Android Malware Characterization Using Metadata and Machine Learning Techniques

Martín, Iván; Hernández, José Alberto; Muñoz, Alfonso; Guzmán, Antonio Castillo

doi:10.1155/2018/5749481

Cited by 23 publications

(16 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method is not affected by reinforcement and confusion, but a high accuracy can not be got due to the small difference in permission features. Martín et al [9] verified this. To improve the accuracy of classification, multiple static features are integrated.…”

Section: Introductionmentioning

confidence: 76%

Android Malware Familial Classification Based on DEX File Section Features

et al. 2020

View full text Add to dashboard Cite

The rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this paper proposes an Android malware familial classification method based on Dalvik Executable (DEX) file section features. First, the DEX file is converted into RGB (Red/Green/Blue) image and plain text respectively, and then, the color and texture of image and text are extracted as features. Finally, a feature fusion algorithm based on multiple kernel learning is used for classification. In this experiment, the Android Malware Dataset (AMD) was selected as the sample set. Two different comparative experiments were set up, and the method in this paper was compared with the common visualization method and feature fusion method. The results show that our method has a better classification effect with precision, recall and F1 score reaching 0.96. Besides, the time of feature extraction in this paper is reduced by 2.999 seconds compared with the method of frequent subsequence. In conclusion, the method proposed in this paper is efficient and precise in the classification of the Android malware family. INDEX TERMS Android malware family, DEX file section, multiple kernel learning.

show abstract

Section: Introductionmentioning

confidence: 76%

Android Malware Familial Classification Based on DEX File Section Features

et al. 2020

View full text Add to dashboard Cite

show abstract

“…If the expressions and constraints of an application are in this rule library, this application will be considered as a malicious application. For example, to reduce the high false- [15], [16], [27], [28], [29], [30], [31], [32], [33], [34], [35], [36], [37], [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [61], [62], [63], [64], [94], [95], [98], [99], [100], [101], [102], [105], [109], [111],…”

Section: ) Publication Sourcementioning

confidence: 99%

“…To find the most suitable feature reduction technique, it is noticed that some studies make the comparison among different techniques. For example, to find a suitable feature reduction techniques, Martín et al [45] compare the performance of IG, Chi-square (χ 2 ), and gain ratio (GR). RQ2.3: Only a part of the studies adopt feature reduction techniques, and IG accounts for the largest proportion in the off-the-shelf feature reduction techniques.…”

Section: Rq23mentioning

confidence: 99%

A Systematic Literature Review of Android Malware Detection Using Static Analysis

et al. 2020

View full text Add to dashboard Cite

Android malware has been in an increasing trend in recent years due to the pervasiveness of Android operating system. Android malware is installed and run on the smartphones without explicitly prompting the users or without the user's permission, and it poses great threats to users such as the leakage of personal information and advanced fraud. To address these threats, various techniques are proposed by researchers and practitioners. Static analysis is one of these techniques, which is widely applied to Android malware detection and can detect malware quickly and prohibit malware before installation. To provide a clarified overview of the latest work in Android malware detection using static analysis, we perform a systematic literature review by identifying 98 studies from January 2014 to March 2020. Based on the features of applications, we first divide static analysis in Android malware detection into four categories, which include Android characteristic-based method, opcode-based method, program graph-based method, and symbolic execution-based method. Then we assess the malware detection capability of static analysis, and we compare the performance of different models in Android malware detection by analyzing the results of empirical evidence. Finally, it is concluded that static analysis is effective to detect Android malware. Moreover, there is a preliminary result that neural network model outperforms the non-neural network model in Android malware detection. However, static analysis still faces many challenges. Thus, it is necessary to derive some novel techniques for improving Android malware detection based on the current research community. Moreover, it is essential to establish a unified platform that is used to evaluate the performance of a series of techniques in Android malware detection fairly. INDEX TERMS Android malware detection, static analysis, systematic literature review.

show abstract

“…The research focused on malware detection, such as application developers and certificate issuers published on the Android Market. They used logistic regression (LR), SVM, and RF to construct a small, efficient classifier that could detect malware applications early in the sandbox [45]. W. Niu et al proposed a method to detect the advanced persistent threat (APT) malicious code command and control (C and C) domain with high accuracy by analyzing the mobile DNS log.…”

Section: Limitation Of Mobile Malware Detectionmentioning

confidence: 99%

Threat Assessment for Android Environment with Connectivity to IoT Devices from the Perspective of Situational Awareness

Park

Han

et al. 2019

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

As smartphones such as mobile devices become popular, malicious attackers are choosing them as targets. The risk of attack is steadily increasing as most people store various personal information such as messages, contacts, and financial information on their smartphones. Particularly, the vulnerabilities of the installed operating systems (e.g., Android, iOS, etc.) are trading at a high price in the black market. In addition, the development of the Internet of Things (IoT) technology has created a hyperconnected society in which various devices are connected to one network. Therefore, the safety of the smartphone is becoming an important factor to remotely control these technologies. A typical attack method that threatens the security of such a smartphone is a method of inducing installation of a malicious application. However, most studies focus on the detection of malicious applications. This study suggests a method to evaluate threats to be installed in the Android OS environment in conjunction with machine learning algorithms. In addition, we present future direction from the cyber threat intelligence perspective and situational awareness, which are the recent issues.

show abstract

Android Malware Characterization Using Metadata and Machine Learning Techniques

Cited by 23 publications

References 23 publications

Android Malware Familial Classification Based on DEX File Section Features

Android Malware Familial Classification Based on DEX File Section Features

A Systematic Literature Review of Android Malware Detection Using Static Analysis

Threat Assessment for Android Environment with Connectivity to IoT Devices from the Perspective of Situational Awareness

Contact Info

Product

Resources

About