Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequ...Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.展开更多
The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Andr...The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.展开更多
The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the ...The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.展开更多
The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capable...The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.展开更多
The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection...The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed.Despite these efforts,however,most systems can be thwarted by sophisticated Androidmalware adopting obfuscation or native code to avoid discovery by anti-virus tools.In this paper,we propose a new static analysis technique to address the problems of obfuscating and native malware applications.The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate.Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy,low false positive rate,and high detection rate.展开更多
Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares a...Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.展开更多
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new ...A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.展开更多
With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Int...With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.展开更多
文摘Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.
基金supported by the National Natural Science Foundation of China(62072255)。
文摘The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.
基金funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Funding Program,Grant No.(FRP-1443-15).
文摘The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.
基金Princess Nourah bint Abdulrahman University and Researchers Supporting Project Number(PNURSP2024R346)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.
基金This work was supported in part by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(NRF-2019R1F1A1062320)the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2021-2016-0-00313).
文摘The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed.Despite these efforts,however,most systems can be thwarted by sophisticated Androidmalware adopting obfuscation or native code to avoid discovery by anti-virus tools.In this paper,we propose a new static analysis technique to address the problems of obfuscating and native malware applications.The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate.Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy,low false positive rate,and high detection rate.
文摘Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.
基金supported in part by National Key R&D Program of China(No.2016QY04W0805)NSFC U1536106,61728209+3 种基金National Top-notch Youth Talents Program of ChinaYouth Innovation Promotion Association CASBeijing Nova Program and a research grant from Ant Financialpartly supported by International Cooperation Program on CyberSecurity,administered by SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,China(No.SNSBBH-2017111036).
文摘A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China (Nos. 61161140320 and 61233016)Intel Research Council with the title of Security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.
