Maat

The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 antiviral scanners. Unfortunately, there are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies (e.g., if 10 or more scanners deem an app malicious, it is considered malicious). While some of the utilized thresholds may be able to accurately approximate the ground truths of apps, the fact that VirusTotal changes the set and versions of the scanners it uses makes such thresholds unsustainable over time. We implemented a method, Maat , that tackles these issues of standardization and sustainability by automatically generating a Machine Learning ( ML )-based labeling scheme, which outperforms threshold-based labeling strategies. Using the VirusTotal scan reports of 53K Android apps that span 1 year, we evaluated the applicability of Maat ’s Machine Learning ( ML )-based labeling strategies by comparing their performance against threshold-based strategies. We found that such ML -based strategies (a) can accurately and consistently label apps based on their VirusTotal scan reports, and (b) contribute to training ML -based detection methods that are more effective at classifying out-of-sample apps than their threshold-based counterparts.

Download Full-text

A Semi-Supervised Learning Approach for Tackling Twitter Spam Drift

International Journal of Computational Intelligence and Applications ◽

10.1142/s146902681950010x ◽

2019 ◽

Vol 18 (02) ◽

pp. 1950010 ◽

Cited By ~ 2

Author(s):

Niddal Imam ◽

Biju Issac ◽

Seibu Mary Jacob

Keyword(s):

Machine Learning ◽

Supervised Learning ◽

Research Community ◽

Machine Learning Techniques ◽

Spam Detection ◽

Learning Approach ◽

New Approach ◽

Detection Systems ◽

Learning Techniques ◽

Over Time

Twitter has changed the way people get information by allowing them to express their opinion and comments on the daily tweets. Unfortunately, due to the high popularity of Twitter, it has become very attractive to spammers. Unlike other types of spam, Twitter spam has become a serious issue in the last few years. The large number of users and the high amount of information being shared on Twitter play an important role in accelerating the spread of spam. In order to protect the users, Twitter and the research community have been developing different spam detection systems by applying different machine-learning techniques. However, a recent study showed that the current machine learning-based detection systems are not able to detect spam accurately because spam tweet characteristics vary over time. This issue is called “Twitter Spam Drift”. In this paper, a semi-supervised learning approach (SSLA) has been proposed to tackle this. The new approach uses the unlabeled data to learn the structure of the domain. Different experiments were performed on English and Arabic datasets to test and evaluate the proposed approach and the results show that the proposed SSLA can reduce the effect of Twitter spam drift and outperform the existing techniques.

Download Full-text

Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

Security and Communication Networks ◽

10.1155/2017/6451260 ◽

2017 ◽

Vol 2017 ◽

pp. 1-14 ◽

Cited By ~ 8

Author(s):

Xin Wang ◽

Dafang Zhang ◽

Xin Su ◽

Wenjia Li

Keyword(s):

Machine Learning ◽

Information Fusion ◽

Malware Detection ◽

Parallel Machine ◽

Detection Methods ◽

Detection Accuracy ◽

Android Malware ◽

Detection Model ◽

Android Apps ◽

Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

Download Full-text

A Comprehensive Study of Malware Detection in Android Operating Systems

Asian Journal of Research in Computer Science ◽

10.9734/ajrcos/2021/v10i430248 ◽

2021 ◽

pp. 30-46

Author(s):

Suhaib Jasim Hamdi ◽

Ibrahim Mahmood Ibrahim ◽

Naaman Omar ◽

Omar M. Ahmed ◽

Zryan Najat Rashid ◽

...

Keyword(s):

Machine Learning ◽

Malware Detection ◽

Detailed Comparison ◽

Detection Methods ◽

Current Status ◽

Android Malware ◽

Detection Techniques ◽

Android Apps ◽

Android Malware Detection ◽

Wide Range

Android is now the world's (or one of the world’s) most popular operating system. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices are incorporated in many aspects of our everyday lives. This paper gives a detailed comparison that summarizes and analyses various detection techniques. This work examines the current status of Android malware detection methods, with an emphasis on Machine Learning-based classifiers for detecting malicious software on Android devices. Android has a huge number of apps that may be downloaded and used for free. Consequently, Android phones are more susceptible to malware. As a result, additional research has been done in order to develop effective malware detection methods. To begin, several of the currently available Android malware detection approaches are carefully examined and classified based on their detection methodologies. This study examines a wide range of machine-learning-based methods to detecting Android malware covering both types dynamic and static.

Download Full-text

Vulnerability Assessment and Malware Analysis of Android Apps Using Machine Learning

Handbook of Research on Machine Learning Techniques for Pattern Recognition and Information Security - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-7998-3299-7.ch015 ◽

2021 ◽

pp. 255-277

Author(s):

Pallavi Khatri ◽

Animesh Kumar Agrawal ◽

Aman Sharma ◽

Navpreet Pannu ◽

Sumitra Ranjan Sinha

Keyword(s):

Machine Learning ◽

Dynamic Analysis ◽

Mobile Devices ◽

Personal Information ◽

Supervised Machine Learning ◽

Machine Learning Techniques ◽

Malware Analysis ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Learning Techniques

Mobile devices and their use are rapidly growing to the zenith in the market. Android devices are the most popular and handy when it comes to the mobile devices. With the rapid increase in the use of Android phones, more applications are available for users. Through these alluring multi-functional applications, cyber criminals are stealing personal information and tracking the activities of users. This chapter presents a two-way approach for finding malicious Android packages (APKs) by using different Android applications through static and dynamic analysis. Three cases are considered depending upon the severity level of APK, permission-based protection level, and dynamic analysis of APK for creating the dataset for further analysis. Subsequently, supervised machine learning techniques such as naive Bayes multinomial text, REPtree, voted perceptron, and SGD text are applied to the dataset to classify the selected APKs as malicious, benign, or suspicious.

Download Full-text

The Evolution of Digital Technologies: A Network Perspective on Machine Learning

10.31235/osf.io/cnq6p ◽

2019 ◽

Author(s):

Fabian Braesemann

Keyword(s):

Machine Learning ◽

Programming Languages ◽

Digital Technologies ◽

Network Models ◽

Creative Destruction ◽

Technological Evolution ◽

Online Platform ◽

Stack Overflow ◽

Novel Technologies ◽

Over Time

The development of digital technologies such as Machine Learning can be described empirically as a co-evolving network based on online platform data. Here, we construct a network of technologies related to machine learning based on data from Stack Overflow, the world’s largest question-and-answer website for programming questions.1 This network reveals the changing centrality of machine learning topics, libraries, and related programming languages over time as the network links rewire when novel technologies are introduced. It thus allows for understanding the development of the field as combinatorial technological evolution, shaped by the replacement of older technologies by novel ones. The data can be used to test network models on innovation and novelty, and on creative destruction.

Download Full-text

Building Damage Detection from Post-Event Aerial Imagery Using Single Shot Multibox Detector

Applied Sciences ◽

10.3390/app9061128 ◽

2019 ◽

Vol 9 (6) ◽

pp. 1128 ◽

Cited By ~ 12

Author(s):

Yundong Li ◽

Wei Hu ◽

Han Dong ◽

Xueyan Zhang

Keyword(s):

Machine Learning ◽

Data Augmentation ◽

Hurricane Sandy ◽

Training Data ◽

Aerial Images ◽

Detection Methods ◽

Single Shot ◽

Data Set ◽

Augmentation Strategies ◽

Post Disaster

Using aerial cameras, satellite remote sensing or unmanned aerial vehicles (UAV) equipped with cameras can facilitate search and rescue tasks after disasters. The traditional manual interpretation of huge aerial images is inefficient and could be replaced by machine learning-based methods combined with image processing techniques. Given the development of machine learning, researchers find that convolutional neural networks can effectively extract features from images. Some target detection methods based on deep learning, such as the single-shot multibox detector (SSD) algorithm, can achieve better results than traditional methods. However, the impressive performance of machine learning-based methods results from the numerous labeled samples. Given the complexity of post-disaster scenarios, obtaining many samples in the aftermath of disasters is difficult. To address this issue, a damaged building assessment method using SSD with pretraining and data augmentation is proposed in the current study and highlights the following aspects. (1) Objects can be detected and classified into undamaged buildings, damaged buildings, and ruins. (2) A convolution auto-encoder (CAE) that consists of VGG16 is constructed and trained using unlabeled post-disaster images. As a transfer learning strategy, the weights of the SSD model are initialized using the weights of the CAE counterpart. (3) Data augmentation strategies, such as image mirroring, rotation, Gaussian blur, and Gaussian noise processing, are utilized to augment the training data set. As a case study, aerial images of Hurricane Sandy in 2012 were maximized to validate the proposed method’s effectiveness. Experiments show that the pretraining strategy can improve of 10% in terms of overall accuracy compared with the SSD trained from scratch. These experiments also demonstrate that using data augmentation strategies can improve mAP and mF1 by 72% and 20%, respectively. Finally, the experiment is further verified by another dataset of Hurricane Irma, and it is concluded that the paper method is feasible.

Download Full-text

OutlierNets: Highly Compact Deep Autoencoder Network Architectures for On-Device Acoustic Anomaly Detection

Sensors ◽

10.3390/s21144805 ◽

2021 ◽

Vol 21 (14) ◽

pp. 4805

Author(s):

Saad Abbasi ◽

Mahmoud Famouri ◽

Mohammad Javad Shafiee ◽

Alexander Wong

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Detection Methods ◽

Detection Accuracy ◽

Network Architectures ◽

Design Exploration ◽

Convolutional Autoencoder ◽

Acoustic Anomaly ◽

Human Operators ◽

Computational Resources

Human operators often diagnose industrial machinery via anomalous sounds. Given the new advances in the field of machine learning, automated acoustic anomaly detection can lead to reliable maintenance of machinery. However, deep learning-driven anomaly detection methods often require an extensive amount of computational resources prohibiting their deployment in factories. Here we explore a machine-driven design exploration strategy to create OutlierNets, a family of highly compact deep convolutional autoencoder network architectures featuring as few as 686 parameters, model sizes as small as 2.7 KB, and as low as 2.8 million FLOPs, with a detection accuracy matching or exceeding published architectures with as many as 4 million parameters. The architectures are deployed on an Intel Core i5 as well as a ARM Cortex A72 to assess performance on hardware that is likely to be used in industry. Experimental results on the model’s latency show that the OutlierNet architectures can achieve as much as 30x lower latency than published networks.

Download Full-text

Machine Learning in Futures Markets

Journal of Risk and Financial Management ◽

10.3390/jrfm14030119 ◽

2021 ◽

Vol 14 (3) ◽

pp. 119

Author(s):

Fabian Waldow ◽

Matthias Schnaubelt ◽

Christopher Krauss ◽

Thomas Günter Fischer

Keyword(s):

Machine Learning ◽

Futures Markets ◽

Learning Models ◽

Cross Sectional ◽

Data Set ◽

Statistical Arbitrage ◽

Out Of Sample ◽

Sample Testing ◽

Arbitrage Strategy ◽

Machine Learning Models

In this paper, we demonstrate how a well-established machine learning-based statistical arbitrage strategy can be successfully transferred from equity to futures markets. First, we preprocess futures time series comprised of front months to render them suitable for our returns-based trading framework and compile a data set comprised of 60 futures covering nearly 10 trading years. Next, we train several machine learning models to predict whether the h-day-ahead return of each future out- or underperforms the corresponding cross-sectional median return. Finally, we enter long/short positions for the top/flop-k futures for a duration of h days and assess the financial performance of the resulting portfolio in an out-of-sample testing period. Thereby, we find the machine learning models to yield statistically significant out-of-sample break-even transaction costs of 6.3 bp—a clear challenge to the semi-strong form of market efficiency. Finally, we discuss sources of profitability and the robustness of our findings.

Download Full-text

Malware Analysis using Machine Learning and Deep Learning techniques

2020 SoutheastCon ◽

10.1109/southeastcon44009.2020.9368268 ◽

2020 ◽

Author(s):

Rajvardhan Patil ◽

Wei Deng

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Malware Analysis ◽

Learning Techniques

Download Full-text

Detection of Malicious Software by Analyzing Distinct Artifacts Using Machine Learning and Deep Learning Algorithms

Electronics ◽

10.3390/electronics10141694 ◽

2021 ◽

Vol 10 (14) ◽

pp. 1694

Author(s):

Mathew Ashik ◽

A. Jyothish ◽

S. Anandaram ◽

P. Vinod ◽

Francesco Mercaldo ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Support Vector ◽

Malware Analysis ◽

Learning Approaches ◽

Dynamic Features ◽

System Calls ◽

Prevention Methods ◽

Structural Aspects

Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

Download Full-text