Detection of Android Malware using Tree-based Ensemble Stacking Model

Shafin, Sakib Shahriar; Ahmed, Md. Maroof; Pranto, Mahmud Alam; Chowdhury, Abdullahi

doi:10.1109/csde53843.2021.9718396

Cited by 13 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, the adversarial samples generated in these studies to perform the adversarial training strategy are unrealistic files, as they may not preserve the executable format with malicious behaviour. The authors of [42] explored the performance of a twolevel machine learning model that combines an Ensemble Learning method and a Stacked Generalization method. They show that the proposed model is able to accurately detect recent Android malware.…”

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

“…Notably, the study shows that a deep neural network, trained from the original dataset augmented with the synthetic malware samples, gains accuracy in detecting Android malware. However, this study, similar to [21,42], did not explore the robustness of the machine learning model to possible, realistic adversarial samples created to fool the decision model. The authors of [44] explored how a Markov process-based adversarial model, originally formulated for digital rights management (DRM) apps, can be adapted to detect vulnerable iOS devices and analyse (non-DRM) apps for vulnerabilities that can potentially be exploited.…”

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Imran,

Appice,

Malerba

2024

Future Internet

View full text Add to dashboard Cite

During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions.

show abstract

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Imran,

Appice,

Malerba

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…Shafin et al proposed a robust and efficient Android malware detection and classification system capable of detecting popular malicious attacks of recent times such as banking malware and riskware [15] . For this, the authors assessing the importance of features gives us an insight into contributions of individual features in detecting malware.…”

Section: Related Workmentioning

confidence: 99%

“…This model is also centered on industrial environment where IIoT is used, which can only be seen in the research of Zolanvari, Teixeira and Jain [17] , Khan et al [24] , and Teixeiraeet al [13] ; despite dealing with the industrial scenario, these studies do not have the development of the model as their main proposal. The present proposal also uses ML, as can be seen in the works of Apruzzese et al [14] , Teixeira et al [17] , Pajouh et al [18] , Khoei et al [22] , Liang et al [23] , and Shafinet al [15] , but specifically, using EL to train a more robust model can only be seen in the study of Mohy-Eddine et al [20] . To reduce the model training time, there is still a reduction in the feature size while analyzing the optimization of model training time and possible model retraining without losing performance in predicting attacks on network flows.…”

Section: Khan Et Al Investigated An Ids Model Termed Federated-simple...mentioning

confidence: 99%

“…To reduce the model training time, there is still a reduction in the feature size while analyzing the optimization of model training time and possible model retraining without losing performance in predicting attacks on network flows. [14] ---✓ ---Khoei et al [22] ✓ ✓ -----Sarker et al [16] ✓ ------✓ Shafin et al [15] ✓ ✓ -----Khan et al [24] -…”

Section: Khan Et Al Investigated An Ids Model Termed Federated-simple...mentioning

confidence: 99%

See 1 more Smart Citation

TENNER: intrusion detection models for industrial networks based on ensemble learning

Dalarmelina,

Arora,

Filho

et al. 2024

Journal of Surveillance, Security and Safety

View full text Add to dashboard Cite

In the pursuit of discerning patterns within computer network attacks, the utilization of Machine Learning and Deep Learning algorithms has been prevalent for crafting detection models based on extensive network traffic datasets. Furthermore, enhancing detection efficacy is feasible by applying cluster learning techniques, wherein multiple Machine Learning models collaborate to yield detection outcomes. Nevertheless, it is imperative to discern the optimal features within the dataset for training the intrusion detection model. In the present study, we proffer a novel framework for feature selection and intrusion detection within industrial networks, employing Ensemble Learning to achieve commendable performance in terms of both high predictive accuracy and efficient learning duration. The outcomes evince that the proposed model exhibits an accuracy of 99.93%, with a mere one h and 34 min required for comprehensive training. In contrast, a model trained without the framework presented in this paper attains an accuracy of 99.94%, necessitating an extensive training period of 156 h. Notably, the detection model derived from the proposed solution demonstrates superior results in prediction time, accomplishing predictions within 0.0009 seconds, compared to the alternative model which requires 0.0076 seconds for predictions.

show abstract