The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and...The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.展开更多
隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法...隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法。在隐私政策分析阶段,基于Bi-GRU-CRF(Bi-directional Gated Recurrent Unit Conditional Random Field)神经网络,通过添加自定义标注库对模型进行增量训练,实现对隐私政策声明中的关键信息的提取;在敏感行为分析阶段,通过对敏感应用程序接口(API)调用进行分类、对输入敏感源列表中已分析过的敏感API调用进行删除,以及对已提取过的敏感路径进行标记的方法来优化IFDS(Interprocedural,Finite,Distributive,Subset)算法,使敏感行为分析结果与隐私政策描述的语言粒度相匹配,并且降低分析结果的冗余,提高分析效率;在一致性分析阶段,将本体之间的语义关系分为等价关系、从属关系和近似关系,并据此定义敏感行为与隐私政策一致性形式化模型,将敏感行为与隐私政策一致的情况分为清晰的表述和模糊的表述,将不一致的情况分为省略的表述、不正确的表述和有歧义的表述,最后根据所提基于语义相似度的一致性分析算法对敏感行为与隐私政策进行一致性分析。实验结果表明,对928个应用程序进行分析,在隐私政策分析正确率为97.34%的情况下,51.4%的Android应用程序存在应用实际敏感行为与隐私政策声明不一致的情况。展开更多
The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Andr...The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.展开更多
The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capable...The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.展开更多
文摘The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.
文摘隐私政策文档声明了应用程序需要获取的隐私信息,但不能保证清晰且完全披露应用获取的隐私信息类型,目前对应用实际敏感行为与隐私政策一致性分析的研究仍存在不足。针对上述问题,提出一种Android应用敏感行为与隐私政策一致性分析方法。在隐私政策分析阶段,基于Bi-GRU-CRF(Bi-directional Gated Recurrent Unit Conditional Random Field)神经网络,通过添加自定义标注库对模型进行增量训练,实现对隐私政策声明中的关键信息的提取;在敏感行为分析阶段,通过对敏感应用程序接口(API)调用进行分类、对输入敏感源列表中已分析过的敏感API调用进行删除,以及对已提取过的敏感路径进行标记的方法来优化IFDS(Interprocedural,Finite,Distributive,Subset)算法,使敏感行为分析结果与隐私政策描述的语言粒度相匹配,并且降低分析结果的冗余,提高分析效率;在一致性分析阶段,将本体之间的语义关系分为等价关系、从属关系和近似关系,并据此定义敏感行为与隐私政策一致性形式化模型,将敏感行为与隐私政策一致的情况分为清晰的表述和模糊的表述,将不一致的情况分为省略的表述、不正确的表述和有歧义的表述,最后根据所提基于语义相似度的一致性分析算法对敏感行为与隐私政策进行一致性分析。实验结果表明,对928个应用程序进行分析,在隐私政策分析正确率为97.34%的情况下,51.4%的Android应用程序存在应用实际敏感行为与隐私政策声明不一致的情况。
基金supported by the National Natural Science Foundation of China(62072255)。
文摘The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.
基金Princess Nourah bint Abdulrahman University and Researchers Supporting Project Number(PNURSP2024R346)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.