2021
DOI: 10.1007/978-3-030-91356-4_14
|View full text |Cite
|
Sign up to set email alerts
|

Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Abstract: Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid , a hybrid Android malware detection and categorization solution that utilizes program code structures as static behavioral features and network traffic as dynamic behavioral features for detectio… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
13
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 10 publications
(13 citation statements)
references
References 28 publications
0
13
0
Order By: Relevance
“…The comparison result of the proposed method with existing traffic analysis-based methods is presented in Table 7. As shown in the table, the hybrid system [69] achieved excellent results by analyzing both the malware code and TCP traffic. Current traffic analysis-based methods utilize TCP/IP traffic features, and extract upper layer protocol (e.g., HTTP) features if the TCP payload is not encrypted [70].…”
Section: A Malware Detectionmentioning
confidence: 91%
“…The comparison result of the proposed method with existing traffic analysis-based methods is presented in Table 7. As shown in the table, the hybrid system [69] achieved excellent results by analyzing both the malware code and TCP traffic. Current traffic analysis-based methods utilize TCP/IP traffic features, and extract upper layer protocol (e.g., HTTP) features if the TCP payload is not encrypted [70].…”
Section: A Malware Detectionmentioning
confidence: 91%
“…Although FCGs offer a global view of function calls executed by the program, they generally lack the intra-procedural information that CFGs provide. To address this, some approaches can be employed by jointly using FCGs and CFGs, where embeddings from CFGs are integrated into the nodes of the FCGs, to capture both intra-procedural and inter-procedural semantic [32,33,53]. In the case of Android malware analysis, a prevalent approach is to statically extract the API call sequences from the application and represent them using a FCG [56,58,59,82].…”
Section: Common Graphmentioning
confidence: 99%
“…The network activity generated by the program can also be monitored during its execution, and a network flow graph can be constructed with IP addresses and/or communication ports as nodes, and edges representing network flows. While some works solely rely on network traffic to detect malware activities [49,50], others enhance their detection capabilities by combining CFGs or FCGs with network data [32,33].…”
Section: Common Graphmentioning
confidence: 99%
See 1 more Smart Citation
“…However, it has a high computational cost because the images demand a lot of calculation. In another paper, M. R. Norouzian et al [20] presented a 'Hybroid' framework that exhibited 97.0 percent accuracy by using program code structures as static behavioral features and network traffic as dynamic behavioral data. This approach has a dynamic payload problem because it uses a computer code structure.…”
Section: Related Workmentioning
confidence: 99%