Detecting Android Malware and Classifying Its Families in Large-scale Datasets

To relieve the burden of security analysts, Android malware detection and its family classification need to be automated. There are many previous works focusing on using machine (or deep) learning technology to tackle these two important issues, but as the number of mobile applications has increased in recent years, developing a scalable and precise solution is a new challenge that needs to be addressed in the security field. Accordingly, in this article, we propose a novel approach that not only enhances the performance of both Android malware and its family classification, but also reduces the running time of the analysis process. Using large-scale datasets obtained from different sources, we demonstrate that our method is able to output a high F-measure of 99.71% with a low FPR of 0.37%. Meanwhile, the computation time for processing a 300K dataset is reduced to nearly 3.3 hours. In addition, in classification evaluation, we demonstrate that the F-measure, precision, and recall are 97.5%, 96.55%, 98.64%, respectively, when classifying 28 malware families. Finally, we compare our method with previous studies in both detection and classification evaluation. We observe that our method produces better performance in terms of its effectiveness and efficiency.

Understanding Deep Learning Architecture to Various Problems of Cyber Security

Traditional machine learning has evolved into deep learning. It's capable of extracting the best feature representation from raw input samples. Intrusion detection, malware classification, Android malware detection, spam and phishing detection, and binary analysis are just a few examples of how this has been used in cyber security. Deep auto encoders, limited Boltzmann machines, recurrent neural networks, generative adversarial networks, and other DL methods are all described in this study in a brief tutorial-style method. After that, we'll go over how each of the DL methods is employed in security applications. Keywords: Machine, Cyber, Security, Architecture, Technology.

FG-Droid: Grouping Based Feature Size Reduction for Android Malware Detection through Machine Learning

The number of applications prepared for use on mobile devices has increased rapidly with the widespread use of the Android OS. This has resulted in the undesired installation of Android apks that violate user privacy or malicious. The increasing similarity between Android malware and benign applications makes it difficult to distinguish them from each other and causes a situation of concern for users. In this study, FG-Droid, a machine-learning based classifier with an efficient working system, using the method of grouping the features obtained by static analysis, was proposed. It was created as a result of experiments with Machine learning (ML), DNN, RNN, LSTM and GRU based models using Drebin, Genome and Arslan datasets. Experimental results reveal that FG-Droid has achieved 97.7% AUC score with a vector includes only 11 static features, and ExtraTree algorithm. FG-Droid analyze the applications with using the least number of features compare to previous studies, and required the least processing time for training and prediction. As a result, it has been shown that Android malware can be detected in high accuracy rate with an effective feature set and there is no need to use a large number of features extracted with different techniques (static, dynamic or hybrid).

A Method for Class-Imbalance Learning in Android Malware Detection

More and more Android application developers are adopting many different methods against reverse engineering, such as adding a shell, resulting in certain features that cannot be obtained through decompilation, which causes a serious sample imbalance in Android malware detection based on machine learning. Hence, the researchers have focused on how to solve class-imbalance to improve the performance of Android malware detection. However, the disadvantages of the existing class-imbalance learning are mainly the loss of valuable samples and the computational cost. In this paper, we propose a method of Class-Imbalance Learning (CIL), which first selects representative features, uses the clustering K-Means algorithm and under-sampling to retain the important samples of the majority class while reducing the number of samples of the majority class. After that, we use the Synthetic Minority Over-Sampling Technique (SMOTE) algorithm to generate minority class samples for data balance, and finally use the Random Forest (RF) algorithm to build a malware detection model. The result of experiments indicates that CIL effectively improves the performance of Android malware detection based on machine learning, especially for class imbalance. Compared with existing class-imbalance learning methods, CIL is also effective for the Machine Learning Repository from the University of California, Irvine (UCI) and has better performance in some data sets.