A study of android malware detection technology evolution

Hsieh, Wan-Chen; Wu, Chieh-Shan; Kao, Yung-Wei

doi:10.1109/ccst.2015.7389671

Cited by 8 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various static techniques exist, such as signature-based analysis, permission-based analysis, or component-based analysis. Regarding our proposal, component-based techniques are of particular interest, involving decompiling the entire app to inspect bytecode and significant components to identify pos-sible vulnerabilities [42,43]. Although these techniques often yield good results, the main challenge is the lack of real execution paths and suitable execution conditions.…”

Section: Related Workmentioning

confidence: 99%

Deep Learning-Based Attack Detection and Classification in Android Devices

Gómez,

Muñoz

2023

Electronics

View full text Add to dashboard Cite

The increasing proliferation of Androidbased devices, which currently dominate the market with a staggering 72% global market share, has made them a prime target for attackers. Consequently, the detection of Android malware has emerged as a critical research area. Both academia and industry have explored various approaches to develop robust and efficient solutions for Android malware detection and classification, yet it remains an ongoing challenge. In this study, we present a supervised learning technique that demonstrates promising results in Android malware detection. The key to our approach lies in the creation of a comprehensive labeled dataset, comprising over 18,000 samples classified into five distinct categories: Adware, Banking, SMS, Riskware, and Benign applications. The effectiveness of our proposed model is validated using well-established datasets such as CICMalDroid2020, CICMalDroid2017, and CICAndMal2017. Comparing our results with state-of-the-art techniques in terms of precision, recall, efficiency, and other relevant factors, our approach outperforms other semi-supervised methods in specific parameters. However, we acknowledge that our model does not exhibit significant deviations when compared to alternative approaches concerning certain aspects. Overall, our research contributes to the ongoing efforts in the development of advanced techniques for Android malware detection and classification. We believe that our findings will inspire further investigations, leading to enhanced security measures and protection for Android devices in the face of evolving threats.

show abstract

Section: Related Workmentioning

confidence: 99%

Deep Learning-Based Attack Detection and Classification in Android Devices

Gómez,

Muñoz

2023

Electronics

View full text Add to dashboard Cite

show abstract

“…In the following trigger of “init()” event of the main application, the malicious payload is invoked using the “DexClassLoader” class. Due to the unavailability of the dynamically loaded code during Android malware static analysis, the DCL and DCM evasion technique is another transformation technique that is a big challenge for static analysis ( Hsieh, Wu & Kao, 2016 ; Li et al, 2016 ). Although some researchers ( Poeplau et al, 2014 ; Zhang, Luo & Yin, 2015 ; Zhauniarovich et al, 2015 ) studied how DCL evades malware detection, it is still an open issue that needs more attention.…”

Section: Evasion Techniquesmentioning

confidence: 99%

The rise of obfuscated Android malware and impacts on detection methods

Elsersy¹,

Feizollah²,

Anuar³

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The various application markets are facing an exponential growth of Android malware. Every day, thousands of new Android malware applications emerge. Android malware hackers adopt reverse engineering and repackage benign applications with their malicious code. Therefore, Android applications developers tend to use state-of-the-art obfuscation techniques to mitigate the risk of application plagiarism. The malware authors adopt the obfuscation and transformation techniques to defeat the anti-malware detections, which this paper refers to as evasions. Malware authors use obfuscation techniques to generate new malware variants from the same malicious code. The concern of encountering difficulties in malware reverse engineering motivates researchers to secure the source code of benign Android applications using evasion techniques. This study reviews the state-of-the-art evasion tools and techniques. The study criticizes the existing research gap of detection in the latest Android malware detection frameworks and challenges the classification performance against various evasion techniques. The study concludes the research gaps in evaluating the current Android malware detection framework robustness against state-of-the-art evasion techniques. The study concludes the recent Android malware detection-related issues and lessons learned which require researchers’ attention in the future.

show abstract

“…In incident response, the time between initial identification and containment is critical to reducing damage particularly when sensitive or high-risk data is involved [1]. This is particularly true with modern malware moving to mobile devices and evolving to include theft of messages, position data, and banking credentials, all with real-time attacker command and control [2].…”

Section: Introductionmentioning

confidence: 99%

Host Inventory Controls and Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education Networks

Kobezak¹,

Marchany²,

Raymond³

et al. 2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Within the field of information security, the identification of what we are trying to secure is essential to reducing risk. In private networks, this means understanding the classification of host end-points, identifying responsible users, and knowing the location of hosts. For the context of this paper, the authors are considering the challenges faced by higher education institutions in implementing the first Center for Internet Security (CIS) Critical Security Control: inventory of authorized and unauthorized devices. The authors developed and conducted a survey of chief information security officers at these institutions. The survey evaluated their confidence in meeting the goals of host inventory tracking. The results of the survey, along with analysis of the implications for information security operations, are presented in this paper. Changes in technology, such as BYOD, IoT, wireless, virtual machines, and application containers, are contributing to changes in the effectiveness of host inventory controls.

show abstract

A study of android malware detection technology evolution

Cited by 8 publications

References 11 publications

Deep Learning-Based Attack Detection and Classification in Android Devices

Deep Learning-Based Attack Detection and Classification in Android Devices

The rise of obfuscated Android malware and impacts on detection methods

Host Inventory Controls and Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education Networks

Contact Info

Product

Resources

About