Mass Discovery of Android Malware Behavioral Characteristics for Detection Consideration

An Informative and Comprehensive Behavioral Characteristics Analysis Methodology of Android Application for Data Security in Brain-Machine Interfacing

Computational and Mathematical Methods in Medicine ◽

10.1155/2020/3658795 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Xin Su ◽

Qingbo Gong ◽

Yi Zheng ◽

Xuchong Liu ◽

Kuan-Ching Li

Keyword(s):

Signal Transmission ◽

Malware Detection ◽

Machine Learning Algorithms ◽

Behavioral Characteristics ◽

Android Application ◽

Behavioral Characteristic ◽

Android Malware ◽

Android Malware Detection ◽

Android App ◽

Behavior Characteristics

Recently, brain-machine interfacing is very popular that link humans and artificial devices through brain signals which lead to corresponding mobile application as supplementary. The Android platform has developed rapidly because of its good user experience and openness. Meanwhile, these characteristics of this platform, which cause the amazing pace of Android malware, pose a great threat to this platform and data correction during signal transmission of brain-machine interfacing. Many previous works employ various behavioral characteristics to analyze Android application (or app) and detect Android malware to protect signal data secure. However, with the development of Android app, category of Android app tends to be diverse, and the Android malware behavior tends to be complex. This situation makes existing Android malware detections complicated and inefficient. In this paper, we propose a broad analysis, gathering as many behavior characteristics of an app as possible and compare these behavior characteristics in several metrics. First, we extract static and dynamic behavioral characteristic from Android app in an automatic manner. Second, we explain the decision we made in each kind of behavioral characteristic we choose for Android app analysis and Android malware detection. Third, we design a detailed experiment, which compare the efficiency of each kind of behavior characteristic in different aspects. The results of experiment also show Android malware detection performance of these behavior characteristics combine with well-known machine learning algorithms.

Download Full-text

DroidPortrait: Android Malware Portrait Construction Based on Multidimensional Behavior Analysis

Applied Sciences ◽

10.3390/app10113978 ◽

2020 ◽

Vol 10 (11) ◽

pp. 3978

Author(s):

Xin Su ◽

Lijun Xiao ◽

Wenjia Li ◽

Xuchong Liu ◽

Kuan-Ching Li ◽

...

Keyword(s):

Machine Learning ◽

Behavior Analysis ◽

High Performance ◽

Behavioral Characteristics ◽

Random Forest Algorithm ◽

Sensitive Data ◽

Android Malware ◽

Security Issues ◽

Android Applications ◽

Security Incidents

Recently, security incidents such as sensitive data leakage and video/audio hardware control caused by Android malware have raised severe security issues that threaten Android users, so thus behavior analysis and detection research researches of malicious Android applications have become a hot topic. However, the behavioral portrait of Android malware that can depict the behavior of Android malware is not approached in previous literature. To fill this gap, we propose DroidPortrait, an Android malware multi-dimensional behavioral portrait construction approach. We take the behavior of Android malware as an entry point and extract an informative behavior dataset that includes static and dynamic behavior from Android malware. Next, aiming at Android malware that contains different kinds of behaviors, a behavioral tag is defined then combined with a machine learning (ML) algorithm to implement the correlation of these behavioral tags. Android malware behavioral portrait architecture based on behavior analysis and its design is investigated, as also an optimized random forest algorithm is conceived then combined with Android malware behavioral portrait to detect Android malware. The evaluation findings indicate the DroidPortrait can depict behavioral characteristics of Android malware comprehensive and detect them with high performance.

Download Full-text