scholarly journals Out-of-sample Node Representation Learning for Heterogeneous Graph in Real-time Android Malware Detection

2019 ◽  
Author(s):  
Yanfang Ye ◽  
Shifu Hou ◽  
Lingwei Chen ◽  
Jingwei Lei ◽  
Wenqiang Wan ◽  
...  
Keyword(s):  
Real Time ◽  
Large Scale ◽  
Malware Detection ◽  
Application Programming Interface ◽  
Representation Learning ◽  
Android Malware ◽  
Android Apps ◽  
Android Malware Detection ◽  
Out Of Sample ◽  
Application Programming

The increasingly sophisticated Android malware calls for new defensive techniques that are capable of protecting mobile users against novel threats. In this paper, we first extract the runtime Application Programming Interface (API) call sequences from Android apps, and then analyze higher-level semantic relations within the ecosystem to comprehensively characterize the apps. To model different types of entities (i.e., app, API, device, signature, affiliation) and rich relations among them, we present a structured heterogeneous graph (HG) for modeling. To efficiently classify nodes (e.g., apps) in the constructed HG, we propose the HG-Learning method to first obtain in-sample node embeddings and then learn representations of out-of-sample nodes without rerunning/adjusting HG embeddings at the first attempt. We later design a deep neural network classifier taking the learned HG representations as inputs for real-time Android malware detection. Comprehensive experiments on large-scale and real sample collections from Tencent Security Lab are performed to compare various baselines. Promising results demonstrate that our developed system AiDroid which integrates our proposed method outperforms others in real-time Android malware detection.

scholarly journals Make Evasion Harder: An Intelligent Android Malware Detection System

2018 ◽  
Author(s):  
Shifu Hou ◽  
Yanfang Ye ◽  
Yangqiu Song ◽  
Melih Abdulhayoglu
Keyword(s):  
Detection System ◽  
Malware Detection ◽  
Semantic Relatedness ◽  
Application Programming Interface ◽  
Android Malware ◽  
Detection Techniques ◽  
Android Apps ◽  
Android Malware Detection ◽  
Meta Path ◽  
Application Programming

To combat the evolving Android malware attacks, in this paper, instead of only using Application Programming Interface (API) calls, we further analyze the different relationships between them and create higher-level semantics which require more efforts for attackers to evade the detection. We represent the Android applications (apps), related APIs, and their rich relationships as a structured heterogeneous information network (HIN). Then we use a meta-path based approach to characterize the semantic relatedness of apps and APIs. We use each meta-path to formulate a similarity measure over Android apps, and aggregate different similarities using multi-kernel learning to make predictions. Promising experimental results based on real sample collections from Comodo Cloud Security Center demonstrate that our developed system HinDroid outperforms other alternative Android malware detection techniques.

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Heterogeneous Graph Convolutional Networks for Android Malware Detection using Callback-Aware Caller-Callee Graphs

2021 ◽  
Author(s):  
Vinayaka K V ◽  
Jaidhar C D
Keyword(s):  
Malware Detection ◽  
Application Programming Interface ◽  
Extraction Methods ◽  
Android Application ◽  
Convolutional Network ◽  
Android Malware ◽  
Detection Model ◽  
Convolutional Networks ◽  
Android Malware Detection ◽  
Ablation Study

<pre> The popularity of the Android Operating System in the smartphone market has given rise to lots of Android malware. To accurately detect these malware, many of the existing works use machine learning and deep learning-based methods, in which feature extraction methods were used to extract fixed-size feature vectors using the files present inside the Android Application Package (APK). Recently, Graph Convolutional Network (GCN) based methods applied on the Function Call Graph (FCG) extracted from the APK are gaining momentum in Android malware detection, as GCNs are effective at learning tasks on variable-sized graphs such as FCG, and FCG sufficiently captures the structure and behaviour of an APK. However, the FCG lacks information about callback methods as the Android Application Programming Interface (API) is event-driven. This paper proposes enhancing the FCG to eFCG (enhanced-FCG) using the callback information extracted using Android Framework Space Analysis to overcome this limitation. Further, we add permission - API method relationships to the eFCG. The eFCG is reduced using node contraction based on the classes to get R-eFCG (Reduced eFCG) to improve the generalisation ability of the Android malware detection model. The eFCG and R-eFCG are then given as the inputs to the Heterogeneous GCN models to determine whether the APK file from which they are extracted is malicious or not. To test the effectiveness of eFCG and R-eFCG, we conducted an ablation study by removing their various components. To determine the optimal neighbourhood size for GCN, we experimented with a varying number of GCN layers and found that the Android malware detection model using R-eFCG with all its components with four convolution layers achieved maximum accuracy of 96.28%.</pre>

scholarly journals Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Xin Wang ◽  
Dafang Zhang ◽  
Xin Su ◽  
Wenjia Li
Keyword(s):  
Machine Learning ◽  
Information Fusion ◽  
Malware Detection ◽  
Parallel Machine ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Android Malware ◽  
Detection Model ◽  
Android Apps ◽  
Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

scholarly journals Android Malware Detection Based on Structural Features of the Function Call Graph

Electronics ◽  
2021 ◽  
Vol 10 (2) ◽  
pp. 186
Author(s):  
Yang Yang ◽  
Xuehui Du ◽  
Zhi Yang ◽  
Xing Liu
Keyword(s):  
Malware Detection ◽  
Structural Features ◽  
Coarse Grained ◽  
Detection Methods ◽  
Convolutional Network ◽  
Android Malware ◽  
Call Graph ◽  
Android Apps ◽  
Android Malware Detection ◽  
Function Call

The openness of Android operating system not only brings convenience to users, but also leads to the attack threat from a large number of malicious applications (apps). Thus malware detection has become the research focus in the field of mobile security. In order to solve the problem of more coarse-grained feature selection and larger feature loss of graph structure existing in the current detection methods, we put forward a method named DGCNDroid for Android malware detection, which is based on the deep graph convolutional network. Our method starts by generating a function call graph for the decompiled Android application. Then the function call subgraph containing the sensitive application programming interface (API) is extracted. Finally, the function call subgraphs with structural features are trained as the input of the deep graph convolutional network. Thus the detection and classification of malicious apps can be realized. Through experimentation on a dataset containing 11,120 Android apps, the method proposed in this paper can achieve detection accuracy of 98.2%, which is higher than other existing detection methods.

scholarly journals A Comprehensive Study of Malware Detection in Android Operating Systems

2021 ◽  
pp. 30-46
Author(s):  
Suhaib Jasim Hamdi ◽  
Ibrahim Mahmood Ibrahim ◽  
Naaman Omar ◽  
Omar M. Ahmed ◽  
Zryan Najat Rashid ◽  
...  
Keyword(s):  
Machine Learning ◽  
Malware Detection ◽  
Detailed Comparison ◽  
Detection Methods ◽  
Current Status ◽  
Android Malware ◽  
Detection Techniques ◽  
Android Apps ◽  
Android Malware Detection ◽  
Wide Range

Android is now the world's (or one of the world’s) most popular operating system. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices are incorporated in many aspects of our everyday lives. This  paper gives a detailed comparison that summarizes and analyses various detection techniques. This work examines the current status of Android malware detection methods, with an emphasis on Machine Learning-based classifiers for detecting malicious software on Android devices. Android has a huge number of apps that may be downloaded and used for free. Consequently, Android phones are more susceptible to malware. As a result, additional research has been done in order to develop effective malware detection methods. To begin, several of the currently available Android malware detection approaches are carefully examined and classified based on their detection methodologies. This study examines a wide range of machine-learning-based methods to detecting Android malware covering both types dynamic and static.

scholarly journals Runtime Detection Framework for Android Malware

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
TaeGuen Kim ◽  
BooJoong Kang ◽  
Eul Gyu Im
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Suffix Tree ◽  
Malware Detection ◽  
Application Programming Interface ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Dynamic Features ◽  
Android Malware ◽  
Android Malware Detection

As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework.

scholarly journals Android Malware Detection via Graph Representation Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Pengbin Feng ◽  
Jianfeng Ma ◽  
Teng Li ◽  
Xindi Ma ◽  
Ning Xi ◽  
...  
Keyword(s):  
Neural Network ◽  
Semantic Information ◽  
Malware Detection ◽  
Representation Learning ◽  
Graph Representation ◽  
Security Level ◽  
Android Malware ◽  
Code Coverage ◽  
Android Malware Detection ◽  
Detection Approach

With the widespread usage of Android smartphones in our daily lives, the Android platform has become an attractive target for malware authors. There is an urgent need for developing an automatic malware detection approach to prevent the spread of malware. The low code coverage and poor efficiency of the dynamic analysis limit the large-scale deployment of malware detection methods based on dynamic features. Therefore, researchers have proposed a plethora of detection approaches based on abundant static features to provide efficient malware detection. This paper explores the direction of Android malware detection based on graph representation learning. Without complex feature graph construction, we propose a new Android malware detection approach based on lightweight static analysis via the graph neural network (GNN). Instead of directly extracting Application Programming Interface (API) call information, we further analyze the source code of Android applications to extract high-level semantic information, which increases the barrier of evading detection. Particularly, we construct approximate call graphs from function invocation relationships within an Android application to represent this application and further extract intrafunction attributes, including required permission, security level, and Smali instructions’ semantic information via Word2Vec, to form the node attributes within graph structures. Then, we use the graph neural network to generate a vector representation of the application, and then malware detection is performed on this representation space. We conduct experiments on real-world application samples. The experimental results demonstrate that our approach implements high effective malware detection and outperforms state-of-the-art detection approaches.

scholarly journals A State of Art Survey for Understanding Malware Detection Approaches in Android Operating System

2021 ◽  
pp. 44-60
Author(s):  
Suhaib Jasim Hamdi ◽  
Naaman Omar ◽  
Adel AL-zebari ◽  
Karwan Jameel Merceedi ◽  
Abdulraheem Jamil Ahmed ◽  
...  
Keyword(s):  
Machine Learning ◽  
Operating System ◽  
Malware Detection ◽  
Personal Digital Assistants ◽  
Android Malware ◽  
Detection Techniques ◽  
Android Apps ◽  
Digital World ◽  
Android Malware Detection ◽  
Android Applications

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. Android is now the world's most popular OS. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. Android applications are developing rapidly across the mobile ecosystem, but Android malware is also emerging in an endless stream. Many researchers have studied the problem of Android malware detection and have put forward theories and methods from different perspectives. Existing research suggests that machine learning is an effective and promising way to detect Android malware. Notwithstanding, there exist reviews that have surveyed different issues related to Android malware detection based on machine learning. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices, they are incorporated in many aspects of our everyday lives. In today’s digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. Android OS, which is the most prevalent operating system (OS), has enjoyed immense popularity for smart phones over the past few years. Seizing this opportunity, cybercrime will occur in the form of piracy and malware. Traditional detection does not suffice to combat newly created advanced malware. So, there is a need for smart malware detection systems to reduce malicious activities risk. The present paper includes a thorough comparison that summarizes and analyses the various detection techniques.

Sign in / Sign up

Export Citation Format

Share Document