scholarly journals RoughDroid: Operative Scheme for Functional Android Malware Detection

2018 ◽  
Vol 2018 ◽  
pp. 1-10 ◽  
Author(s):  
Khaled Riad ◽  
Lishan Ke
Keyword(s):  
False Positive Rate ◽  
Experimental Results ◽  
Android Application ◽  
Android Malware ◽  
Feature Sets ◽  
Android Malware Detection ◽  
Analysis Technique ◽  
Positive Rate ◽  
Pass Through ◽  
Google Play

There are thousands of malicious applications that invade Google Play Store every day and seem to be legal applications. These malicious applications have the ability to link the malware referred to as Dresscode created for network hacking as well as scrolling information. Since Android smartphones are indispensable, there should be an efficient and also unusual protection. Therefore, Android smartphones usually continue to be safeguarded from novel malware. In this paper, we propose RoughDroid, a floppy analysis technique that can discover Android malware applications directly on the smartphone. RoughDroid is based on seven feature sets (FS1,FS2,…,FS7) from the XML manifest file of an Android application, plus three feature sets (FS8,FS9, and FS10) from the Dex file. Those feature sets pass through the Rough Set algorithm to elastically classify the Android application as either benign or malicious. The experimental results mainly consider 20 most common malware families, plus three new malware families (Grabos, TrojanDropper.Agent.BKY, and AsiaHitGroup) that invade Google Play Store at 2017. According to the experimental results, RoughDroid has 95.6% detection performance for the malware families at 1% false-positive rate. Finally, RoughDroid is a lightweight approach for straightly examining downloaded applications on the smartphone.

scholarly journals Optimizing Android Malware Detection Via Ensemble Learning

2020 ◽  
Vol 14 (09) ◽  
pp. 61
Author(s):  
Abikoye Oluwakemi Christianah ◽  
Benjamin Aruwa Gyunka ◽  
Akande Noah Oluwatobi
Keyword(s):  
Random Forest ◽  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Ensemble Model ◽  
True Positive ◽  
Android Malware ◽  
Detection Model ◽  
Android Malware Detection ◽  
Positive Rate

<p>Android operating system has become very popular, with the highest market share, amongst all other mobile operating systems due to its open source nature and users friendliness. This has brought about an uncontrolled rise in malicious applications targeting the Android platform. Emerging trends of Android malware are employing highly sophisticated detection and analysis avoidance techniques such that the traditional signature-based detection methods have become less potent in their ability to detect new and unknown malware. Alternative approaches, such as the Machine learning techniques have taken the lead for timely zero-day anomaly detections.  The study aimed at developing an optimized Android malware detection model using ensemble learning technique. Random Forest, Support Vector Machine, and k-Nearest Neighbours were used to develop three distinct base models and their predictive results were further combined using Majority Vote combination function to produce an ensemble model. Reverse engineering procedure was employed to extract static features from large repository of malware samples and benign applications. WEKA 3.8.2 data mining suite was used to perform all the learning experiments. The results showed that Random Forest had a true positive rate of 97.9%, a false positive rate of 1.9% and was able to correctly classify instances with 98%, making it a strong base model. The ensemble model had a true positive rate of 98.1%, false positive rate of 1.8% and was able to correctly classify instances with 98.16%. The finding shows that, although the base learners had good detection results, the ensemble learner produced a better optimized detection model compared with the performances of those of the base learners.</p>

scholarly journals Symmetric-Key Cryptographic Routine Detection in Anti-Reverse Engineered Binaries Using Hardware Tracing

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 957 ◽  
Author(s):  
Juhyun Park ◽  
Yongsu Park
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
Experimental Results ◽  
Software Implementation ◽  
Detection Scheme ◽  
Prototype Implementation ◽  
Cryptographic Algorithms ◽  
Positive Rate ◽  
Symmetric Key

Software uses cryptography to provide confidentiality in communication and to provide authentication. Additionally, cryptographic algorithms can be used to protect software against cracking core algorithms in software implementation. Recently, malware and ransomware have begun to use encryption to protect their codes from analysis. As for the detection of cryptographic algorithms, previous works have had demerits in analyzing anti-reverse engineered binaries that can detect differences in analysis environments and normal execution. Here, we present a new symmetric-key cryptographic routine detection scheme using hardware tracing. In our experiments, patterns were successfully generated and detected for nine symmetric-key cryptographic algorithms. Additionally, the experimental results show that the false positive rate of our scheme is extremely low and the prototype implementation successfully bypasses anti-reversing techniques. Our work can be used to detect symmetric-key cryptographic routines in malware/ransomware with anti-reversing techniques.

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Patient-dependent epilepsy seizure detection using random forest classification over one-dimension transformed EEG data

2016 ◽  
Author(s):  
Marco A. Pinto-Orellana ◽  
Fábio R. Cerqueira
Keyword(s):  
Random Forest ◽  
False Positive Rate ◽  
Seizure Detection ◽  
Computational Method ◽  
One Dimension ◽  
Random Forest Classification ◽  
Envelope Detector ◽  
Forest Classification ◽  
Positive Rate ◽  
Pass Through

AbstractThis work presents a computational method for improving seizure detection for epilepsy diagnosis. Epilepsy isthe second most common neurological disease impacting between 40 and 50 million of patients in the world and it proper diagnosis using electroencephalographic signals implies a long and expensive process which involves medical specialists. The proposed system is a patient-dependent offline system which performs an automatic detection of seizures in brainwaves applying a random forest classifier. Features are extracted using one-dimension reduced information from a spectro-temporal transformation of the biosignals which pass through an envelope detector. The performance of this method reached 97.12% of specificity, 99.29% of sensitivity, and a 0.77 h−1 false positive rate. Thus, the method hereby proposed has great potential for diagnosis support in clinical environments.

scholarly journals Android Malware Detection Based on API Pairing

2020 ◽  
Vol 38 (5) ◽  
pp. 965-970
Author(s):  
Jun Guan ◽  
Huiying Liu ◽  
Baolei Mao ◽  
Xu Jiang
Keyword(s):  
Detection Method ◽  
Undirected Graph ◽  
Malware Detection ◽  
Experimental Results ◽  
Application Program Interface ◽  
Coarse Grained ◽  
Practical Significance ◽  
Android Malware ◽  
Android Malware Detection ◽  
Program Interface

Aiming at the problem that the permission-based detection is too coarse-grained, a malware detection method based on sensitive application program interface(API) pairing is proposed. The method decompiles the application to extract the sensitive APIs corresponding to the dangerous permissions, and uses the pairing of the sensitive APIs to construct the undirected graph of malicious applications and undirected graph of benign applications. According to the importance of sensitive APIs in malware and benign applications, different weights on the same edge in the different graphs are assigned to detect Android malicious applications. Experimental results show that the proposed method can effectively detect Android malicious applications and has practical significance.

A Realistic Seizure Prediction Study Based on Multiclass SVM

2017 ◽  
Vol 27 (03) ◽  
pp. 1750006 ◽  
Author(s):  
Bruno Direito ◽  
César A. Teixeira ◽  
Francisco Sales ◽  
Miguel Castelo-Branco ◽  
António Dourado
Keyword(s):  
Statistical Significance ◽  
False Positive Rate ◽  
Patient Specific ◽  
Support Vector ◽  
Seizure Prediction ◽  
Feature Sets ◽  
Scalp Eeg ◽  
Positive Rate ◽  
Eeg Recordings ◽  
Multiclass Svm

A patient-specific algorithm, for epileptic seizure prediction, based on multiclass support-vector machines (SVM) and using multi-channel high-dimensional feature sets, is presented. The feature sets, combined with multiclass classification and post-processing schemes aim at the generation of alarms and reduced influence of false positives. This study considers 216 patients from the European Epilepsy Database, and includes 185 patients with scalp EEG recordings and 31 with intracranial data. The strategy was tested over a total of 16,729.80[Formula: see text]h of inter-ictal data, including 1206 seizures. We found an overall sensitivity of 38.47% and a false positive rate per hour of 0.20. The performance of the method achieved statistical significance in 24 patients (11% of the patients). Despite the encouraging results previously reported in specific datasets, the prospective demonstration on long-term EEG recording has been limited. Our study presents a prospective analysis of a large heterogeneous, multicentric dataset. The statistical framework based on conservative assumptions, reflects a realistic approach compared to constrained datasets, and/or in-sample evaluations. The improvement of these results, with the definition of an appropriate set of features able to improve the distinction between the pre-ictal and nonpre-ictal states, hence minimizing the effect of confounding variables, remains a key aspect.

scholarly journals An Informative and Comprehensive Behavioral Characteristics Analysis Methodology of Android Application for Data Security in Brain-Machine Interfacing

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Xin Su ◽  
Qingbo Gong ◽  
Yi Zheng ◽  
Xuchong Liu ◽  
Kuan-Ching Li
Keyword(s):  
Signal Transmission ◽  
Malware Detection ◽  
Machine Learning Algorithms ◽  
Behavioral Characteristics ◽  
Android Application ◽  
Behavioral Characteristic ◽  
Android Malware ◽  
Android Malware Detection ◽  
Android App ◽  
Behavior Characteristics

Recently, brain-machine interfacing is very popular that link humans and artificial devices through brain signals which lead to corresponding mobile application as supplementary. The Android platform has developed rapidly because of its good user experience and openness. Meanwhile, these characteristics of this platform, which cause the amazing pace of Android malware, pose a great threat to this platform and data correction during signal transmission of brain-machine interfacing. Many previous works employ various behavioral characteristics to analyze Android application (or app) and detect Android malware to protect signal data secure. However, with the development of Android app, category of Android app tends to be diverse, and the Android malware behavior tends to be complex. This situation makes existing Android malware detections complicated and inefficient. In this paper, we propose a broad analysis, gathering as many behavior characteristics of an app as possible and compare these behavior characteristics in several metrics. First, we extract static and dynamic behavioral characteristic from Android app in an automatic manner. Second, we explain the decision we made in each kind of behavioral characteristic we choose for Android app analysis and Android malware detection. Third, we design a detailed experiment, which compare the efficiency of each kind of behavior characteristic in different aspects. The results of experiment also show Android malware detection performance of these behavior characteristics combine with well-known machine learning algorithms.

Sign in / Sign up

Export Citation Format

Share Document