraud. Furthermore, some malware may be hidden inside the mobile device using various obfuscation techniques and cause harm. To mitigate these risks, the researcher recommended a variety of detection techniques. Unfortunately, it remains challenging as Android malware continues to increase. Signature-based detection is currently used to detect malware, but unknown malware and the newest malware are not recognised in this approach. This demonstrates that developing an effective malware detection method is crucial, with an enormous gap in recent studies and methods. This study aims to present researchers with a review of Android malware detection methods and empirical findings, focusing on static analysis. The research discussed the trends of Android malware, Android vulnerabilities, static analysis approaches, and a summary of recent studies in static analysis. Additionally, future research guidelines in the static analysis are suggested to optimise the functionality of Android malware detection.

Li Meijin,Fang Zhiyang,Wang Junfeng,Cheng Luyu,Zeng Qi,Yang Tao,Wu Yinwei,Geng Jiaxuan

DOI: https://doi.org/10.1080/08839514.2021.2007327

IF: 2.777

2021-12-14

Applied Artificial Intelligence

Abstract:Due to the completely open-source nature of Android, the exploitable vulnerability of malware attacks is increasing. To stay ahead of other similar review work attempting to deal with the serious security problem of the Android environment, this work not only summarizes the approaches in the malware classification phase but also lays emphasis on the Android feature selection algorithm and presents some areas neglected in previous works in the field of Android malware detection, like limitations and commonly applied datasets in machine learning-based models. In this paper, the Android OS environment, feature selection, classification models, and confronted challenges of machine learning detection are described in detail. Based on the brief introduction to Android background knowledge, feature selection methods are elaborated from key perspectives as feature extraction, raw data preprocessing, valid feature subsets selection, and machine learning-based selection models. For the algorithms of the malware classification, machine learning methods are categorized according to different standards to present an all-around view. Furthermore, this paper focuses on the study of deterioration problems and evasion attacks in machine learning detectors.

computer science, artificial intelligence,engineering, electrical & electronic

Jiahao Liu,Jun Zeng,Fabio Pierazzi,Lorenzo Cavallaro,Zhenkai Liang

2024-02-05

Abstract:Android malware detection serves as the front line against malicious apps. With the rapid advancement of machine learning (ML), ML-based Android malware detection has attracted increasing attention due to its capability of automatically capturing malicious patterns from Android APKs. These learning-driven methods have reported promising results in detecting malware. However, the absence of an in-depth analysis of current research progress makes it difficult to gain a holistic picture of the state of the art in this area.

Cryptography and Security,Machine Learning

Nazmul Islam,Seokjoo Shin

2023-07-04

Abstract:Differentiating malware is important to determine their behaviors and level of threat; as well as to devise defensive strategy against them. In response, various anti-malware systems have been developed to distinguish between different malwares. However, most of the recent malware families are Artificial Intelligence (AI) enable and can deceive traditional anti-malware systems using different obfuscation techniques. Therefore, only AI-enabled anti-malware system is robust against these techniques and can detect different features in the malware files that aid in malicious activities. In this study we review two AI-enabled techniques for detecting malware in Windows and Android operating system, respectively. Both the techniques achieved perfect accuracy in detecting various malware families.

Machine Learning,Cryptography and Security

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Ya Pan,Xiuting Ge,Chunrong Fang,Fan Yi

DOI: https://doi.org/10.1109/access.2020.3002842

IF: 3.9

2020-01-01

IEEE Access

Abstract:Android malware has been in an increasing trend in recent years due to the pervasiveness of Android operating system. Android malware is installed and run on the smartphones without explicitly prompting the users or without the user’s permission, and it poses great threats to users such as the leakage of personal information and advanced fraud. To address these threats, various techniques are proposed by researchers and practitioners. Static analysis is one of these techniques, which is widely applied to Android malware detection and can detect malware quickly and prohibit malware before installation. To provide a clarified overview of the latest work in Android malware detection using static analysis, we perform a systematic literature review by identifying 98 studies from January 2014 to March 2020. Based on the features of applications, we first divide static analysis in Android malware detection into four categories, which include Android characteristic-based method, opcode-based method, program graph-based method, and symbolic execution-based method. Then we assess the malware detection capability of static analysis, and we compare the performance of different models in Android malware detection by analyzing the results of empirical evidence. Finally, it is concluded that static analysis is effective to detect Android malware. Moreover, there is a preliminary result that neural network model outperforms the non-neural network model in Android malware detection. However, static analysis still faces many challenges. Thus, it is necessary to derive some novel techniques for improving Android malware detection based on the current research community. Moreover, it is essential to establish a unified platform that is used to evaluate the performance of a series of techniques in Android malware detection fairly.

FAN Ming,LIU Ting,LIU Jun,LUO Xiapu,YU Le,GUAN Xiaohong,Le YU,Xiaohong GUAN,Ming FAN,Xiapu LUO,Ting LIU,Jun LIU

DOI: https://doi.org/10.1360/ssi-2019-0149

2020-07-31

Scientia Sinica Informationis

Abstract:Android has become the most popular mobile operating system in the past ten years due to its three main advantages, namely, the openness of source code, richness of hardware selection, and millions of applications (apps). It is of no surprise that Android has become the major target of malware. The rapid increase in the number of Android malware poses big threats to smart phone users such as financial charges, information collection, and remote control. Thus, the in-depth study of the security issues of mobile apps is of great importance to the sound development of the smart phone ecosystem. We first introduce the existing problems and challenges of malware analysis, and then summarize the widely-used benchmark datasets. After that, we divide the existing malware analysis methods into three categories, including signature-based methods, machine learning-based methods, and behavior-based methods. We further summarize the techniques used in each method, and compare and analyze the advantages and disadvantages of different techniques. Finally, combined with our own research foundation in malware analysis, we explore and discuss future research directions and challenges.

Mawj Faez mahdi,Sarah Saadoon Jasim

DOI: https://doi.org/10.29304/jqcsm.2024.16.11439

2024-03-30

Journal of Al-Qadisiyah for Computer Science and Mathematics

Abstract:Malware attacks on mobile devices are becoming more common and more complicated every year. Malware writers see the open-source Android app as their main target because so many people use it. Artificial intelligence is used by most of the literature's mobile malware detection methods to find ransomware. Our research, on the other hand, makes it clear that most of the earlier studies used different metrics and models, as well as different datasets and classification features that came from static, dynamic, or hybrid analysis strategies. This makes comparing the different suggested detection methods more difficult and may also make the results less certain. The goal of this work is to solve the problem of AI-powered malware detection by sorting current methods and approaches into three groups: the type of dataset, the type of detection method used (machine learning models, deep learning models, and Behavioral Analysis model), and how well the method works. In this way, we suggest a convergent plan that can be used as a basis for future methods of finding malware on Android and as a solid standard for artificial intelligence work in this area.

Joshua Abah,Waziri O.V,Abdullahi M.B,Arthur U.M,Adewale O.S

DOI: https://doi.org/10.5121/ijnsa.2015.7602

2015-12-14

Abstract:The emergence of mobile platforms with increased storage and computing capabilities and the pervasive use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of 6.25% and low false positive rate with ability of detecting real Android malware.

Cryptography and Security

Yash Sharma,Anshul Arora,Sharma, Yash,Arora, Anshul

DOI: https://doi.org/10.1007/s10207-024-00822-2

2024-03-05

International Journal of Information Security

Abstract:The first Android-ready "G1" phone debuted in late October 2008. Since then, the growth of Android malware has been explosive, analogous to the rise in the popularity of Android. The major positive aspect of Android is its open-source nature, which empowers app developers to expand their work. However, authors with malicious intentions pose grave threats to users. In the presence of such threats, Android malware detection is the need of an hour. Consequently, researchers have proposed various techniques involving static, dynamic, and hybrid analysis to address such threats to numerous features in the last decade. However, the feature that most researchers have extensively used to perform malware analysis and detection in Android security is Android permission. Hence, to provide a clarified overview of the latest and past work done in Android malware analysis and detection, we perform a comprehensive literature review using permissions as a central feature or in combination with other components by collecting and analyzing 205 studies from 2009 to 2023. We extracted information such as the choice opted by researchers between analysis or detection, techniques used to select or rank the permissions feature set, features used along with permissions, detection models employed, malware datasets used by researchers, and limitations and challenges in the field of Android malware detection to propose some future research directions. In addition, on the basis of the information extracted, we answer the six research questions designed considering the above factors.

computer science, information systems, theory & methods, software engineering