Enhancing malware detection in Android application by incorporating broadcast receivers

Bişğin, Halil; Mohsen, Fadi; Nwobodo, Vincent C.; Havens, Rachael

doi:10.1504/ijipsi.2021.119168

Cited by 3 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bisgin et al [10] proposed a machine learning model for the prediction of malicious Android applications based on their permissions requests and system broadcast receivers. Before this work, many researchers have only used permissions.…”

Section: Signature-based Threat Detection Systemsmentioning

confidence: 99%

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Rauf

Mohsen

Wei

2023

JCSANDM

View full text Add to dashboard Cite

In the last two decades, the number of rapidly increasing cyber incidents (i.e., data theft and privacy breaches) shows that it is becoming enormously difficult for conventional defense mechanisms and architectures to neutralize modern cyber threats in a real-time situation. Disgruntled and rouge employees/agents and intrusive applications are two notorious classes of such modern threats, referred to as Insider Threats, which lead to data theft and privacy breaches. To counter such state-of-the-art threats, modern defense mechanisms require the incorporation of active threat analytics to proactively detect and mitigate any malicious intent at the employee or application level. Existing solutions to these problems intensively rely on co-relation, distance-based risk metrics, and human judgment. Especially when humans are kept in the loop for access-control policy-related decision-making against advanced persistent threats. As a consequence, the situation can escalate and lead to privacy/data breaches in case of insider threats. To confront such challenges, the security community has been striving to identify anomalous intent for advanced behavioral anomaly detection and auto-resiliency (the ability to deter an ongoing threat by policy tuning). Towards this dimension, we aim to review the literature in this domain and evaluate the effectiveness of existing approaches per our proposed criteria. According to our knowledge, this is one of the first endeavors toward developing evaluation-based standards to assess the effectiveness of relevant approaches in this domain while considering insider employees and intrusive applications simultaneously. There have been efforts in literature towards describing and understanding insider threats in general. However, none have addressed the detection and deterrence element in its entirety, hence making our contribution one of a kind. Towards the end of this article, we enlist and discuss the existing data sets. The data sets can help understand the attributes that play crucial roles in insider threat detection. In addition, they can be beneficial for testing the newly designed security solutions in this domain. We also present recommendations for establishing a baseline standard for analyzing insider-threat data sets. This baseline standard could be used in the future to design resilient architectures and provide a road map for organizations to enhance their defense capabilities against insider threats.

show abstract

Section: Signature-based Threat Detection Systemsmentioning

confidence: 99%

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Rauf

Mohsen

Wei

2023

JCSANDM

View full text Add to dashboard Cite

show abstract

“…The corresponding hardware system combination test is carried out to ensure that the system designed in this paper has a stable hardware foundation. After the hardware connection test, it is determined that the hardware running framework of the system designed in this paper is stable and can provide a solid hardware foundation for the system [15,16]. After testing the hardware function, this paper uses an independent computer as the attacker, simulates some network attack instructions, and carries out network attacks on user computers with different IP.…”

Section: Experimental Preparationmentioning

confidence: 99%

Information Security Detection and Analysis Based on Big Data and Artificial Intelligence Technology

Wei,

Ma,

et al. 2023

Atlantis Highlights in Intelligent Systems

View full text Add to dashboard Cite

Under the background of big data and cloud computing, computer network security is facing new security threats, and big data also provides a big data foundation for the application of artificial intelligence technology in computer network security detection system. This paper studies the application of artificial intelligence technology based on big data in computer network security detection system design, in order to provide some intellectual support for the application and promotion of artificial intelligence technology in computer network security detection system design.

show abstract

“…In recent years, there has been growing interest in the research community regarding the exploitation of broadcast receivers. Several researchers have proposed various methods for utilizing broadcast receivers in malware detection (Mohsen et al, 2017;Tian, 2016;Bisgin et al, 2021).…”

Section: Introductionmentioning

confidence: 99%

Harnessing Broadcast Receivers for Classification of Android Malware Threats

Chrysikos,

Karampelas,

Xylogiannopoulos

2024

eccws

View full text Add to dashboard Cite

With the increasing number of malicious attacks, the way how to detect and classify malicious apps has drawn attention in mobile technology market. In this paper, we proposed a classification model to seek and track malware Apps broadcast receivers in such devices. To identify the family of apps, static features of each app was extracted and a novel deterministic classifier is employed to categorize malware apps. With such, we can act against malware of known family, since we understand its functions, and prevent it from spreading out in larger scale, affecting extensively our society. Detailed description of the classification model is provided, as well the core technologies of this novel malicious android applications’ model are presented. From experiments performed on a set of Android-based malware apps, we observe that the proposed classification model achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods implemented in published experiments. The proposed classification model is promising since the average accuracy reaches an average of 97.31% and can effectively be applied to Android malware categorization, providing early detection of the capabilities of malware and the prospect of warning users of threatens ahead.

show abstract

Enhancing malware detection in Android application by incorporating broadcast receivers

Cited by 3 publications

References 0 publications

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Information Security Detection and Analysis Based on Big Data and Artificial Intelligence Technology

Harnessing Broadcast Receivers for Classification of Android Malware Threats

Contact Info

Product

Resources

About