A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding

Zhang, Jixin; Qin, Zheng; Yin, Hui; Ou, Lu; Zhang, Kehuan

doi:10.1016/j.cose.2019.04.005

Cited by 87 publications

(53 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ming et al [2] proposed a malware classification method that extracts API calls to construct API call subgraphs and classifies the family of malware based on the features of the API call subgraphs. Zhang et al [3] proposed a featurehybrid malware detection method to integrate op-codes and API calls by merging the hidden layers of the CNN and the back-propagation neural networks. Cesare et al [4] proposed to extract the control flow graphs of executables and search the similarities between the unknown software and the malware by edit string distance.…”

Section: Related Work 21 Static Analysis-based Detection Methodsmentioning

confidence: 99%

Packed malware variants detection using deep belief networks

et al. 2020

View full text Add to dashboard Cite

Malware is one of the most serious network security threats. To detect unknown variants of malware, many researches have proposed various methods of malware detection based on machine learning in recent years. However, modern malware is often protected by software packers, obfuscation, and other technologies, which bring challenges to malware analysis and detection. In this paper, we propose a system call based malware detection technology. By comparing malware and benign software in a sandbox environment, a sensitive system call context is extracted based on information gain, which reduces obfuscation caused by a normal system call. By using the deep belief network, we train a malware detection model with sensitive system call context to improve the detection accuracy.

show abstract

Section: Related Work 21 Static Analysis-based Detection Methodsmentioning

confidence: 99%

Packed malware variants detection using deep belief networks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Therefore, it is also an effective method to detect the maliciousness of the application by studying the application's API calls. Zhang et al [28] represented opcodes with a bi-gram model and represented API calls with a frequency vector. Then, they used principal component analysis to optimize the representations and to improve the convergence speed.…”

Section: ) Other Featuresmentioning

confidence: 99%

FAMD: A Fast Multifeature Android Malware Detection Framework, Design, and Implementation

Bai

Xie

et al. 2020

IEEE Access

View full text Add to dashboard Cite

With Android's dominant position within the current ssmartphone OS, increasing number of malware applications pose a great threat to user privacy and security. Classification algorithms that use a single feature usually have weak detection performance. Although the use of multiple features can improve the detection effect, increasing the number of features increases the requirements of the operating environment and consumes more time. We propose a fast Android malware detection framework based on the combination of multiple features: FAMD (Fast Android Malware Detector). First, we extracted permissions and Dalvik opcode sequences from samples to construct the original feature set. Second, the Dalvik opcodes are preprocessed with the N-Gram technique, and the FCBF (Fast Correlation-Based Filter) algorithm based on symmetrical uncertainty is employed to reduce feature dimensionality. Finally, the dimensionality-reduced features are input into the CatBoost classifier for malware detection and family classification. The dataset DS-1, which we collected, and the baseline dataset Drebin were used in the experiment. The results show that the combined features can effectively improve the detection accuracy of malware that can reach 97.40% on Drebin dataset, and the malware family classification accuracy can achieve 97.38%. Compared with other state-of-the-art works, our framework achieves higher accuracy and lower time consumption.

show abstract

“…Author in [19] focused on different features to differentiate between Android applications and proposed a malware detection model. Op-code and API calls are choosing as desire features for analysing.…”

Section: Hybrid Analysismentioning

confidence: 99%

Permission Extraction Framework for Android Malware Detection

Ghasempour¹,

Fazlida²,

John³

2020

IJACSA

View full text Add to dashboard Cite

Nowadays, Android-based devices are more utilized than other Operating Systems based devices. Statistics show that the market share for android on mobile devices in March 2018 is 84.8 percent as compared with only 15.1 percent iOS. These numbers indicate that most of the attacks are subjected to Android devices. In addition, most people are keeping their confidential information on their mobile phones, and hence there is a need to secure this operating system against harmful attacks. Detecting malicious applications in the Android market is becoming a very complex procedure. This is because as the attacks are increasing, the complexity of feature selection and classification techniques are growing. There are a lot of solutions on how to detect malicious applications on the Android platform but these solutions are inefficient to handle the features extraction and classification due to many false alarms. In this work, the researchers proposed a multi-level permission extraction framework for malware detection in an Android device. The framework uses a permission extraction approach to label malicious applications by analyzing permissions and it is capable of handling a large number of applications while keeping the performance metrics optimized. A static analysis method was employed in this work. Support Vector Machine (SVM) and Decision Tree Algorithm was used for the classification. The results show that while increasing input data, the model tries to keep detection accuracy at an acceptable level.

show abstract

A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding

Cited by 87 publications

References 14 publications

Packed malware variants detection using deep belief networks

Packed malware variants detection using deep belief networks

FAMD: A Fast Multifeature Android Malware Detection Framework, Design, and Implementation

Permission Extraction Framework for Android Malware Detection

Contact Info

Product

Resources

About