Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity

2017 ◽  
pp. 560-565
Author(s):  
Jihun Kim ◽  
Jonghee M. Youn
Keyword(s):  
Dynamic Analysis ◽  
Detection Method ◽  
Malware Detection ◽  
Malicious Behavior

Runtime-Based Behavior Dynamic Analysis System for Android Malware Detection

2013 ◽  
Vol 756-759 ◽  
pp. 2220-2225 ◽  
Author(s):  
Luo Xu Min ◽  
Qing Hua Cao
Keyword(s):  
Dynamic Analysis ◽  
Private Information ◽  
Malware Detection ◽  
Third Party ◽  
Android Malware ◽  
Android Malware Detection ◽  
Malicious Behavior ◽  
Result Show ◽  
Android Market ◽  
Analysis System

The most serious threats for Android users is come from application, However, the market lack a mechanism to validate whether these applications are malware or not. So, malware maybe leak users private information, malicious deductions for send premium SMS, get root privilege of the Android system and so on. In the traditional method of malware detection, signature is the only basis. It is far enough. In this paper, we propose a runtime-based behavior dynamic analysis for Android malware detection. The new scheme can be implemented as a system. We analyze 350 applications come from third-party Android market, the result show that our system can effectively detect unknown malware and the malicious behavior of malware.

scholarly journals LSTM-Based Hierarchical Denoising Network for Android Malware Detection

2018 ◽  
Vol 2018 ◽  
pp. 1-18 ◽  
Author(s):  
Jinpei Yan ◽  
Yong Qi ◽  
Qifan Rao
Keyword(s):  
Detection Method ◽  
Expert Knowledge ◽  
Detection Efficiency ◽  
Malware Detection ◽  
Mobile Security ◽  
Detection Methods ◽  
Android Malware ◽  
Android Malware Detection ◽  
Malicious Behavior ◽  
Gradient Scaling

Mobile security is an important issue on Android platform. Most malware detection methods based on machine learning models heavily rely on expert knowledge for manual feature engineering, which are still difficult to fully describe malwares. In this paper, we present LSTM-based hierarchical denoise network (HDN), a novel static Android malware detection method which uses LSTM to directly learn from the raw opcode sequences extracted from decompiled Android files. However, most opcode sequences are too long for LSTM to train due to the gradient vanishing problem. Hence, HDN uses a hierarchical structure, whose first-level LSTM parallelly computes on opcode subsequences (we called them method blocks) to learn the dense representations; then the second-level LSTM can learn and detect malware through method block sequences. Considering that malicious behavior only appears in partial sequence segments, HDN uses method block denoise module (MBDM) for data denoising by adaptive gradient scaling strategy based on loss cache. We evaluate and compare HDN with the latest mainstream researches on three datasets. The results show that HDN outperforms these Android malware detection methods,and it is able to capture longer sequence features and has better detection efficiency than N-gram-based malware detection which is similar to our method.

scholarly journals Chimera: An Android Malware Detection Method Based on Multimodal Deep Learning and Hybrid Analysis

2020 ◽  
Author(s):  
Angelo Schranko de Oliveira ◽  
Renato José Sassi
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Dynamic Analysis ◽  
Detection Method ◽  
Malware Detection ◽  
Analysis Data ◽  
Detection Methods ◽  
Feature Engineering ◽  
Android Malware ◽  
Android Malware Detection

<div>The Android Operating System (OS) everywhere, computers, cars, homes, and, of course, personal and corporate smartphones. A recent survey from the International Data Corporation (IDC) reveals that the Android platform holds 85% of the smartphone market share. Its popularity and open nature make it an attractive target for malware. According to AV-TEST, by November 2020, 2.87M new Android malware instances were identified in the wild. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional machine learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, deep learning (DL) malware detection methods perform automatic feature extraction but usually require much more data and processing power. In this work, we propose a new multimodal DL Android malware detection method, Chimera, that combines both manual and automatic feature engineering by using the DL architectures, Convolutional Neural Networks (CNN), Deep Neural Networks (DNN), and Transformer Networks (TN) to perform feature learning from raw data (Dalvik Executable (DEX) grayscale images), static analysis data (Android Intents & Permissions), and dynamic analysis data (system call sequences) respectively. To train and evaluate our model, we implemented the Knowledge Discovery in Databases (KDD) process and used the publicly available Android benchmark dataset Omnidroid, which contains static and dynamic analysis data extracted from 22,000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s detection Accuracy, Precision, Recall, and ROC AUC outperform classical ML algorithms, state-of-the-art Ensemble, and Voting Ensembles ML methods, as well as unimodal DL methods using CNNs, DNNs, TNs, and Long-Short Term Memory Networks (LSTM). To the best of our knowledge, this is the first work that successfully applies multimodal DL to combine those three different modalities of data using DNNs, CNNs, and TNs to learn a shared representation that can be used in Android malware detection tasks.</div>

scholarly journals Chimera: An Android Malware Detection Method Based on Multimodal Deep Learning and Hybrid Analysis

2020 ◽  
Author(s):  
Angelo Schranko de Oliveira ◽  
Renato José Sassi
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Dynamic Analysis ◽  
Detection Method ◽  
Malware Detection ◽  
Analysis Data ◽  
Detection Methods ◽  
Feature Engineering ◽  
Android Malware ◽  
Android Malware Detection

<div>The Android Operating System (OS) everywhere, computers, cars, homes, and, of course, personal and corporate smartphones. A recent survey from the International Data Corporation (IDC) reveals that the Android platform holds 85% of the smartphone market share. Its popularity and open nature make it an attractive target for malware. According to AV-TEST, by November 2020, 2.87M new Android malware instances were identified in the wild. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional machine learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, deep learning (DL) malware detection methods perform automatic feature extraction but usually require much more data and processing power. In this work, we propose a new multimodal DL Android malware detection method, Chimera, that combines both manual and automatic feature engineering by using the DL architectures, Convolutional Neural Networks (CNN), Deep Neural Networks (DNN), and Transformer Networks (TN) to perform feature learning from raw data (Dalvik Executable (DEX) grayscale images), static analysis data (Android Intents & Permissions), and dynamic analysis data (system call sequences) respectively. To train and evaluate our model, we implemented the Knowledge Discovery in Databases (KDD) process and used the publicly available Android benchmark dataset Omnidroid, which contains static and dynamic analysis data extracted from 22,000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s detection Accuracy, Precision, Recall, and ROC AUC outperform classical ML algorithms, state-of-the-art Ensemble, and Voting Ensembles ML methods, as well as unimodal DL methods using CNNs, DNNs, TNs, and Long-Short Term Memory Networks (LSTM). To the best of our knowledge, this is the first work that successfully applies multimodal DL to combine those three different modalities of data using DNNs, CNNs, and TNs to learn a shared representation that can be used in Android malware detection tasks.</div>

scholarly journals SUIP: An Android malware detection method based on data flow features

2021 ◽  
Vol 1812 (1) ◽  
pp. 012010
Author(s):  
X R Chen ◽  
S S Shi ◽  
C L Xie ◽  
Z Yang ◽  
Y J Guo ◽  
...  
Keyword(s):  
Data Flow ◽  
Detection Method ◽  
Malware Detection ◽  
Android Malware ◽  
Android Malware Detection ◽  
Flow Features
Sign in / Sign up

Export Citation Format

Share Document