scholarly journals Computing Adaptive Feature Weights with PSO to Improve Android Malware Detection

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Yanping Xu ◽  
Chunhua Wu ◽  
Kangfeng Zheng ◽  
Xu Wang ◽  
Xinxin Niu ◽  
...  
Keyword(s):  
Information Gain ◽  
Malware Detection ◽  
Classification Model ◽  
Support Vector ◽  
Android Malware ◽  
Feature Weights ◽  
Detection Model ◽  
Inertia Weight ◽  
Android Malware Detection ◽  
Class Labels

Android malware detection is a complex and crucial issue. In this paper, we propose a malware detection model using a support vector machine (SVM) method based on feature weights that are computed by information gain (IG) and particle swarm optimization (PSO) algorithms. The IG weights are evaluated based on the relevance between features and class labels, and the PSO weights are adaptively calculated to result in the best fitness (the performance of the SVM classification model). Moreover, to overcome the defects of basic PSO, we propose a new adaptive inertia weight method called fitness-based and chaotic adaptive inertia weight-PSO (FCAIW-PSO) that improves on basic PSO and is based on the fitness and a chaotic term. The goal is to assign suitable weights to the features to ensure the best Android malware detection performance. The results of experiments indicate that the IG weights and PSO weights both improve the performance of SVM and that the performance of the PSO weights is better than that of the IG weights.

scholarly journals An Android Malware Detection Model Based on DT-SVM

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Min Yang ◽  
Xingshu Chen ◽  
Yonggang Luo ◽  
Hang Zhang
Keyword(s):  
Decision Tree ◽  
Malware Detection ◽  
Small Sample ◽  
Support Vector ◽  
Android Malware ◽  
Detection Model ◽  
Model Based ◽  
Android Malware Detection ◽  
Svm Algorithm ◽  
N Gram

In order to improve the accuracy and efficiency of Android malware detection, an Android malware detection model based on decision tree (DT) with support vector machine (SVM) algorithm (DT-SVM) is proposed. Firstly, the original opcode, Dalvik opcode, is extracted by reversing Android software, and the eigenvector of the sample is generated by using the n-gram model. Then, a decision tree is generated via training the sample and updating decision nodes as SVM nodes from the bottom up according to the evaluation result of the test set in the decision path. The model effectively combines DT with SVM. Under the premise of maintaining a high-accuracy decision path, SVM is used to effectively reduce the overfitting problem in DT and thus improve the generalization ability, and maintain the superiority of SVM for the small sample training set. Finally, to test our approach, several simulation experiments are carried out, and the results demonstrate that the improved algorithm has better accuracy and higher speed as compared with other malware detection approaches.

scholarly journals Linear SVM-Based Android Malware Detection for Reliable IoT Services

2014 ◽  
Vol 2014 ◽  
pp. 1-10 ◽  
Author(s):  
Hyo-Sik Ham ◽  
Hwan-Hee Kim ◽  
Myung-Sup Kim ◽  
Mi-Jung Choi
Keyword(s):  
Machine Learning ◽  
Mobile Devices ◽  
Malware Detection ◽  
Information Leakage ◽  
Support Vector ◽  
Android Malware ◽  
Machine Learning Classifiers ◽  
Android Malware Detection ◽  
Learning Classifiers ◽  
Linear Svm

Current many Internet of Things (IoT) services are monitored and controlled through smartphone applications. By combining IoT with smartphones, many convenient IoT services have been provided to users. However, there are adverse underlying effects in such services including invasion of privacy and information leakage. In most cases, mobile devices have become cluttered with important personal user information as various services and contents are provided through them. Accordingly, attackers are expanding the scope of their attacks beyond the existing PC and Internet environment into mobile devices. In this paper, we apply a linear support vector machine (SVM) to detect Android malware and compare the malware detection performance of SVM with that of other machine learning classifiers. Through experimental validation, we show that the SVM outperforms other machine learning classifiers.

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

Permission-based Android Malware Detection System Using Feature Selection with Genetic Algorithm

2019 ◽  
Vol 29 (02) ◽  
pp. 245-262 ◽  
Author(s):  
Oktay Yildiz ◽  
Ibrahim Alper Doğru
Keyword(s):  
Genetic Algorithm ◽  
Feature Selection ◽  
Detection System ◽  
Malware Detection ◽  
Support Vector ◽  
Android Malware ◽  
Detection Systems ◽  
Android Malware Detection ◽  
Vector Machines ◽  
Accuracy Result

As the use of smartphones increases, Android, as a Linux-based open source mobile operating system (OS), has become the most popular mobile OS in time. Due to the widespread use of Android, malware developers mostly target Android devices and users. Malware detection systems to be developed for Android devices are important for this reason. Machine learning methods are being increasingly used for detection and analysis of Android malware. This study presents a method for detecting Android malware using feature selection with genetic algorithm (GA). Three different classifier methods with different feature subsets that were selected using GA were implemented for detecting and analyzing Android malware comparatively. A combination of Support Vector Machines and a GA yielded the best accuracy result of 98.45% with the 16 selected permissions using the dataset of 1740 samples consisting of 1119 malwares and 621 benign samples.

scholarly journals Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Xin Wang ◽  
Dafang Zhang ◽  
Xin Su ◽  
Wenjia Li
Keyword(s):  
Machine Learning ◽  
Information Fusion ◽  
Malware Detection ◽  
Parallel Machine ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Android Malware ◽  
Detection Model ◽  
Android Apps ◽  
Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

Sign in / Sign up

Export Citation Format

Share Document