No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Neural Network-Based Technique for Android Smartphone Applications Classification
... As provided in equation (1) we can see this method scale input data into a range between 0 and 1 that is very helpful besides the result shows the difference. These types of problem are sequential so first idea that comes to mind is RNNs which are fundamentally made to solve this kind of problem [32]. Recent studies that have used RNNs have not obtained results with very high accuracy . ...
Hand phone devices are the latest technological developments of the 20th century. There is an increasing number of fishing, sniffing and other kinds of attacks in this field of technology. Although signature-based methods are usable, they are not very reliable when faced with new kinds of malwares and they are neither accurate nor enough. Furthermore, signature-based methods cannot efficiently detect rapid malware behavior changes. Our classification process consists of not only analyzing of the source code by using Jadx but also analyzing applications and extracting useful features. Two kinds of analyses are used which are called static and dynamic. We concentrate on Android malware classification using Call-Graph and by moreover generating Call-Graphs for both classes.dex and lib.so files which have not been worked before. The proposed method for classification is CNN-LSTM. Since this method is a reasonable choice to learn complex and sequential features, it benefits from both convolutional neural network and long short-term memory which is a type of recurrent neural network. In this method a Sequential Neural Network is designed to do sequence classification as well as conduct a set of experiments on malware detection. In conclusion, CNN-LSTM is compared with several classification methods like Convolutional Neural Network (CNN), Support Vector Machine (SVM), Naive Bayes, Random Forest, and other methods. Obtained results show that, our method is more effective, efficient, and reliable than others even by using the same hardware and dataset.
Android is susceptible to malware attacks due to its open architecture, large user base and access to its code. Mobile or android malware attacks are increasing from last year. These are common threats for every internet-accessible device. From Researchers Point of view 50% increase in cyber-attacks targeting Android Mobile phones since last year. Malware attackers increasingly turning their attention to attacking smartphones with credential-theft, surveillance, and malicious advertising. Security investigation in the android mobile system has relied on analysis for malware or threat detection using binary samples or system calls with behavior profile for malicious applications is generated and then analyzed. The resulting report is then used to detect android application malware or threats using manual features. To dispose of malicious applications in the mobile device, we propose an Android malware detection system using deep learning techniques which gives security for mobile or android. FNN(Fully-connected FeedForward Deep Neural Networks) and AutoEncoder algorithm from deep learning provide Extensive experiments on a real-world dataset that reaches to an accuracy of 95 %. These papers explain Deep learning FNN(Fully-connected FeedForward Deep Neural Networks) and AutoEncoder approach for android malware detection.
In recent years, the global pervasiveness of smartphones has prompted the development of millions of free and commercially available applications. These applications allow users to perform various activities, such as communicating, gaming, and completing financial and educational tasks. These commonly used devices often store sensitive private information and, consequently, have been increasingly targeted by harmful malicious software. This paper focuses on the concepts and risks associated with malware, and reviews current approaches and mechanisms used to detect malware with respect to their methodology, associated datasets, and evaluation metrics.
Context
In last decade, due to tremendous usage of smart phones it seems that these gadgets became an essential necessity of day-to-day life. People are using new technologies and storing prominent data in their smartphones. Unfortunately, data related to privacy is center of attraction for attackers. Therefore, attackers are developing new techniques to steal the data from smartphones.
Objective
The objective of study is to report a systematic literature review regarding malicious application detection in android operating system.
Method
Standard systematic literature review method is used to carry out the research. In this, 380 research articles are studied which are published in various prominent international journals and conferences.
Results
The different techniques which are used to investigate malicious application are identified. Furthermore, features used in static and dynamic technique are classified according to their usage in recent approaches. Various hybrid methods are analyzed and mapped according to the combination of static and dynamic features used. A variety of machine learning techniques are also identified and categorized in different classes. The datasets are listed are taken from various previous research approaches.
Conclusion
This research will help to identify malicious applications in android operating system. New hybrid techniques must be implemented to investigate malware activities and recommendations are given for future research.
The use of smart and connected devices, such as Android and Internet of Things (IoT) have increased exponentially. In the last 10 years, mobiles and IoT devices have surpassed PC’s utilization. Android hosts an array of connected sensors like IoT. It has transformed a simple gadget into a hub of mobile phone with IoT. With a high number of clients and enormous assortment of Android applications it has been an appealing target for many security threats including malware attacks. To monitor a host of the applications that runs on Android and IoT devices, this study employs a deep learning based feature detector for malware detection which can easily be trained and be used with different classifiers to assess an application’s behavior. The features learnt by the detector can be reused to transfer their learning to any future endeavors toward malware detection. To test the accuracy and effectiveness of the feature detector we test it in two phases: (i) first the features extracted are fed to a fully connected network (FCN) with Softmax activation and in (ii) second scheme we use recurrent layers of attentions to classify the Applications either as malicious or benign. Our findings reveal that the proposed feature detector achieves significant results with an F1-Score of 98.97% and an accuracy of 98%.
In this paper, we present a systematic study for the de-tection of malicious applications (or apps) on popular An-droid Markets. To this end, we first propose a permission-based behavioral footprinting scheme to detect new sam-ples of known Android malware families. Then we apply a heuristics-based filtering scheme to identify certain inher-ent behaviors of unknown malicious families. We imple-mented both schemes in a system called DroidRanger. The experiments with 204, 040 apps collected from five different Android Markets in May-June 2011 reveal 211 malicious ones: 32 from the official Android Market (0.02% infec-tion rate) and 179 from alternative marketplaces (infection rates ranging from 0.20% to 0.47%). Among those mali-cious apps, our system also uncovered two zero-day mal-ware (in 40 apps): one from the official Android Market and the other from alternative marketplaces. The results show that current marketplaces are functional and rela-tively healthy. However, there is also a clear need for a rigorous policing process, especially for non-regulated al-ternative marketplaces.
Malicious applications pose a threat to the security of the Android platform. The growing amount and diversity of these applications render conventional defenses largely ineffective and thus Android smartphones often remain un-protected from novel malware. In this paper, we propose DREBIN, a lightweight method for detection of Android malware that enables identifying malicious applications di-rectly on the smartphone. As the limited resources impede monitoring applications at run-time, DREBIN performs a broad static analysis, gathering as many features of an ap-plication as possible. These features are embedded in a joint vector space, such that typical patterns indicative for malware can be automatically identified and used for ex-plaining the decisions of our method. In an evaluation with 123,453 applications and 5,560 malware samples DREBIN outperforms several related approaches and detects 94% of the malware with few false alarms, where the explana-tions provided for each detection reveal relevant properties of the detected malware. On five popular smartphones, the method requires 10 seconds for an analysis on average, ren-dering it suitable for checking downloaded applications di-rectly on the device.
One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "tand-alone" ashion and in a way that requires too much technical knowledge and time to distill useful information.
We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
ABSTRACT Users have begun downloading,an increasingly large number,of mobile phone applications in response to advancements,in hand- sets and wireless networks. The increased number,of applications results in a greater chance of installing Trojans and similar mal- ware. In this paper, we propose the Kirin security service for An- droid, which performs lightweight certification of applications to mitigate malware,at install time. Kirin certification uses security rules, which are templates designed to conservatively match unde- sirable properties in security configuration bundled with applica- tions. We use a variant of security requirements engineering tech- niques to perform an in-depth security analysis of Android to pro- duce a set of rules that match malware,characteristics. In a sam- ple of 311 of the most popular applications downloaded,from the official Android Market, Kirin and our rules found 5 applications that implement,dangerous functionality and therefore should be in- stalled with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection General Terms Security Keywords mobile phone security, malware, Android
Smartphone usage has been continuously increasing in recent years. Moreover, smartphones are often used for privacy-sensitive tasks, becoming highly valuable targets for attackers. They are also quite different from PCs, so that PC-oriented solutions are not always applicable, or do not offer comprehensive security. We propose an alternative solution, where security checks are applied on remote security servers that host exact replicas of the phones in virtual environments. The servers are not subject to the same constraints, allowing us to apply multiple detection techniques simultaneously. We implemented a prototype of this security model for Android phones, and show that it is both practical and scalable: we generate no more than 2KiB/s and 64B/s of trace data for high-loads and idle operation respectively, and are able to support more than a hundred replicas running on a single server.
Many fault detection techniques/algorithms for detecting faults in rule bases have appeared in the literature. These techniques assume that the rule base is static. This paper presents a new approach/algorithm for detecting faults in dynamic rule bases, where rules may be added/deleted in response to certain events happening in the system being controlled by the rule base. This is performed by maintaining a set of structures, where new rules can be added to the dynamic rule base without the need to rebuild the structures that represent the rule base. The approach makes use of spanning trees and disjoint sets to check a dynamic rule base for different kinds of faults. The algorithm devises a tree/forest of the underlying directed graph by treating the directed graph as an undirected graph, and then checks for various faults and properties. The algorithm devises a new rule base (which is a subset of the current rule base) that is equivalent, in terms of its reasoning capabilities, to the current rule base, with the properties that the new rule base is fault free. This is performed as rules are being added to the dynamic rule base one at a time.
Smartphones in general and Android in particular are increasingly shifting into the focus of cybercriminals. For understanding the threat to security and privacy it is important for security researchers to analyze malicious software written for these systems. The exploding number of Android malware calls for automation in the analysis. In this paper, we present Mobile-Sandbox, a system designed to automatically analyze Android applications in two novel ways: (1) it combines static and dynamic analysis, i.e., results of static analysis are used to guide dynamic analysis and extend coverage of executed code, and (2) it uses specific techniques to log calls to native (i.e., "non-Java") APIs. We evaluated the system on more than 36,000 applications from Asian third-party mobile markets and found that 24% of all applications actually use native calls in their code.
Smartphone sales have recently experienced explosive growth. Their popularity also encourages malware authors to penetrate various mobile marketplaces with malicious applications (or apps). These malicious apps hide in the sheer number of other normal apps, which makes their detection challenging. Existing mobile anti-virus software are inadequate in their reactive nature by relying on known malware samples for signature extraction. In this paper, we propose a proactive scheme to spot zero-day Android malware. Without relying on malware samples and their signatures, our scheme is motivated to assess potential security risks posed by these untrusted apps. Specifically, we have developed an automated system called RiskRanker to scalably analyze whether a particular app exhibits dangerous behavior (e.g., launching a root exploit or sending background SMS messages). The output is then used to produce a prioritized list of reduced apps that merit further investigation. When applied to examine 118,318 total apps collected from various Android markets over September and October 2011, our system takes less than four days to process all of them and effectively reports 3281 risky apps. Among these reported apps, we successfully uncovered 718 malware samples (in 29 families) and 322 of them are zero-day (in 11 families). These results demonstrate the efficacy and scalability of RiskRanker to police Android markets of all stripes.
A sequence of 0's and 1's is observed and it is suspected that the chance that a particular trial is a 1 depends on the value of one or more independent variables. Tests and estimates for such situations are considered, dealing first with problems in which the independent variable is preassigned and then with independent variables that are functions of the sequence. There is a considerable amount of earlier work, which is reviewed.
This book is the first comprehensive introduction to Support Vector Machines (SVMs), a new generation learning system based on recent advances in statistical learning theory. The book also introduces Bayesian analysis of learning and relates SVMs to Gaussian Processes and other kernel based learning methods. SVMs deliver state-of-the-art performance in real-world applications such as text categorisation, hand-written character recognition, image classification, biosequences analysis, etc. Their first introduction in the early 1990s lead to a recent explosion of applications and deepening theoretical analysis, that has now established Support Vector Machines along with neural networks as one of the standard tools for machine learning and data mining. Students will find the book both stimulating and accessible, while practitioners will be guided smoothly through the material required for a good grasp of the theory and application of these techniques. The concepts are introduced gradually in accessible and self-contained stages, though in each stage the presentation is rigorous and thorough. Pointers to relevant literature and web sites containing software ensure that it forms an ideal starting point for further study. Equally the book will equip the practitioner to apply the techniques and an associated web site will provide pointers to updated literature, new applications, and on-line software.
In this paper we desoribe a program that verifies the oonsistenoy and completeness of expert system knowledge bases whioh utilize the Lookheed Expert System (LES) framework. The algorithms desoribed here are not specific to LES and oan be applied to most rule-based systems. The program, oalled CHECK, combines logioal principles as well as speoifio information about the knowledge representation formalism of LES. The program oheoks for redundant rules, conflictlng rules, subsumed rules, missing rules, ciroular rules, unreachable olauses, and deadend olauses. It also generates a dependency ohart whioh shows the dependencies among the rules and between the rules and the goals. CHECK oan help the knowledge engineer to deteot many programming errors even before the knowledge base testing phase. It also helps deteot gaps in the knowledge base whioh the knowledge engineer and the expert might have overlooked. A wide variety of knowledge bases have been analyzed using CHECK.
New text categorization models using back-propagation neural network (BPNN) and modified back-propagation neural network (MBPNN) are proposed. An efficient feature selection method is used to reduce the dimensionality as well as improve the performance. The basic BPNN learning algorithm has the drawback of slow training speed, so we modify the basic BPNN learning algorithm to accelerate the training speed. The categorization accuracy also has been improved consequently. Traditional word-matching based text categorization system uses vector space model (VSM) to represent the document. However, it needs a high dimensional space to represent the document, and does not take into account the semantic relationship between terms, which can also lead to poor classification accuracy. Latent semantic analysis (LSA) can overcome the problems caused by using statistically derived conceptual indices instead of individual words. It constructs a conceptual vector space in which each term or document is represented as a vector in the space. It not only greatly reduces the dimensionality but also discovers the important associative relationship between terms. We test our categorization models on 20-newsgroup data set, experimental results show that the models using MBPNN outperform than the basic BPNN. And the application of LSA for our system can lead to dramatic dimensionality reduction while achieving good classification results.
This paper introduces a statistical technique, Support Vector Machines (SVM), which is considered by the Deutsche Bundesbank as an alternative for company rating. A special attention is paid to the features of the SVM which provide a higher accuracy of company classification into solvent and insolvent. The advantages and disadvantages of the method are discussed. The comparison of the SVM with more traditional approaches such as logistic regression (Logit) and discriminant analysis (DA) is made on the Deutsche Bundesbank data of annual income statements and balance sheets of German companies. The out-of-sample accuracy tests confirm that the SVM outperforms both DA and Logit on bootstrapped samples.
In a text categorization model using an artificial neural network as the text classifier scalability is poor if the neural network is trained using the raw feature space since textural data has a very high-dimension feature space. We proposed and compared four dimensionality reduction techniques to reduce the feature space into an input space of much lower dimension for the neural network classifier. To test the effectiveness of the proposed model, experiments were conducted using a subset of the Reuters-22173 test collection for text categorization. The results showed that the proposed model was able to achieve high categorization effectiveness as measured by precision and recall. Among the four dimensionality reduction techniques proposed, principal component analysis was found to be the most effective in reducing the dimensionality of the feature space
Decision trees are attractive classifiers due to their high
execution speed. But trees derived with traditional methods often cannot
be grown to arbitrary complexity for possible loss of generalization
accuracy on unseen data. The limitation on complexity usually means
suboptimal accuracy on training data. Following the principles of
stochastic modeling, we propose a method to construct tree-based
classifiers whose capacity can be arbitrarily expanded for increases in
accuracy for both training and unseen data. The essence of the method is
to build multiple trees in randomly selected subspaces of the feature
space. Trees in, different subspaces generalize their classification in
complementary ways, and their combined classification can be
monotonically improved. The validity of the method is demonstrated
through experiments on the recognition of handwritten digits
Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis
- L.-K Y Droidscope