Improved real‐time permission based malware detection and clustering approach using model independent pruning

Thiyagarajan, Janani; Akash, A.; Murugan, B. S.

doi:10.1049/iet-ifs.2019.0418

Cited by 17 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Android applications are installed on mobile devices after approval from the users. Since permission is the first obstacle for cyber hackers to reach their malicious targets, many researchers ( Sinan Arslan, Alper Doğru & Barışçı, 2019 ; Shehata et al, 2020 ; Thiyagarajan, Akash & Murugan, 2020 ) have carried out permission-based analysis studies. Arp et al (2014) evaluated the permissions, API calls, hardware components, and intents in the application manifest file together in their study in 2014.…”

Section: Methodsmentioning

confidence: 99%

FG-Droid: Grouping based feature size reduction for Android malware detection

Arslan¹

2022

PeerJ Computer Science

View full text Add to dashboard Cite

Background The number of applications prepared for use on mobile devices has increased rapidly with the widespread use of the Android OS. This has resulted in the undesired installation of Android application packages (APKs) that violate user privacy or are malicious. The increasing similarity between Android malware and benign applications makes it difficult to distinguish them from each other and causes a situation of concern for users. Methods In this study, FG-Droid, a machine-learning based classifier, using the method of grouping the features obtained by static analysis, was proposed. It was created because of experiments with machine learning (ML), deep neural network (DNN), recurrent neural network (RNN), long short-term memory (LSTM), and gated recurrent unit (GRU)-based models using Drebin, Genome, and Arslan datasets. Results The experimental results revealed that FG-Droid achieved a 97.7% area under the receiver operating characteristic (ROC) curve (AUC) score with a vector including only 11 static features and the ExtraTree algorithm. While reaching a high classification rate, only 0.063 seconds were needed for analysis per application. This means that the proposed feature selection method is faster than all traditional feature selection methods, and FG-Droid is one of the tools to date with the shortest analysis time per application. As a result, an efficient classifier with few features, low analysis time, and high classification success was developed using a unique feature grouping method.

show abstract

Section: Methodsmentioning

confidence: 99%

FG-Droid: Grouping based feature size reduction for Android malware detection

Arslan¹

2022

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…According to the Equation 3, the process of calculating the accuracy of the model is by dividing the correct prediction ratio by the total percentage of the number of samples:True positive (TP) , True negative(TN),False Positive (FP) and False Negative (FN) [70].…”

Section: Accuracymentioning

confidence: 99%

“…The Model has outperformed other classifiers, i.e., K-NN (87.90%), NB (91.80%), RF (89.10%), and j48 (90.09%). Thiyagarajan et al[70] utilized The Chai-square technique in malware detection to reduce the number of permissions and enhance efficiency. In addition, it reduced the false rate in the clustering process as well.…”

mentioning

confidence: 99%

Malware Classification Approaches Utilizing Binary and Text Embedding of Permissions

Zyout

Shatnawi

Najadat

2022

Preprint

View full text Add to dashboard Cite

The development of mobile applications is rapidly increasing with the advances in smartphone technology. These applications are intended to assist mobile users in accomplishing various daily tasks including e-commerce and online services. Many mobile applications were also developed to attack smartphone users. Hence, new challenges have been found such as the difficulty to distinguish between benign and malicious malware categories.In this paper, two approaches for classifying malware applications are presented, including Conv1d (Conventional one dimension) and LSTM (Long short Time Memory). The proposed approaches have modeled and solved the malware classification problem using the natural language processing method. Two encoding techniques, binary and text encoding, were conducted on android permissions as a preprocessing phase. In addition, two other classifiers, the Support Vector Machine (SVM) and K-Nearest Neighbor(KNN) were also reported. The two main approaches were evaluated on well-known dataset, the CICMalDroid2020. The Conv1d-approach and LSTM-approach using text encoding achieved the best classification, i.e., high precision and accuracy (98.16\%, 97.72\% and 96.63\%, 96.69\%, respectively). The Conv1d-approach on binary classification has outperformed the LSTM-approach model when compared with Mal-prem and datasets. The Conv1d-approach achieved the best performance, with 99.3\%,99.80\%, 98.90\%, and 98.95\% of accuracy.

show abstract

“…The first level was calculated on the opcode sequence and the second used method block sequences to learn and detect malicious software. To reduce the complexity of the model, Thiyagarajan et al [22] developed a preprocessing module that contains five different data reduction techniques, which reduced 133 permissions information into 10-dimensional vector information, and identified malicious applications by training DTs. The accuracy of the method reached 94.3%.Other deep learning algorithms are also favoured by many researchers [16,23,24].…”

Section: Related Workmentioning

confidence: 99%

Feature selection‐based android malware adversarial sample generation and detection method

Kong

et al. 2021

IET Information Security

View full text Add to dashboard Cite

With the popularisation of Android smartphones, the value of mobile application security research has increased. The emergence of adversarial technology makes it possible for malware to evade detection. Therefore, research is conducted on Android malicious applications of adversarial attack. To clarify the process and theory of adversarial sample generation, an adversarial sample generation algorithm is proposed that filters features based on feature spatial distribution and definition. These features are modified on real malicious samples to form adversarial samples. In addition, to enhance the robustness of adversarial sample classification detection, a multiple feature set detection algorithm is designed and implemented. Using the frequency differential enhancement feature selection algorithm to perform feature screening, the algorithm forms two different feature sets and establishes two different training sets to train different classification algorithms. Prediction results obtained by the two classification algorithms are integrated based on certain rules. Experimental results on the VirusShare dataset show that both algorithms are effective. The detection results in an actual environment also prove the effectiveness of the multiple feature set detection algorithm.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Improved real‐time permission based malware detection and clustering approach using model independent pruning

Cited by 17 publications

References 22 publications

FG-Droid: Grouping based feature size reduction for Android malware detection

FG-Droid: Grouping based feature size reduction for Android malware detection

Malware Classification Approaches Utilizing Binary and Text Embedding of Permissions

Feature selection‐based android malware adversarial sample generation and detection method

Contact Info

Product

Resources

About