Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions

Wang, Wei; Zhao, Meichen; Gao, Zhenzhen; Xu, Guangquan; Xian, Hequn; Li, Yuanyuan; Zhang, Xiangliang

doi:10.1109/access.2019.2918139

Cited by 91 publications

(77 citation statements)

References 237 publications

(230 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It does not need to repeatedly execute the same opcodes, and thus can be time-saving. In our previous work, we detected anomalies or malware with static [38]- [42] or dynamic analysis [43]- [45] or with network traffic [46]- [49]. While our previous work detected potential malicious behaviors in systems or networks, in this work, we mainly focused on the detection of vulnerabilities in the smart contracts running on blockchain.…”

Section: Related Workmentioning

confidence: 99%

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

Wang

Jin

et al. 2021

IEEE Trans. Netw. Sci. Eng.

Self Cite

203

View full text Add to dashboard Cite

Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.

show abstract

Section: Related Workmentioning

confidence: 99%

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

Wang

Jin

et al. 2021

IEEE Trans. Netw. Sci. Eng.

Self Cite

203

View full text Add to dashboard Cite

show abstract

“…Millions of Android apps are installed by mobile devices. Meanwhile, a large number of Android malicious apps are constantly appearing [ 1 ]. AppBrain [ 2 ] shows that, by the end of February 2019, there were more than 2.5 million apps available on Google Play.…”

Section: Introductionmentioning

confidence: 99%

“…Static detection consumes less time and resources. However, static detection technology is difficult to detect obfuscated or repackaged malicious Apps [ 1 ]. In contrast, dynamic analysis attempts to identify malicious behavior after deploying and executing applications on an emulator or real device [ 9 ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty

Yuan

Tang

2020

Entropy

View full text Add to dashboard Cite

Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features’ uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU's Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample’s detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.

show abstract

“…Static analysis is an effective mechanism in any Android malware or ransomware detection system [28] and API calls feature is a key static metric that is utilized to identify malicious behaviors [29][30][31]. Therefore, this paper provides a deep analysis of API calls to investigate the extent of their influence on the accuracy of the detection process.…”

Section: Introductionmentioning

confidence: 99%

Ransomware Detection System for Android Applications

Alsoghyer

Almomani

2019

Electronics

View full text Add to dashboard Cite

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim's device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages' calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user's device. API packages' calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

show abstract

Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions

Cited by 91 publications

References 237 publications

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty

Ransomware Detection System for Android Applications

Contact Info

Product

Resources

About