ANTSdroid: Automatic Malware Family Behaviour Generation and Analysis for Android Apps

Sun, Yeali S.; Chen, Chien-Chun; Hsiao, Shun-Wen; Chen, Meng Chang

doi:10.1007/978-3-319-93638-3_48

Cited by 13 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on a supervised classification method and an unsupervised segmentation approach, EC2 [8] presented an Android harmful application family classification method. The API call execution sequence [9,10] aids in having understood the target attack application's behavior and thread information. Tao et al [11] examined the importance of sensitive APIs shielded by privileges and extracted malware patterns from known malware specimens to efficiently identify malicious.…”

Section: Related Workmentioning

confidence: 99%

Fast and Robust Detection of Adversarial Attacks in the Problem Space using Machine Learning

Naseem

Sehar

2022

Preprint

View full text Add to dashboard Cite

Machine learning is widely accepted as an accurate statistical approach for malware detection to cope with the rising uncertainty risk and complexity of modern intrusions. Not only has machine learning security been asked, but it has also been challenged in the past. However, it has been identified that machine learning contains intrinsic weaknesses that may be exploited to avoid detection during testing. So, look at it another way, machine learning can become an intelligence system bottleneck. We use the related attack methodology to classify different types of attacks using learning-based malware detection techniques in this research by evaluating attackers with unique abilities and talents. After this, to carefully identify the security of Drebin, Android malware detection has been performed. We implemented and did a set of comparable malware detection using the linear SVM and other relevant techniques, including Sec-SVM, Reduced SVM, Reduced Sec-SVM, Na ̈ıve Bayes, Random Forest Classifier, and some deep neural networks. The main agenda of this paper is the presentation of a scalable and straightforward securelearning methodology that reduces the effect of adversarial attacks. In the presence of an attack, the detection accuracy is only a bit worsened. Finally, we evaluate that our robust technique may be accurately adapted to additional intrusion prevention tasks.

show abstract

Section: Related Workmentioning

confidence: 99%

Fast and Robust Detection of Adversarial Attacks in the Problem Space using Machine Learning

Naseem

Sehar

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…At present, most studies focus on the application behavior characteristics, and API is one of the most frequently used features. The execution sequence of API calls [19,20] helps to fully understand the activity and thread information of the target malware application. Omid et al [21] researched the similarity behaviors of different malware families based on sensitive APIs for classification.…”

Section: Android Malware Behaviour Detectionmentioning

confidence: 99%

AdvAndMal: Adversarial Training for Android Malware Detection and Family Classification

et al. 2021

View full text Add to dashboard Cite

In recent years, Android malware has continued to evolve against detection technologies, becoming more concealed and harmful, making it difficult for existing models to resist adversarial sample attacks. At the current stage, the detection result is no longer the only criterion for evaluating the pros and cons of the model with its algorithms, it is also vital to take the model’s defensive ability against adversarial samples into consideration. In this study, we propose a general framework named AdvAndMal, which consists of a two-layer network for adversarial training to generate adversarial samples and improve the effectiveness of the classifiers in Android malware detection and family classification. The adversarial sample generation layer is composed of a conditional generative adversarial network called pix2pix, which can generate malware variants to extend the classifiers’ training set, and the malware classification layer is trained by RGB image visualized from the sequence of system calls. To evaluate the adversarial training effect of the framework, we propose the robustness coefficient, a symmetric interval i = [−1, 1], and conduct controlled experiments on the dataset to measure the robustness of the overall framework for the adversarial training. Experimental results on 12 families with the largest number of samples in the Drebin dataset show that the accuracy of the overall framework is increased from 0.976 to 0.989, and its robustness coefficient is increased from 0.857 to 0.917, which proves the effectiveness of the adversarial training method.

show abstract

“…In addition, it requires a priori knowledge of the malware technique to monitor. Several papers have applied dynamic analysis such as [43,44,49,54,58,61]. Details on the dynamic features used by the papers were discussed in Section 4, Features.…”

Section: Dynamic Analysismentioning

confidence: 99%

“…In [49], resources' consumption is utilized as features for their classification. In [43], the authors use sensitive and permission-related API calls.…”

Section: Dynamic Featuresmentioning

confidence: 99%

Android Malware Family Classification and Analysis: Current Status and Future Directions

Alswaina

Elleithy

2020

Electronics

View full text Add to dashboard Cite

Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.

show abstract

ANTSdroid: Automatic Malware Family Behaviour Generation and Analysis for Android Apps

Cited by 13 publications

References 12 publications

Fast and Robust Detection of Adversarial Attacks in the Problem Space using Machine Learning

Fast and Robust Detection of Adversarial Attacks in the Problem Space using Machine Learning

AdvAndMal: Adversarial Training for Android Malware Detection and Family Classification

Android Malware Family Classification and Analysis: Current Status and Future Directions

Contact Info

Product

Resources

About