Search

Your search keyword '"hybrid analysis"' showing total 8 results
Start Over Descriptor "hybrid analysis" Topic android malware
8 results on '"hybrid analysis"'

2. Android Malware Detection Techniques

Author

Khemani, Shreya, Jain, Darshil, Prasad, Gaurav, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Shetty, N. R., editor, Patnaik, L. M., editor, Nagaraj, H. C., editor, Hamsavath, Prasad Naik, editor, and Nalini, N., editor

Published
2019
Full Text
View/download PDF

3. Effective and Efficient Hybrid Android Malware Classification Using Pseudo-Label Stacked Auto-Encoder.

Author

Mahdavifar, Samaneh, Alhadidi, Dima, and Ghorbani, Ali. A.

Abstract

Android has become the target of attackers because of its popularity. The detection of Android mobile malware has become increasingly important due to its significant threat. Supervised machine learning, which has been used to detect Android malware is far from perfect because it requires a significant amount of labeled data. Since labeled data is expensive and difficult to get while unlabeled data is abundant and cheap in this context, we resort to a semi-supervised learning technique, namely pseudo-label stacked auto-encoder (PLSAE), which involves training using a set of labeled and unlabeled instances. We use a hybrid approach of dynamic analysis and static analysis to craft feature vectors. We evaluate our proposed model on CICMalDroid2020, which includes 17,341 most recent samples of five different Android apps categories. After that, we compare the results with state-of-the-art techniques in terms of accuracy and efficiency. Experimental results show that our proposed framework outperforms other semi-supervised approaches and common machine learning algorithms. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

5. A Hybrid Analysis-Based Approach to Android Malware Family Classification

Author

Chao Ding, Nurbol Luktarhan, Bei Lu, and Wenhui Zhang

Subjects
android malware, malware detection and family classification, machine learning, hybrid analysis, dynamic networking flow, Science, Astrophysics, QB460-466, Physics, QC1-999
Abstract

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.

Published
2021
Full Text
View/download PDF

6. A Hybrid Analysis-Based Approach to Android Malware Family Classification

Author

Wenhui Zhang, Bei Lu, Chao Ding, and Nurbol Luktarhan

Subjects
Hypertext Transfer Protocol, Computer science, computer.internet_protocol, Science, QC1-999, malware detection and family classification, General Physics and Astronomy, Feature selection, 02 engineering and technology, Astrophysics, computer.software_genre, Article, Protocol stack, dynamic networking flow, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Physics, 020206 networking & telecommunications, Static analysis, Random forest, QB460-466, hybrid analysis, android malware, machine learning, Transport layer, Malware, 020201 artificial intelligence & image processing, Data mining, computer
Abstract

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.

Published
2021
Full Text
View/download PDF

7. A Hybrid Analysis-Based Approach to Android Malware Family Classification.

Author

Ding, Chao, Luktarhan, Nurbol, Lu, Bei, and Zhang, Wenhui

Subjects
*FEATURE selection, *MALWARE, *RANDOM forest algorithms, *TRAFFIC flow, *CHI-squared test, *CLASSIFICATION
Abstract

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

8. A TAN based hybrid model for android malware detection.

Author

Surendran, Roopak, Thomas, Tony, and Emmanuel, Sabu

Subjects
*MALWARE prevention, *INTRUSION detection systems (Computer security), *PERFORMANCE evaluation, *MACHINE learning
Abstract

Android devices are very popular because of their availability at reasonable prices. However, there is a rapid rise of malware applications in Android platform in the recent past years due to its security vulnerabilities. The existing static malware detection mechanisms can locate malicious components associated with the source code of an application and dynamic analysis can identify exploits in the runtime environment. Hence, the advantages of both static and dynamic mechanisms need to be combined to form a hybrid analysis mechanism for achieving better accuracy in malware detection. The existing machine learning based hybrid malware analysis mechanisms do not check the interdependency of static and dynamic features used in their machine learning classifiers. This interdependency can lead to multicollinearity problem which can affect the classifier's performance. Hence, in this paper we propose a novel TAN (Tree Augmented naive Bayes) based hybrid malware detection mechanism by employing the conditional dependencies among relevant static and dynamic features (API calls, permissions and system calls) which are required for the functionality of an application. We trained three ridge regularized logistic regression classifiers corresponding to API calls, permission and system calls of an application and modeled their output relationships as a TAN (Tree Augmented naive Bayes) for identifying whether the application is malicious or not. The experimental results show that the proposed mechanism can detect malicious applications over a long period with an accuracy of 0.97. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results