This article proposed RAPSAMS, extending affinity propagation (AP) clustering to be robust in malware steaming. We use AP, which has been suggested as an approach for clustering a set of samples that by passing messages in different clusters, represents malware stream clustering. Then, by generating and adding adversarial examples, a method has been proposed to attack this clustering algorithm and try to make a robust algorithm against the proposed attack. Malware clustering has become an active research area in mobile security, in which the knowledge is being exploited in large quantities of the generated malware stream. Different procedures have been used that apply clustering to the malware's static features. This article focuses on selecting the most appropriate examples as centers for Android malware clusters and tries to add some perturbation to fool the clustering algorithm. There are two important challenges in this regard: (i) How to find the best representations for clustering.(ii) How to manage extracted patterns that include important data flow characteristics with different distributions. Malware stream clustering poses many challenges to solve this problem, including dealing with malware that is imported online, being able to process malware quickly and incrementally, dealing appropriately with time constraints, and the way that can manage important features patterns of malware stream.To examine the adaptability of the proposed methods of defense and attack, analyses were performed. The proposed approaches are tested on a couple of malware Android dataset benchmarks, namely, Contagio, Genome, and Drebin. We use permission, API, and intent features of these datasets. The obtained results from false positive rate (FPR) recognize that the amounts of the known algorithm for clustering, AP, increases to more than 50% afterward an offense occurs in a number of instances (like: Genome dataset in permission and intent features). Furthermore, by applying the label flipping attack (LFA) the accuracy measures decrease lower than 85% in all instances. Also, the proposed defense method decreased the FPR value by less than 30%, and the accuracy increased by more than 91%, in all cases. Consequently, the AP clustering will be robust against LFAs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.