Android Malware Detection Based on Factorization Machine

Li, Chenglin; Mills, Keith G.; Niu, Di; Zhu, Rui; Zhang, Hongwen; Kinawi, Husam

doi:10.1109/access.2019.2958927

Cited by 66 publications

(39 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The extracted features of the parsed applications have to be serialized for further analysis. The representation of the serialized features can be implemented using the U − dimensional format where U represents the feature set [69]. As shown in Figure 5, all the features under investigation (F ) are stored in one list of length |F |.…”

Section: Parsing Phasementioning

confidence: 99%

Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data

Almomani

Qaddoura

Habib³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

In recent years, Ransomware has been a critical threat that attacks smartphones. Ransomware is a kind of malware that blocks the mobile's system and prevents the user of the infected device from accessing their data until a ransom is paid. Worldwide, Ransomware attacks have led to serious losses for individuals and stakeholders. However, the dramatic increase of Ransomware families makes to the process of identifying them more challenging due to their continuously evolved characteristics. Traditional malware detection methods (e.g., statistical-based prevention methods) fail to combat the evolving Ransomware since they result in a high percentage of false positives. Indeed, developing a non-classical, intelligent technique to safeguarding against Ransomware is of significant importance. This paper introduces a new methodology for the detection of Ransomware that is depending on an evolutionary-based machine learning approach. The binary particle swarm optimization algorithm is utilized for tuning the hyperparameters of the classification algorithm, as well as performing feature selection. The support vector machines (SVM) algorithm is used alongside the synthetic minority oversampling technique (SMOTE) for classification. The utilized dataset is collected from various sources, which consists of 10,153 Android applications, where 500 of them are Ransomware. The performance of the proposed approach SMOTE-tBPSO-SVM achieved merits over traditional machine learning algorithms by having the highest scores in terms of sensitivity, specificity, and g-mean.

show abstract

Section: Parsing Phasementioning

confidence: 99%

Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data

Almomani

Qaddoura

Habib³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Talha et al [ 19 ] presented a permission-based Android malware detection system consisting of three components, namely the central server, Android client and signature database, and static analysis is used to categorize the Android application as normal or harmful. Li et al [ 20 ] raised the issue of considering interaction terms across features for the discovery of malicious behavior patterns in Android applications and proposed a classier for Android malware detection based on a factorization machine architecture.…”

Section: Related Workmentioning

confidence: 99%

A Modified FlowDroid Based on Chi-Square Test of Permissions

Kang

Liu

et al. 2021

Entropy

View full text Add to dashboard Cite

Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or breach the secure storage of information. FlowDroid has been extensively studied as a novel and highly precise static taint analysis for Android applications. Aiming at the problem of complex detection and false alarms in FlowDroid, an improved static detection method based on feature permission and risk rating is proposed. Firstly, the Chi-square test is used to extract correlated permissions related to malicious apps, and mutual information is used to cluster the permissions to generate feature permission clusters. Secondly, risk calculation method based on permissions and combinations of permissions are proposed to identify dangerous data flows. Experiments show that this method can significantly improve detection efficiency while maintaining the accuracy of dangerous data flow detection.

show abstract

“…Early approaches in involved differentiating files based on sequences of api calls as in [20], in which the author builds a model based on ngrams of api calls. See [35] and [21] for similar approaches.…”

Section: B Related Workmentioning

confidence: 99%

Applications of Graph Integration to Function Comparison and Malware Classification

Slawiński¹,

Wortman²

2019

2019 4th International Conference on System Reliability and Safety (ICSRS)

View full text Add to dashboard Cite

We classify .NET files as either benign or malicious by examining directed graphs derived from the set of functions comprising the given file. Each graph is viewed probabilistically as a Markov chain where each node represents a code block of the corresponding function, and by computing the PageRank vector (Perron vector with transport), a probability measure can be defined over the nodes of the given graph. Each graph is vectorized by computing Lebesgue antiderivatives of handengineered functions defined on the vertex set of the given graph against the PageRank measure. Files are subsequently vectorized by aggregating the set of vectors corresponding to the set of graphs resulting from decompiling the given file. The result is a fast, intuitive, and easy-to-compute glass-box vectorization scheme, which can be leveraged for training a standalone classifier or to augment an existing feature space. We refer to this vectorization technique as PageRank Measure Integration Vectorization (PMIV). We demonstrate the efficacy of PMIV by training a vanilla random forest on 2.5 million samples of decompiled .NET, evenly split between benign and malicious, from our in-house corpus and compare this model to a baseline model which leverages a text-only feature space. The median time needed for decompilation and scoring was 24ms. 1

show abstract

Android Malware Detection Based on Factorization Machine

Cited by 66 publications

References 24 publications

Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data

Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data

A Modified FlowDroid Based on Chi-Square Test of Permissions

Applications of Graph Integration to Function Comparison and Malware Classification

Contact Info

Product

Resources

About