Abstract:Malicious applications are widespread for Android despite the taken serious actions by the operating system. Static and dynamic analysis techniques are utilized to detect malware by identifying the signatures of malicious applications by inspecting both the resources and behaviors of malware, respectively. In this study, what static analysis can utmost offer to detect malware in Android ecosystem is discussed and experimented on commonly used datasets in the literature by proposing a novel Android malware dete… Show more
“…In Refs. [109], [115], and [136]- [147] in Table 4, only the information gain (mutual information) is selected as the index to evaluate the generated feature subset. Information measures are a non-parametric and non-linear evaluation standard that do not depend on the distribution of the sample data, and therefore they are widely used in feature selection.…”
Section: Data Transformationmentioning
confidence: 99%
“…Lastly, Ref. [147] establishes the static feature set from the perspective of quantity, including the number of multiple objects such as lines of code (loc), permissions, and activities.…”
Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. We believe our work complements the previous reviews by surveying a wider range of aspects of the topic. This paper presents a comprehensive survey of Android malware detection approaches based on machine learning. We briefly introduce some background on Android applications, including the Android system architecture, security mechanisms, and classification of Android malware. Then, taking machine learning as the focus, we analyze and summarize the research status from key perspectives such as sample acquisition, data preprocessing, feature selection, machine learning models, algorithms, and the evaluation of detection effectiveness. Finally, we assess the future prospects for research into Android malware detection based on machine learning. This review will help academics gain a full picture of Android malware detection based on machine learning. It could then serve as a basis for subsequent researchers to start new work and help to guide research in the field more generally.
“…In Refs. [109], [115], and [136]- [147] in Table 4, only the information gain (mutual information) is selected as the index to evaluate the generated feature subset. Information measures are a non-parametric and non-linear evaluation standard that do not depend on the distribution of the sample data, and therefore they are widely used in feature selection.…”
Section: Data Transformationmentioning
confidence: 99%
“…Lastly, Ref. [147] establishes the static feature set from the perspective of quantity, including the number of multiple objects such as lines of code (loc), permissions, and activities.…”
Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. We believe our work complements the previous reviews by surveying a wider range of aspects of the topic. This paper presents a comprehensive survey of Android malware detection approaches based on machine learning. We briefly introduce some background on Android applications, including the Android system architecture, security mechanisms, and classification of Android malware. Then, taking machine learning as the focus, we analyze and summarize the research status from key perspectives such as sample acquisition, data preprocessing, feature selection, machine learning models, algorithms, and the evaluation of detection effectiveness. Finally, we assess the future prospects for research into Android malware detection based on machine learning. This review will help academics gain a full picture of Android malware detection based on machine learning. It could then serve as a basis for subsequent researchers to start new work and help to guide research in the field more generally.
“…The related works are summarized in Table 1. Here, the static analysis uses only static resources, which are available before the installation and execution of malicious applications [40].…”
As the number of internet users increases so does the number of malicious attacks using malware. The detection of malicious code is becoming critical, and the existing approaches need to be improved. Here, we propose a feature fusion method to combine the features extracted from pre-trained AlexNet and Inception-v3 deep neural networks with features attained using segmentation-based fractal texture analysis (SFTA) of images representing the malware code. In this work, we use distinctive pre-trained models (AlexNet and Inception-V3) for feature extraction. The purpose of deep convolutional neural network (CNN) feature extraction from two models is to improve the malware classifier accuracy, because both models have characteristics and qualities to extract different features. This technique produces a fusion of features to build a multimodal representation of malicious code that can be used to classify the grayscale images, separating the malware into 25 malware classes. The features that are extracted from malware images are then classified using different variants of support vector machine (SVM), k-nearest neighbor (KNN), decision tree (DT), and other classifiers. To improve the classification results, we also adopted data augmentation based on affine image transforms. The presented method is evaluated on a Malimg malware image dataset, achieving an accuracy of 99.3%, which makes it the best among the competing approaches.
Recent works demonstrated that Android is the fastest growing mobile OS with the highest number of users worldwide. Android's popularity is facilitated by factors such as ease of use, open‐source, and cheap to purchase compared to mobile OS like iOS. The widespread of Android has brought an exponential increase in the complexity and number of malicious applications targeting Android. Malware deploys different attack vectors to exploit Android vulnerability and attack the OS. One way to thwart malware attacks on Android is the use of Android security patches, antivirus software, and layer security. However, the fact that the permission request dynamic is different from other attack vectors, makes it difficult to identify which permission request is malicious or not especially when constructing permission request profiles for Android users. The aforementioned challenge is tackled by our research. This article proposed a framework called Android Permission Classifier for the classification of Android malware permission requests based on threat levels. This article is the first to classify Android permission based on their protection and threat levels. With the framework, out of the 113 permissions extracted, 23 were classified as more dangerous. Our model shows classification accuracy of 97% and an FPR value of 0.2% with high diversity capacity when compared with the performance of those of other similar existing methods.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.