Similarity-based Android malware detection using Hamming distance of static binary features

Taheri, Rahim; Ghahramani, Meysam; Javidan, Reza; Shojafar, Mohammad; Pooranian, Zahra; Conti, Mauro

doi:10.1016/j.future.2019.11.034

Cited by 156 publications

(84 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, all the original traces need to be transformed into vectors before feeding them to the target classifiers. We adopt the set of words technique to preprocess the original traces because it is widely applied in cybersecurity [23], [35], [36]. Assuming that C = {c 1 , c 2 , c 3 , .…”

Section: A Crafting Adversarial Examples Against Machine Learning Bamentioning

confidence: 99%

A Brute-Force Black-Box Method to Attack Machine Learning-Based Systems in Cybersecurity

2020

View full text Add to dashboard Cite

Machine learning algorithms are widely utilized in cybersecurity. However, recent studies show that machine learning algorithms are vulnerable to adversarial examples. This poses new threats to the security-critical applications in cybersecurity. Currently, there is still a short of study on adversarial examples in the domain of cybersecurity. In this paper, we propose a new method known as the brute-force attack method to better evaluate the robustness of the machine learning classifiers in cybersecurity against adversarial examples. The proposed method, which works in a black-box way and covers some shortages of the existing adversarial attack methods based on generative adversarial networks, is simple to implement and only needs the output of the target classifiers to generate adversarial examples. To have a comprehensive evaluation of the attack performance of the proposed method, we use our method to generate adversarial examples against the common machine learning based security systems in cybersecurity including host intrusion detection systems, Android malware detection systems, and network intrusion detection systems. We compare the attack performance of the proposed method against these security systems with that of state-of-the-art adversarial attack methods based on generative adversarial networks. The preliminary experimental results show that the proposed method, which is more efficient in computation and outperforms the state-of-the-art attack methods based on generative adversarial networks, can be used to evaluate the robustness of various machine learning based systems in cybersecurity against adversarial examples. INDEX TERMS Adversarial examples, machine learning, deep learning, intrusion detection, malware detection, neural networks, black-box method.

show abstract

Section: A Crafting Adversarial Examples Against Machine Learning Bamentioning

confidence: 99%

A Brute-Force Black-Box Method to Attack Machine Learning-Based Systems in Cybersecurity

2020

View full text Add to dashboard Cite

show abstract

“…The last aspect is a major challenge since it preserves confidentiality, integrity and availability of user data. On Android, most of the approaches static analysis relying static features related to applications [4][5][6][7][8], dynamic analysis relying on features observed during their execution [9][10][11] and hybrid analysis combining the both [12][13][14]. Despite Google Play Protect provided by Google, to filter threats, there are still malicious applications carefully designed by bad people to have an impact on the security and privacy of users [5,15].…”

Section: Introductionmentioning

confidence: 99%

“…As for any social ecosystem, an application (seen as an agent) should be associated with a reputation score to predict bad behaviors [22]. Returning to Android, reputation can be evaluated based on permissions requests [23][24][25] Application Programming Interface (API) calls [5], information flow analysis [26,27] and other features [6]. These approaches require prior installation and are based on app features.…”

Section: Introductionmentioning

confidence: 99%

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme of Android Apps Based on Sentiment Analysis of Reviews

Tchakounté¹,

Pagore²,

Kamgang³

et al. 2020

Preprint

View full text Add to dashboard Cite

To keep its business reliable, Google is concerned to ensure quality of apps on the store. One crucial aspect concerning quality is security. Security is achieved through Google Play protect and anti-malware solutions. However, they are not totally efficient since they rely on application features and application execution threads. Google provides additional elements to enable consumers to collectively evaluate applications providing their experiences via reviews or showing their satisfaction through rating. The latter is more informal and hides details of rating whereas the former is textually expressive but requires further processing to understand opinions behind. Literature lacks approaches which mine reviews through sentiment analysis to extract useful information to improve security aspects of provided applications. This work goes in this direction and in a fine-grained way, investigates in terms of confidentiality, integrity, availability and authentication (CIAA). While assuming that reviews are reliable and not fake, the proposed approach determines review polarities based on CIAA-related keywords. We rely on the popular classifier Naive Bayes to classify reviews into positive, negative and neutral sentiment. We then provide an aggregation model to fusion different polarities to obtain application global and CIAA reputations. Quantitative experiments have been conducted on 13 applications including e-banking, live messaging and anti-malware apps with a total of 1050 security-related reviews and 7.835.322 functionality-related reviews. Results show that 23% of applications (03 apps) have a reputation greater than 0.5 with an accent on integrity, authentication and availability, while the remaining 77% has a polarity under 0.5. Developers should make lot of efforts in security while developing codes and that more efforts should be made to improve confidentiality reputation. Results also show that applications with good functionality-related reputation generally offer bad security-related reputation. This situation means that even if the number of security reviews is low, it does not mean that security aspect is not a consumer preoccupation. Unlike, developers put much more time to test whether applications works without errors even if they include possible security vulnerabilities. A quantitative comparison against well-known rating systems reveals effectiveness and robustness of CIAA-RepDroid to repute apps in terms of security. CIAA-RepDroid can be associated to existing rating solutions to recommend developers exact CIAA aspects to improve within source codes.

show abstract

“…The providing factors of this usage have been the convenience of the devices with their developing capacity and power, and portability. It is estimated that the number of mobile devices has increased by nearly twice as compared to 2014 [1]. Android operating system is one of the commonly used mobile OS leading this raise.…”

Section: Introductionmentioning

confidence: 99%

“…Besides, the variety of malicious software has been constantly arising in the Android mobile networks, which poses a risk to end users. Unlike the IOS, users can download the applications from shared files in third-party distribution environments as well as the Play Store [1]. Malevolent application detection tools are needed to help Android users cope with these security problems.…”

Section: Introductionmentioning

confidence: 99%

K-Nearest Neighbour Classifier Usage for Permission Based Malware Detection in Android

Arslan

Yurttakal²

2020

iij

View full text Add to dashboard Cite

ABSTRACT Android application platform is making rapid progress in these days. This development has made it the target of malicious application developers. This situation provides a numerical increase in malware apps, diversity in techniques, and rise of damage. Therefore, it is very critical to detect these software and escalation the security of mobile users. Static and dynamic analysis, behaviour scrutiny, machine learning methods are used to ensure security. In this study, K-nearest Neighbourhood (KNN) classifier, one of the machine learning methods, is used. Thus, it is aimed to detect malignant mobile software successfully and quickly. The tests is conducted with dataset includes 492 malware and 697 benign applications. In the proposed algorithm, neighbour number 5 and distance metric is preferred as Minkowski. 80% of dataset randomly selected is reserved for training and 20% for testing. As a result, while 94.1% accuracy is achieved, precision 91.2%, recall 92.7% recall and f1-measure is 92.4%. The high value obtained in f1-measure shows that the proposed model is successful in detecting both malware and benevolent software. The success of using KNN algorithm in classification of malicious apps in the Android has been demonstrated.

show abstract

Similarity-based Android malware detection using Hamming distance of static binary features

Cited by 156 publications

References 29 publications

A Brute-Force Black-Box Method to Attack Machine Learning-Based Systems in Cybersecurity

A Brute-Force Black-Box Method to Attack Machine Learning-Based Systems in Cybersecurity

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme of Android Apps Based on Sentiment Analysis of Reviews

K-Nearest Neighbour Classifier Usage for Permission Based Malware Detection in Android

Contact Info

Product

Resources

About