Android malware category detection using a novel feature vector-based machine learning model

Manzil, Hashida Haidros Rahima; Naik, Sowmya

doi:10.1186/s42400-023-00139-y

Cited by 24 publications

(7 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tong et al [27] suggested a signature based mechanism to detect Android malware apps by comparing with normal and malicious syscall patterns. Haridos et al [28] suggested an ML based mechanism to detect Android malware apps from the novel Huffman encoded feature vectors of syscall sequences. The drawbacks of these above existing syscall based malware detection mechanisms are given in Table 1.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Category DrawBacks Burguera et al [20] Syscall relationship is missing Xiao et al [29] High dimensionality of feature vectors Tong et al [27] Unable to detect repacking attacks Canfora et al [26] High dimentionality of feature vectors Tong et al [27] Unable to detect repacking attacks Haridos et al [28] Syscall relationship is missing Xiao et al [30] High dimentionality of feature vectors Bhandari et al [24] Feature extraction cost is high Bernadi et al [23] Requires multiple system call logs Roopak et al [25] Prone to Syscall replacement attacks Xiao et al [31] Prone to Syscall reordering attacks Haridos et al [28] Syscall relationship is missing…”

Section: ML Classificationmentioning

confidence: 99%

“…The information about these malware subsets are not explicitly mentioned in these papers. Therefore, it is impossible to reim- [29] Syscall Transition Probabilities Zhang et al [39] Syscall Transition Probabilities Canfora et al [26] Frequencies of Syscall Subsequences Bhandari et al [24] Algebraic Logic Branching Factor (ALBF) Roopak et al [25] Syscall Graph Signals Tong et al [27] Syscall Subsequence Analysis Haidros et al [28] Huffman-encoded Features of Syscalls Bernadi et al [23] Syscall Execution Fingerprint Table 7 outlines the features incorporated in comparative existing methods, which were employed by the authors within machine learning or deep learning classifiers to detect malware. The comparative performances of the syscall-based Android malware detection mechanism of this study outlined in Table 8.…”

Section: ) Collecting Syscall Tracesmentioning

confidence: 99%

See 2 more Smart Citations

Android Malware Detection Based on Informative Syscall Subsequences

Surendran,

Uddin,

Thomas

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The Android operating system commands a dominant market share of over 70% in the smartphone industry. However, this widespread usage has resulted in a concerning increase in malware applications. While existing static malware detection mechanisms are vulnerable to code obfuscation attacks, manipulating the runtime system call (syscall) sequence remains a significant challenge for attackers. Consequently, syscall-based malware detection mechanisms are gaining prominence. Current syscall-based malware detection approaches rely on machine learning algorithms, utilizing numerical features such as syscall frequencies and transition probability matrices. However, the wide range of values in these features necessitates large datasets for effective classifier training, and susceptibility to noise and outliers persists. As a result, there is an urgent need for a binary representation of dynamic features to improve malware detection efficiency. To address this challenge, our paper proposes an innovative syscall subsequence-based binary feature representation method for machine learning-driven malware detection. By employing the information gain method, we identify informative syscall subsequences. The proposed mechanism achieves an impressive 99% accuracy in detecting malware applications using just 50% of the training data, across both the Drebin/AMD and CICMalDroid2020 datasets.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: ML Classificationmentioning

confidence: 99%

Section: ) Collecting Syscall Tracesmentioning

confidence: 99%

See 1 more Smart Citation

Android Malware Detection Based on Informative Syscall Subsequences

Surendran,

Uddin,

Thomas

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…By reviewing the literature, malware and its variant detection have achieved significant results on traditional models based on supervised learning. For example, Hashida et al 25 have extracted malware behavior features and used machine learning methods, including KNNs, naive Bayesian, decision trees, and support vector machines (SVM). In the process of malware feature extraction, many researchers also use PCA, ICA, LDA, and other methods to select features with better effects 26 .…”

Section: Related Workmentioning

confidence: 99%

MUDROID: Android malware detection and classification based on permission and behavior for autonomous vehicles

Tang,

Da,

Wang

et al. 2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

With the growing popularity of autonomous vehicles, ensuring their safety has become a significant concern. Vehicle manufacturers have incorporated the Android operating system to enhance user convenience. However, the Android operating system's diversity and vulnerability may significantly impact autonomous vehicles because these natures lead to a critical threat in autonomous vehicle security: Android malware. The complex nature of multi‐data sources fusion in autonomous driving systems has resulted in low detection efficiency and accuracy for Android malware. Given the security requirements for autonomous‐driving systems, this article presents an Android malware classification method centered around the multifeature fusion and deep learning architecture designed to detect and classify Android malware within autonomous‐driving systems. The proposed MUDROID framework relies on the Android permission mechanism and behavioral feature to formulate a malware classification model. Comprising four essential components—feature extraction, representation, multifeature fusion, and classifier training, MUDROID leverages the advantages of CNN and GCN combination model and is adept at extracting and interpreting multidimensional features, consequently constructing a multifeature fusion classifier to amplify the efficiency and accuracy of Android malware detection and classification. The experiment results support MUDROID's superior classification performance, with an impressive Android malware detection accuracy rate of 98.69% and family classification (95.42%). The proposed method can detect and classify Android malware effectively, thus elevating the security and robustness of the self‐driving system. Additionally, the approach in this article also addresses feature representation issues in detecting malware variants, facilitating the recognition of Android malware variants across diverse platforms.

show abstract

“…They utilized 10-gram opcode features and achieved an F1-score of 98%. Manzil et al [35] introduced an innovative approach involving Huffman encoding to generate feature vectors for differentiating Android malware categories. They focused on classifying specific types of malware, such as riskware, adware, SMS malware, and banking malware.…”

Section: Related Workmentioning

confidence: 99%

Smali opcode based Android Malware detection and Obfuscation Identification

Anand,

Singh

2023

Preprint

View full text Add to dashboard Cite

The Android platform's open-source nature makes it a prime target for attackers seeking to exploit vulnerabilities. The practice of reverse engineering in Android applications further increases this vulnerability, creating a lucrative ground for exploitation and attack. Malware developers use various obfuscation techniques to protect applications from reverse engineering attempts. These same obfuscation techniques are utilized by malware creators to hide malicious code within the application's structure. Obfuscation introduces useless code and concealed features during feature extraction, making it difficult for conventional malware analysis methods to recognise the application and resulting in a high rate of false negatives. To address this, this paper introduces an innovative Smali opcode-based model, specifically designed to address the complexity of obfuscation techniques during both binary and familial classification. The core objective is to design a lightweight model capable of classifying malware and benign applications, alongside robust familial classification. Moreover, the model is also equipped to identify the specific obfuscation technique employed in a given malware application. We have meticulously implemented and rigorously evaluated the proposed model using two distinct datasets encompassing obfuscated and non-obfuscated samples. The experimental findings affirm the model's performance, surpassing existing state-of-the-art Android malware classifiers. Notably, the model achieves an impressive binary classification accuracy of 99.4\%.

show abstract

Android malware category detection using a novel feature vector-based machine learning model

Cited by 24 publications

References 34 publications

Android Malware Detection Based on Informative Syscall Subsequences

Android Malware Detection Based on Informative Syscall Subsequences

MUDROID: Android malware detection and classification based on permission and behavior for autonomous vehicles

Smali opcode based Android Malware detection and Obfuscation Identification

Contact Info

Product

Resources

About