R-MFDroid: Android Malware Detection using Ranked Manifest File Components

With the increasing fame of Android OS over the past few years, the quantity of malware assaults on Android has additionally expanded. In the year 2018, around 28 million malicious applications were found on the Android platform and these malicious apps were capable of causing huge financial losses and information leakage. Such threats, caused due to these malicious apps, call for a proper detection system for Android malware. There exist some research works that aim to study static manifest components for malware detection. However, to the best of our knowledge, none of the previous research works have aimed to find the best set amongst different manifest file components for malware detection. In this work, we focus on identifying the best feature set from manifest file components (Permissions, Intents, Hardware Components, Activities, Services, Broadcast Receivers, and Content Providers) that could give better detection accuracy. We apply Information Gain to rank the manifest file components intending to find the best set of components that can better classify between malware applications and benign applications. We put forward a novel algorithm to find the best feature set by using various machine learning classifiers like SVM, XGBoost, and Random Forest along with deep learning techniques like classification using Neural networks. The experimental results highlight that the best set obtained from the proposed algorithm consisted of 25 features, i.e., 5 Permissions, 2 Intents, 9 Activities, 3 Content Providers, 4 Hardware Components, 1 Service, and 1 Broadcast Receiver. The SVM classifier gave the highest classification accuracy of 96.93% and an F1-Score of 0.97 with this best set of 25 features.

Download Full-text

SFDroid: Android Malware Detection using Ranked Static Features

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a5804.0510121 ◽

2021 ◽

Vol 10 (1) ◽

pp. 142-152

Author(s):

Gourav Garg ◽

Ashutosh Sharma* ◽

Anshul Arora

Keyword(s):

Malware Detection ◽

Information Leakage ◽

Detection Accuracy ◽

Financial Loss ◽

Android Malware ◽

Android Malware Detection ◽

Proposed Model ◽

Support Threshold ◽

Malicious Apps ◽

Work First

Over the past few years, malware attacks have risen in huge numbers on the Android platform. Significant threats are posed by these attacks which may cause financial loss, information leakage, and damage to the system. Around 25 million smartphones were infected with malware within the first half of 2019 that depicts the seriousness of these attacks. Taking into account the danger posed by the Android malware to the users' community, we aim to develop a static Android malware detector named SFDroid that analyzes manifest file components for malware detection. In this work, first, the proposed model ranks the manifest features according to their frequency in normal and malicious apps. This helps us to identify the significant features present in normal and malware datasets. Additionally, we apply support thresholds to remove the unnecessary and redundant features from the rankings. Further, we propose a novel algorithm that uses the ranked features, and several machine learning classifiers to detect Android malware. The experimental results demonstrate that by using the Random Forest classifier at 10% support threshold, the proposed model gives a detection accuracy of 95.90% with 36 manifest components.

Download Full-text

Significant Permission Identification for Machine Learning Based Android Malware Detection

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.37673 ◽

2021 ◽

Vol 9 (8) ◽

pp. 2284-2288

Keyword(s):

Machine Learning ◽

Support Vector Machine ◽

Detection System ◽

Malware Detection ◽

System Level ◽

Support Vector ◽

Android Malware ◽

Android Malware Detection ◽

Malicious Apps ◽

Baseline Approach

Abstract: The dreadful rate of growth of malicious apps has become a significant issue that sets back the prosperous mobile scheme. A recent report indicates that a brand new malicious app for golem is introduced each ten seconds. To combat this serious malware campaign, we'd like a scalable malware detection approach that may effectively and expeditiously determine malware apps. varied malware detection tools are developed, together with system-level and network-level approaches. However, scaling the detection for an outsized bundle of apps remains a difficult task. during this paper, we tend to introduce SIGPID, a malware detection system supported permission usage analysis to address the speedy increase within the range of golem malware. rather than extracting and analyzing all golem permissions, we tend to develop 3-levels of pruning by mining the permission information to spot the foremost important permissions that may be effective in identifying between benign and malicious apps. SIGPID then utilizes machine-learning based mostly classification ways to classify totally different families of malware and benign apps. Our analysis finds that solely twenty two permissions square measure important. we tend to then compare the performance of our approach, victimisation solely twenty two permissions, against a baseline approach that analyzes all permissions. The results indicate that once Support Vector Machine (SVM) is employed because the classifier, we are able to bring home the bacon over ninetieth of preciseness, recall, accuracy, and F-measure, that square measure concerning constant as those created by the baseline approach whereas acquisition the analysis times that square measure four to thirty two times but those of victimisation all permissions. Compared against alternative progressive approaches, SIGPID is more practical by sleuthing ninety three.62% of malware within the information set, and 91.4% unknown/new malware samples. Keywords: SIGPID (Significant Permission Identification), SVM(Support Vector Machine), Android, Malware, Benign, Data pruning

Download Full-text

DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks

2018 IEEE European Symposium on Security and Privacy (EuroS&P) ◽

10.1109/eurosp.2018.00040 ◽

2018 ◽

Cited By ~ 19

Author(s):

Ke Xu ◽

Yingjiu Li ◽

Robert H. Deng ◽

Kai Chen

Keyword(s):

Neural Networks ◽

Deep Neural Networks ◽

Detection System ◽

Malware Detection ◽

Android Malware ◽

Android Malware Detection

Download Full-text

An Android Malware Detection System Based on Feature Fusion

Chinese Journal of Electronics ◽

10.1049/cje.2018.09.008 ◽

2018 ◽

Vol 27 (6) ◽

pp. 1206-1213 ◽

Cited By ~ 4

Author(s):

Jian Li ◽

Zheng Wang ◽

Tao Wang ◽

Jinghao Tang ◽

Yuguang Yang ◽

...

Keyword(s):

Feature Fusion ◽

Detection System ◽

Malware Detection ◽

Android Malware ◽

Android Malware Detection

Download Full-text

Permission Sensitivity-Based Malicious Application Detection for Android

Security and Communication Networks ◽

10.1155/2021/6689486 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yubo Song ◽

Yijin Geng ◽

Junbo Wang ◽

Shang Gao ◽

Wei Shi

Keyword(s):

Detection Method ◽

Malware Detection ◽

Feature Selection Method ◽

Machine Learning Algorithms ◽

Detection Methods ◽

Detection Accuracy ◽

Android Malware ◽

Android Malware Detection ◽

Private Data ◽

Weight Allocation

Since a growing number of malicious applications attempt to steal users’ private data by illegally invoking permissions, application stores have carried out many malware detection methods based on application permissions. However, most of them ignore specific permission combinations and application categories that affect the detection accuracy. The features they extracted are neither representative enough to distinguish benign and malicious applications. For these problems, an Android malware detection method based on permission sensitivity is proposed. First, for each kind of application categories, the permission features and permission combination features are extracted. The sensitive permission feature set corresponding to each category label is then obtained by the feature selection method based on permission sensitivity. In the following step, the permission call situation of the application to be detected is compared with the sensitive permission feature set, and the weight allocation method is used to quantify this information into numerical features. In the proposed method of malicious application detection, three machine-learning algorithms are selected to construct the classifier model and optimize the parameters. Compared with traditional methods, the proposed method consumed 60.94% less time while still achieving high accuracy of up to 92.17%.

Download Full-text

A Malicious Android Malware Detection System based on Implicit Relationship Mining

2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) ◽

10.1109/cscloud-edgecom52276.2021.00021 ◽

2021 ◽

Author(s):

Zijun Xu ◽

Meng Li ◽

Yiming Hei ◽

Peiran Li ◽

Jianwei Liu

Keyword(s):

Detection System ◽

Malware Detection ◽

Android Malware ◽

Android Malware Detection

Download Full-text

Towards Deep Learning-Based Approach for Detecting Android Malware

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch096 ◽

2021 ◽

pp. 2193-2219

Author(s):

Jarrett Booz ◽

Josh McGiff ◽

William G. Hatcher ◽

Wei Yu ◽

James Nguyen ◽

...

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Learning Environment ◽

Malware Detection ◽

Extensive Study ◽

Detection Accuracy ◽

Android Malware ◽

Android Malware Detection ◽

Mobile Malware Detection ◽

Optimal Settings

In this article, the authors implement a deep learning environment and fine-tune parameters to determine the optimal settings for the classification of Android malware from extracted permission data. By determining the optimal settings, the authors demonstrate the potential performance of a deep learning environment for Android malware detection. Specifically, an extensive study is conducted on various hyper-parameters to determine optimal configurations, and then a performance evaluation is carried out on those configurations to compare and maximize detection accuracy in our target networks. The results achieve a detection accuracy of approximately 95%, with an approximate F1 score of 93%. In addition, the evaluation is extended to include other machine learning frameworks, specifically comparing Microsoft Cognitive Toolkit (CNTK) and Theano with TensorFlow. The future needs are discussed in the realm of machine learning for mobile malware detection, including adversarial training, scalability, and the evaluation of additional data and features.

Download Full-text

Decision tree based android malware detection system

2018 26th Signal Processing and Communications Applications Conference (SIU) ◽

10.1109/siu.2018.8404151 ◽

2018 ◽

Cited By ~ 3

Author(s):

Anil Utku ◽

Ibrahim Alper Dogru ◽

M. Ali Akcayol

Keyword(s):

Decision Tree ◽

Detection System ◽

Malware Detection ◽

Android Malware ◽

Android Malware Detection

Download Full-text

Adversarial Samples on Android Malware Detection Systems for IoT Systems

Sensors ◽

10.3390/s19040974 ◽

2019 ◽

Vol 19 (4) ◽

pp. 974 ◽

Cited By ~ 10

Author(s):

Xiaolei Liu ◽

Xiaojiang Du ◽

Xiaosong Zhang ◽

Qingxin Zhu ◽

Hao Wang ◽

...

Keyword(s):

Detection System ◽

Fitness Function ◽

Malware Detection ◽

Security Analysis ◽

Machine Learning Algorithms ◽

Android Malware ◽

Testing Framework ◽

Detection Systems ◽

Android Malware Detection ◽

Iot Devices

Many IoT (Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a testing framework for learning-based Android malware detection systems (TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android application with a success rate of nearly 100% and can perform black-box testing on the system.

Download Full-text

Linear SVM-Based Android Malware Detection for Reliable IoT Services

Journal of Applied Mathematics ◽

10.1155/2014/594501 ◽

2014 ◽

Vol 2014 ◽

pp. 1-10 ◽

Cited By ~ 35

Author(s):

Hyo-Sik Ham ◽

Hwan-Hee Kim ◽

Myung-Sup Kim ◽

Mi-Jung Choi

Keyword(s):

Machine Learning ◽

Mobile Devices ◽

Malware Detection ◽

Information Leakage ◽

Support Vector ◽

Android Malware ◽

Machine Learning Classifiers ◽

Android Malware Detection ◽

Learning Classifiers ◽

Linear Svm

Current many Internet of Things (IoT) services are monitored and controlled through smartphone applications. By combining IoT with smartphones, many convenient IoT services have been provided to users. However, there are adverse underlying effects in such services including invasion of privacy and information leakage. In most cases, mobile devices have become cluttered with important personal user information as various services and contents are provided through them. Accordingly, attackers are expanding the scope of their attacks beyond the existing PC and Internet environment into mobile devices. In this paper, we apply a linear support vector machine (SVM) to detect Android malware and compare the malware detection performance of SVM with that of other machine learning classifiers. Through experimental validation, we show that the SVM outperforms other machine learning classifiers.

Download Full-text