A static analysis approach for Android permission-based malware detection systems

Arif, Juliza Mohamad; Razak, Mohd Faizal Ab; Awang, Suryanti; Mat, Sharfah Ratibah Tuan; Ismail, Nor Syahidatul Nadiah; Firdaus, Ahmad

doi:10.1371/journal.pone.0257968

Cited by 15 publications

(3 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gambar 8 -Gambar 12 adalah plot grafis kurva ROC masingmasing algoritma klasifikasi. Pada Gambar 8 -Gambar 12 dapat dilihat bahwa algoritma Random Forest (RF) dan K-Nearest Neighbor (KNN) memiliki performa yang sangat baik karena kurva ROC yang dihasilkan mendekati titik [0,1]. Kedua algoritma ini juga memiliki nilai AUC yang tertinggi, yaitu sebesar 0,97.…”

Section: Pemilihan Dan Performa Modelunclassified

Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes

Zakariya,

Ramli

2023

JTIIK

View full text Add to dashboard Cite

Aplikasi berbasis Android banyak dikembangkan dan tersedia secara bebas di berbagai sumber aplikasi karena sistem operasi Android yang bersifat open-source. Namun, tidak semua penyedia aplikasi memberikan informasi detail mengenai aspek keamanan aplikasi, sehingga pengguna mengalami kesulitan untuk menilai dan memahami risiko keamanan privasi yang mereka hadapi. Pada penelitian ini kami mengusulkan desain penilaian risiko privasi melalui pendekatan analisis permission dan informasi atribut aplikasi. Kami menggunakan ensemble learning untuk mengatasi kelemahan dari penggunaan model klasifikasi tunggal. Penilaian likelihood dilakukan dengan mengombinasikan prediksi ensemble learning dan informasi multiple application attributes, sementara penilaian severity dilakukan dengan memanfaatkan jumlah dan karakteristik permission. Sebuah matriks risiko dibentuk untuk menghitung nilai risiko privasi aplikasi dan dataset CIC-AndMal2017 digunakan untuk mengevaluasi model ensemble learning dan desain penilaian risiko privasi. Hasil percobaan menunjukkan bahwa penerapan ensemble learning dengan algoritma klasifikasi Decision Tree (DT), K-Nearest Neighbor (KNN), dan Random Forest (RF) memiliki performa model yang lebih baik dibandingkan dengan menggunakan algoritma klasifikasi tunggal, dengan accuracy sebesar 95.2%, nilai precision 93.2%, nilai F1-score 92.4%, dan True Negative Rate (TNR) sebesar 97.6%. Serta, desain penilaian risiko mampu menilai aplikasi secara efektif dan objektif. AbstractSince the Android operating system is open-source, many Android-based applications are developed and freely available in app stores. However, not all developers of applications supply detailed information about the app's security aspects, making it difficult for users to assess and understand the risk of privacy breaches they confront. We propose a privacy risk assessment design in this study using an analytical approach to app permissions and attribute information. We use ensemble learning to overcome the drawbacks of using a single classification model. The likelihood assessment is performed by combining ensemble learning predictions and information on multiple application attributes, while the severity assessment is performed by utilizing the number and characteristics of permissions. A risk matrix was created to calculate the value of application privacy risk, and the CIC-AndMal2017 dataset was used to evaluate the ensemble learning model and privacy risk assessment designs. The experimental results show that the application of ensemble learning with the Decision Tree (DT), K-Nearest Neighbor (KNN), and Random Forest (RF) classification algorithms provides better model performance compared to using a single classification algorithm, with an accuracy of 95.2%, a precision value of 93.2%, a F1-score of 92.4%, and a True Negative Rate (TNR) of 97.6%. In addition, the risk assessment design can to assess the application effectively and objectively.

show abstract

Section: Pemilihan Dan Performa Modelunclassified

Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes

Zakariya,

Ramli

2023

JTIIK

View full text Add to dashboard Cite

show abstract

“…Alzubi et al [ 29 ] utilized the Harris Hawks Optimization (HHO) algorithm to optimize the hyperparameters of support vector machines to identify malware. Arif JM et al [ 30 ] proposed a permission-based machine learning detection method that utilizes five machine learning classifiers with particle swarm optimization to detect malware. SigPid [ 31 ] is a static malware detection system used to manage rapid growth in Android malware; it performs multiple data pruning techniques on the permission information to identify significant permissions that can be effective in distinguishing whether an app is malicious.…”

Section: Related Workmentioning

confidence: 99%

Android malware detection method based on highly distinguishable static features and DenseNet

Jun

Zhang

et al. 2022

PLoS ONE

View full text Add to dashboard Cite

The rapid growth of malware has become a serious problem that threatens the security of the mobile ecosystem and needs to be studied and resolved. Android is the main target of attackers due to its open source and popularity. To solve this serious problem, an accurate and efficient malware detection method is needed. Most existing methods use a single type of feature, which can be easily bypassed, resulting in low detection accuracy. In addition, although multiple types of features are used in some methods to solve the drawbacks of detection methods using a single type of feature, there are still some problems. Firstly, due to multiple types of features, the number of features in the initial feature set is extremely large, and some methods directly use them for training, resulting in excessive overhead. Furthermore, some methods utilize feature selection to reduce the dimensionality of features, but they do not select highly distinguishable features, resulting in poor detection performance. In this article, an effective and accurate method for identifying Android malware, which is based on an analysis of the use of seven types of static features in Android is proposed to cope with the rapid increase in the amount of Android malware and overcome the drawbacks of detection methods using a single type of feature. Instead of utilizing all extracted features, we design three levels of feature selection methods to obtain highly distinguishable features that can be effective in identifying malware. Then a fully densely connected convolutional network based on DenseNet is adopted to leverage features more efficiently and effectively for malware detection. Compared with the number of features in the original feature set, the number of features in the feature set obtained by the three levels of feature selection methods is reduced by about 97%, but the accuracy is only reduced by 0.45%, and the accuracy is more than 99% in a variety of machine learning methods. Moreover, we compare our detection method with different machine learning models, and the experimental results show that our method outperforms general machine learning models. We also compare the performance of our detection method with two state-of-the-art neural networks. The experimental results show that our detection model can greatly reduce the training cost and still achieve good detection performance, reaching an accuracy of 99.72%. In addition, we compare our detection method with other similar detection methods that also use multiple types of features. The results show that our detection method is superior to the comparison methods.

show abstract

“…Researchers leverage techniques such as code analysis, permission mapping, and behavior modeling to uncover malicious patterns within Android applications. However, these detection methods usually use only one or a few static features, such as permission [6][7][8], frequency of API (i.e., Application Programming Interface) [9,10], and opcode sequence [11,12]. They are not designed to detect malware Appl.…”

Section: Introductionmentioning

confidence: 99%

HertDroid: Android Malware Detection Method with Influential Node Filter and Heterogeneous Graph Transformer

Meng,

2024

Applied Sciences

View full text Add to dashboard Cite

The explosive growth of malware targeting Android devices has resulted in the demand for the acquisition and integration of comprehensive information to enable effective, robust, and user-friendly malware detection. In response to this challenge, this paper introduces HertDroid, an innovative Android malware detection method that leverages the hidden contextual information within application entities. Specifically, we formulate a heterogeneous graph encapsulating rich semantics of entities and their interactions to model the behavior of Android applications. To alleviate computational burdens, a filter is implemented to identify nodes containing crucial information. The Transformer architecture is then deployed for efficient information aggregation across diverse entities. In our experiments, HertDroid demonstrates superior performance by achieving the highest F1 scores when compared to baseline methods on a dataset comprising 10,361 benign and 11,043 malicious apps. Notably, HertDroid excels in maintaining a lightweight profile, and its performance is achieved without the necessity of manual meta-path configuration.

show abstract

A static analysis approach for Android permission-based malware detection systems

Cited by 15 publications

References 43 publications

Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes

Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes

Android malware detection method based on highly distinguishable static features and DenseNet

HertDroid: Android Malware Detection Method with Influential Node Filter and Heterogeneous Graph Transformer

Contact Info

Product

Resources

About