Research on Data Mining of Permission-Induced Risk for Android IoT Devices

Kumar, Rajesh; Zhang, Xiaosong; Khan, Riaz Ullah; Sharif, Abubakar

doi:10.3390/app9020277

Cited by 31 publications

(21 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3 shows the most frequently requested permissions by the samples in our dataset. The pattern of the permission requested by the apps is basically similar to the recent studies [ 29 , 45 ]. Although we can observe from the figure that few of the permissions (e.g., INTERNET and READ_PHONE_STATE) are the most widely requested permissions in the dataset by both benign and malware samples, prior research confirms that benign and malware apps requesting a similar set of permissions is very common.…”

Section: Resultssupporting

confidence: 87%

Feature Subset Selection for Malware Detection in Smart IoT Platforms

Abawajy

Darem

Alhashmi

2021

Sensors

View full text Add to dashboard Cite

Malicious software (“malware”) has become one of the serious cybersecurity issues in Android ecosystem. Given the fast evolution of Android malware releases, it is practically not feasible to manually detect malware apps in the Android ecosystem. As a result, machine learning has become a fledgling approach for malware detection. Since machine learning performance is largely influenced by the availability of high quality and relevant features, feature selection approaches play key role in machine learning based detection of malware. In this paper, we formulate the feature selection problem as a quadratic programming problem and analyse how commonly used filter-based feature selection methods work with emphases on Android malware detection. We compare and contrast several feature selection methods along several factors including the composition of relevant features selected. We empirically evaluate the predictive accuracy of the feature subset selection algorithms and compare their predictive accuracy and the execution time using several learning algorithms. The results of the experiments confirm that feature selection is necessary for improving accuracy of the learning models as well decreasing the run time. The results also show that the performance of the feature selection algorithms vary from one learning algorithm to another and no one feature selection approach performs better than the other approaches all the time.

show abstract

Section: Resultssupporting

confidence: 87%

Feature Subset Selection for Malware Detection in Smart IoT Platforms

Abawajy

Darem

Alhashmi

2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Khan et al [49,50] analysed ResNet and GoogleNet models for malware detection using image processing technique. Kumar et al [51,52] used the Convolutional Neural Network CNN model for malicious code detection based on pattern recognition and permission-induced risk for Android IoT Devices, respectively. Comparison of the different approaches for botnet identification is a difficult task because different evaluations and experiments use different botnet samples and data sets.…”

Section: Comparison With Other Machine Learning Classifiersmentioning

confidence: 99%

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

et al. 2019

Self Cite

View full text Add to dashboard Cite

In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.

show abstract

“…SiGPID [12], an efficient detection system based on permission usage analysis to cope with the rapid increase in the number of Android malware. Kumar et al [13] proposed a novel method to distinguish between malware and benign applications based on association rule for permission mining. HinDroid [14] propose a novel feature extraction method that uses metapath to characterize the semantic relatedness of apps and API calls, and then combine the SVM algorithm to detect malware.…”

Section: Related Workmentioning

confidence: 99%

An Efficient Android Malware Detection System Based on Method-Level Behavioral Semantic Analysis

et al. 2019

View full text Add to dashboard Cite

According to the recent report, 12 000 new Android malware samples will be generated every day. Efficient identification of evolving malware is an urgent challenge. Traditional methods based on structured features such as permissions and sensitive application programming interface (API) calls lack high-level behavioral semantics to detect evolving malware. The methods based on call graphs (CG) are good at behavioral semantic analysis but face the problem of huge time and space consumption, which leads to low detection efficiency. In this paper, we propose a novel Android malware detection method based on the method-level correlation relationship of application's abstracted API calls. First, we split each Android application's source code into separate function methods and just keep the abstracted API calls of them to form a set of abstracted API calls transactions. And then, we calculate the confidence of association rules between the abstracted API calls, which forms behavioral semantics to describe an application. Finally, we combine machine learning to identify the different behavioral patterns of malicious and benign apps to build the detection system. The results of our empirical evaluation show our system is competitive in terms of classification accuracy and detection efficiency. At dataset Drebin (benign 5.9K and malware 5.6K) and AMD (benign 20.5K and malware 20.8K), our system has achieved 96% and 98% detection results both in accuracy and F-measure. Compared with the state-of-the-art system in detecting evolving malware called MaMaDroid on the dataset of 6.0K benign and 20.5K malicious samples spanning from 2010 to 2017, our system achieves higher accuracy while improving detection efficiency by 15 times (2.9 s versus 45.7 s per sample). INDEX TERMS Android malware detection, abstracted API call, association analysis, behavioral semantics, machine learning.

show abstract

Research on Data Mining of Permission-Induced Risk for Android IoT Devices

Cited by 31 publications

References 52 publications

Feature Subset Selection for Malware Detection in Smart IoT Platforms

Feature Subset Selection for Malware Detection in Smart IoT Platforms

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

An Efficient Android Malware Detection System Based on Method-Level Behavioral Semantic Analysis

Contact Info

Product

Resources

About