A Study of Android Malware Detection Techniques and Machine Learning

Android OS is one of the widely used mobile Operating Systems. The number of malicious applications and adwares are increasing constantly on par with the number of mobile devices. A great number of commercial signature based tools are available on the market which prevent to an extent the penetration and distribution of malicious applications. Numerous researches have been conducted which claims that traditional signature based detection system work well up to certain level and malware authors use numerous techniques to evade these tools. So given this state of affairs, there is an increasing need for an alternative, really tough malware detection system to complement and rectify the signature based system. Recent substantial research focused on machine learning algorithms that analyze features from malicious application and use those features to classify and detect unknown malicious applications. This study summarizes the evolution of malware detection techniques based on machine learning algorithms focused on the Android OS

A Survey on Android Malware Detection

Malwares are spreading around the world and infecting not only the end users but also large organizations and service providers. Android operating system seems to have attracted the most attention from Malicious code writer due to its popularity. Earlier, Signature based detection techniques were used to detect unknown malwares. But it was insufficient because these techniques were not able to detect unknown malwares (0-day attack). To analyze the malwares, static and dynamic techniques are used. Static analysis has advantage of being undetectable, as malware cannot modify its behavior during analysis. Despite number of detections and analysis techniques are in place, high detection accuracy of new malwares are still a critical issue. This survey paper highlights the existing detection and existing analysis methods used for the android Malicious code

Malware security for Android Components using Layer permission

Today’s open source android smartphone operating system is adept of executing the multifaceted and enormous application, which increases the installation of diverse applications with increase in chance of installation of malware application. The behavior pattern of android is depicted by the requested permission of application. System explores a way to detect malware application based on requested permission by the application. Detection of malware application is done in two steps; first step is to selecting representative features by applying the FAST algorithm. Whereas representative feature is extracted permissions, requested in the application. In second step classification of application is done as a malware or benign application using support vector machine (SVM). Using FAST and SVM algorithms system can discriminate android application as malware also enrich the performance of malware detection system. DOI: 10.17762/ijritcc2321-8169.15053

SYSTEMATIC DISCOVERY OF ANDROID CUSTOMIZATION HAZARDS

The open nature of Android ecosystem has naturally laid the foundation for a highly fragmented operating system. In fact, the official AOSP versions have been aggressively customized into thousands of system images by everyone in the customization chain, such as device manufacturers, vendors, carriers, etc. If not well thought-out, the customization process could result in serious security problems. This dissertation performs a systematic investigation of Android customization’ inconsistencies with regards to security aspects at various Android layers. It brings to light new vulnerabilities, never investigated before, caused by the under-regulated and complex Android customization. It first describes a novel vulnerability Hare and proves that it is security critical and extensive affecting devices from major vendors. A new tool is proposed to detect the Hare problem and to protect affected devices. This dissertation further discovers security configuration changes through a systematic differential analysis among custom devices from different vendors and demonstrates that they could lead to severe vulnerabilities if introduced unintentionally

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

With the wide diffusion of smartphones and their usage in a plethora of processes and activities, these devices have been handling an increasing variety of sensitive resources. Attackers are hence producing a large number of malware applications for Android (the most spread mobile platform), often by slightly modifying existing applications, which results in malware being organized in families. Some works in the literature showed that opcodes are informative for detecting malware, not only in the Android platform. In this paper, we investigate if frequencies of ngrams of opcodes are effective in detecting Android malware and if there is some significant malware family for which they are more or less effective. To this end, we designed a method based on state-of-the-art classifiers applied to frequencies of opcodes ngrams. Then, we experimentally evaluated it on a recent dataset composed of 11120 applications, 5560 of which are malware belonging to several different families. Results show that an accuracy of 97% can be obtained on the average, whereas perfect detection rate is achieved for more than one malware family

Android source code vulnerability detection: a systematic literature review

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions

Cyber-threat detection system using a hybrid approach of transfer learning and multi-model image representation

Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach

N-opcode Analysis for Android Malware Classification and Categorization

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach

Telecommunication Systems

This book is based on both industrial and academic research efforts in which a number of recent advancements and rare insights into telecommunication systems are well presented. The volume is organized into four parts: "Telecommunication Protocol, Optimization, and Security Frameworks", "Next-Generation Optical Access Technologies", "Convergence of Wireless-Optical Networks" and "Advanced Relay and Antenna Systems for Smart Networks." Chapters within these parts are self-contained and cross-referenced to facilitate further study