期刊文献+
共找到12篇文章
< 1 >
每页显示 20 50 100
An Attention-Based Approach to Enhance the Detection and Classification of Android Malware
1
作者 Abdallah Ghourabi 《Computers, Materials & Continua》 SCIE EI 2024年第8期2743-2760,共18页
The dominance of Android in the global mobile market and the open development characteristics of this platform have resulted in a significant increase in malware.These malicious applications have become a serious conc... The dominance of Android in the global mobile market and the open development characteristics of this platform have resulted in a significant increase in malware.These malicious applications have become a serious concern to the security of Android systems.To address this problem,researchers have proposed several machine-learning models to detect and classify Android malware based on analyzing features extracted from Android samples.However,most existing studies have focused on the classification task and overlooked the feature selection process,which is crucial to reduce the training time and maintain or improve the classification results.The current paper proposes a new Android malware detection and classification approach that identifies the most important features to improve classification performance and reduce training time.The proposed approach consists of two main steps.First,a feature selection method based on the Attention mechanism is used to select the most important features.Then,an optimized Light Gradient Boosting Machine(LightGBM)classifier is applied to classify the Android samples and identify the malware.The feature selection method proposed in this paper is to integrate an Attention layer into a multilayer perceptron neural network.The role of the Attention layer is to compute the weighted values of each feature based on its importance for the classification process.Experimental evaluation of the approach has shown that combining the Attention-based technique with an optimized classification algorithm for Android malware detection has improved the accuracy from 98.64%to 98.71%while reducing the training time from 80 to 28 s. 展开更多
关键词 android malware malware detection feature selection attention mechanism LightGBM mobile security
下载PDF
Outsmarting Android Malware with Cutting-Edge Feature Engineering and Machine Learning Techniques
2
作者 Ahsan Wajahat Jingsha He +4 位作者 Nafei Zhu Tariq Mahmood Tanzila Saba Amjad Rehman Khan Faten S.A.lamri 《Computers, Materials & Continua》 SCIE EI 2024年第4期651-673,共23页
The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capable... The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security. 展开更多
关键词 android malware detection machine learning SVC K-Nearest Neighbors(KNN) RF
下载PDF
DCEL:classifier fusion model for Android malware detection
3
作者 XU Xiaolong JIANG Shuai +1 位作者 ZHAO Jinbo WANG Xinheng 《Journal of Systems Engineering and Electronics》 SCIE EI CSCD 2024年第1期163-177,共15页
The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Andr... The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost. 展开更多
关键词 android malware detection deep learning ensemble learning model fusion
下载PDF
Explainable Classification Model for Android Malware Analysis Using API and Permission-Based Features
4
作者 Nida Aslam Irfan Ullah Khan +5 位作者 Salma Abdulrahman Bader Aisha Alansari Lama Abdullah Alaqeel Razan Mohammed Khormy Zahra Abdultawab AlKubaish Tariq Hussain 《Computers, Materials & Continua》 SCIE EI 2023年第9期3167-3188,共22页
One of the most widely used smartphone operating systems,Android,is vulnerable to cutting-edge malware that employs sophisticated logic.Such malware attacks could lead to the execution of unauthorized acts on the vict... One of the most widely used smartphone operating systems,Android,is vulnerable to cutting-edge malware that employs sophisticated logic.Such malware attacks could lead to the execution of unauthorized acts on the victims’devices,stealing personal information and causing hardware damage.In previous studies,machine learning(ML)has shown its efficacy in detecting malware events and classifying their types.However,attackers are continuously developing more sophisticated methods to bypass detection.Therefore,up-to-date datasets must be utilized to implement proactive models for detecting malware events in Android mobile devices.Therefore,this study employed ML algorithms to classify Android applications into malware or goodware using permission and application programming interface(API)-based features from a recent dataset.To overcome the dataset imbalance issue,RandomOverSampler,synthetic minority oversampling with tomek links(SMOTETomek),and RandomUnderSampler were applied to the Dataset in different experiments.The results indicated that the extra tree(ET)classifier achieved the highest accuracy of 99.53%within an elapsed time of 0.0198 s in the experiment that utilized the RandomOverSampler technique.Furthermore,the explainable Artificial Intelligence(EAI)technique has been applied to add transparency to the high-performance ET classifier.The global explanation using the Shapely values indicated that the top three features contributing to the goodware class are:Ljava/net/URL;->openConnection,Landroid/location/LocationManager;->getLastKgoodwarewnLocation,and Vibrate.On the other hand,the top three features contributing to themalware class are Receive_Boot_Completed,Get_Tasks,and Kill_Background_Processes.It is believed that the proposedmodel can contribute to proactively detectingmalware events in Android devices to reduce the number of victims and increase users’trust. 展开更多
关键词 android malware machine learning malware detection explainable artificial intelligence cyber security
下载PDF
Swarm Optimization and Machine Learning for Android Malware Detection 被引量:1
5
作者 K.Santosh Jhansi P.Ravi Kiran Varma Sujata Chakravarty 《Computers, Materials & Continua》 SCIE EI 2022年第12期6327-6345,共19页
Malware Security Intelligence constitutes the analysis of applications and their associated metadata for possible security threats.Application Programming Interfaces(API)calls contain valuable information that can hel... Malware Security Intelligence constitutes the analysis of applications and their associated metadata for possible security threats.Application Programming Interfaces(API)calls contain valuable information that can help with malware identification.The malware analysis with reduced feature space helps for the efficient identification of malware.The goal of this research is to find the most informative features of API calls to improve the android malware detection accuracy.Three swarm optimization methods,viz.,Ant Lion Optimization(ALO),Cuckoo Search Optimization(CSO),and Firefly Optimization(FO)are applied to API calls using auto-encoders for identification of most influential features.The nature-inspired wrapperbased algorithms are evaluated using well-known Machine Learning(ML)classifiers such as Linear Regression(LR),Decision Tree(DT),Random Forest(RF),K-Nearest Neighbor(KNN)&SupportVector Machine(SVM).A hybrid Artificial Neuronal Classifier(ANC)is proposed for improving the classification of android malware.The experimental results yielded an accuracy of 98.87%with just seven features out of hundred API call features,i.e.,a massive 93%of data optimization. 展开更多
关键词 android malware API calls auto-encoders ant lion optimization cuckoo search optimization firefly optimization artificial neural networks artificial neuronal classifier
下载PDF
High Performance Classification of Android Malware Using Ensemble Machine Learning
6
作者 Pagnchakneat C.Ouk Wooguil Pak 《Computers, Materials & Continua》 SCIE EI 2022年第7期381-398,共18页
Although Android becomes a leading operating system in market,Android users suffer from security threats due to malwares.To protect users from the threats,the solutions to detect and identify the malware variant are e... Although Android becomes a leading operating system in market,Android users suffer from security threats due to malwares.To protect users from the threats,the solutions to detect and identify the malware variant are essential.However,modern malware evades existing solutions by applying code obfuscation and native code.To resolve this problem,we introduce an ensemble-based malware classification algorithm using malware family grouping.The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number.It also adopts unified feature extraction technique for handling seamless both bytecode and native code.We propose a unique feature selection algorithm that improves classification performance and time simultaneously.2-gram based features are generated from the instructions and segments,and then selected by using multiple filters to choose most effective features.Through extensive simulation with many obfuscated and native code malware applications,we confirm that it can classify malwares with high accuracy and short processing time.Most existing approaches failed to achieve classification speed and detection time simultaneously.Therefore,the approach can help Android users to keep themselves safe from various and evolving cyber-attacks very effectively. 展开更多
关键词 android malware classification family grouping native code OBFUSCATION unified feature extraction
下载PDF
Unified Detection of Obfuscated and Native Android Malware
7
作者 Pagnchakneat C.Ouk Wooguil Pak 《Computers, Materials & Continua》 SCIE EI 2022年第2期3099-3116,共18页
The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection... The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed.Despite these efforts,however,most systems can be thwarted by sophisticated Androidmalware adopting obfuscation or native code to avoid discovery by anti-virus tools.In this paper,we propose a new static analysis technique to address the problems of obfuscating and native malware applications.The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate.Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy,low false positive rate,and high detection rate. 展开更多
关键词 android malware detection native code OBFUSCATION unified feature extraction
下载PDF
Android malware category detection using a novel feature vector‑based machine learning model
8
作者 Hashida Haidros Rahima Manzil S.Manohar Naik 《Cybersecurity》 EI CSCD 2023年第3期74-84,共11页
Malware attacks on the Android platform are rapidly increasing due to the high consumer adoption of Android smartphones.Advanced technologies have motivated cyber-criminals to actively create and disseminate a wide ra... Malware attacks on the Android platform are rapidly increasing due to the high consumer adoption of Android smartphones.Advanced technologies have motivated cyber-criminals to actively create and disseminate a wide range of malware on Android smartphones.The researchers have conducted numerous studies on the detection of Android malware,but the majority of the works are based on the detection of generic Android malware.The detection based on malware categories will provide more insights about the malicious patterns of the malware.Therefore,this paper presents a detection solution for different Android malware categories,including adware,banking,SMS malware,and riskware.In this paper,a novel Huffman encoding-based feature vector generation technique is proposed.The experiments have proved that this novel approach significantly improves the efficiency of the detection model.This method makes use of system call frequencies as features to extract malware’s dynamic behavior patterns.The proposed model was evaluated using machine learning and deep learning methods.The results show that the proposed model with the Random Forest classifier outperforms some existing methodologies with a detection accuracy of 98.70%. 展开更多
关键词 android malware Dynamic analysis malware category Huffman codin
原文传递
Droid Detector:Android Malware Characterization and Detection Using Deep Learning 被引量:37
9
作者 Zhenlong Yuan Yongqiang Lu Yibo Xue 《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2016年第1期114-123,共10页
Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares a... Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection. 展开更多
关键词 android security malware detection characterization deep learning association rules mining
原文传递
Malware Evasion Attacks Against IoT and Other Devices: An Empirical Study
10
作者 Yan Xu Deqiang Li +1 位作者 Qianmu Li Shouhuai Xu 《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2024年第1期127-142,共16页
The Internet of Things(loT)has grown rapidly due to artificial intelligence driven edge computing.While enabling many new functions,edge computing devices expand the vulnerability surface and have become the target of... The Internet of Things(loT)has grown rapidly due to artificial intelligence driven edge computing.While enabling many new functions,edge computing devices expand the vulnerability surface and have become the target of malware attacks.Moreover,attackers have used advanced techniques to evade defenses by transforming their malware into functionality-preserving variants.We systematically analyze such evasion attacks and conduct a large-scale empirical study in this paper to evaluate their impact on security.More specifically,we focus on two forms of evasion attacks:obfuscation and adversarial attacks.To the best of our knowledge,this paper is the first to investigate and contrast the two families of evasion attacks systematically.We apply 10 obfuscation attacks and 9 adversarial attacks to 2870 malware examples.The obtained findings are as follows.(1)Commercial Off-The-Shelf(COTS)malware detectors are vulnerable to evasion attacks.(2)Adversarial attacks affect COTS malware detectors slightly more effectively than obfuscated malware examples.(3)Code similarity detection approaches can be affected by obfuscated examples and are barely affected by adversarial attacks.(4)These attacks can preserve the functionality of original malware examples. 展开更多
关键词 android malware OBFUSCATION adversarial examples
原文传递
DroidEcho:an in-depth dissection of malicious behaviors in Android applications 被引量:1
11
作者 Guozhu Meng Ruitao Feng +2 位作者 Guangdong Bai Kai Chen Yang Liu 《Cybersecurity》 2018年第1期126-142,共17页
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new ... A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%. 展开更多
关键词 Semantic attack model android malware detection Inter-component communication graph Privacy leakage
原文传递
MobSafe:Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining 被引量:2
12
作者 Jianlin Xu Yifan Yu +4 位作者 Zhen Chen Bin Cao Wenyu Dong Yu Guo Junwei Cao 《Tsinghua Science and Technology》 SCIE EI CAS 2013年第4期418-427,共10页
With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Int... With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage. 展开更多
关键词 android platform mobile malware detection cloud computing forensic analysis machine learning redis key-value store big data hadoop distributed file system data mining
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部