Journal ArticleDOI
SWORD: Semantic aWare andrOid malwaRe Detector
Shweta Bhandari,Rekha Panihar,Smita Naval,Vijay Laxmi,Akka Zemmari,Manoj Singh Gaur +5 more
- Vol. 42, pp 46-56
Reads0
Chats0
TLDR
This paper presents a semantic aware dynamic malware detection tool, SWORD, which encapsulates the semantics of Android apps in such a way that makes it resilient towards injection-based evasion techniques.Abstract:
Malicious android applications have become more advanced and severe threat to user privacy, confidentiality, integrity, money, and device. The process of malware evolution mainly consists of modifications to existing malware using repackaging of apps employing polymorphism, metamorphism and injecting malicious code. The existing dynamic approaches can handle polymorphism, metamorphism and repacking of apps but failed to address code injection at runtime, as it modifies the control/data flow. In this paper, we present a semantic aware dynamic malware detection tool, SWORD. It encapsulates the semantics of Android apps in such a way that makes it resilient towards injection-based evasion techniques. The intuition behind specifying the semantics of apps lies in applying Asymptotic Equipartition Property (AEP) inherited from information theory domain. The semantics of the app are captured using a sequence of system-calls. To assess the efficacy of SWORD, we carried out comprehensive experiments on 6000 execution traces of 2000 applications (1000 malware apps belonging to 119 different families and 1000 benign apps, selected randomly from 12,000 Google Play store apps). We obtain a detection accuracy of 94.2%. Moreover, we show that SWORD can cope with the code injection based evasion techniques.read more
Citations
More filters
Journal ArticleDOI
A machine learning based approach to detect malicious android apps using discriminant system calls
TL;DR: System calls to tackle mobile malware on Android operating system are investigated and the effectiveness of classifier against adversarial attacks is evaluated and it is found that the classifiers are vulnerable to data poisoning and label flipping attacks.
Journal ArticleDOI
Malicious application detection in android — A systematic literature review
Tejpal Sharma,Dhavleesh Rattan +1 more
TL;DR: This research will help to identify malicious applications in android operating system and new hybrid techniques must be implemented to investigate malware activities.
Journal ArticleDOI
Hybrid sequence-based Android malware detection using natural language processing
Journal ArticleDOI
SysDroid: a dynamic ML-based android malware analyzer using system call traces
TL;DR: The results suggest that the hackers can bypass detection, by discovering the classifier blind spots, on augmenting a small number of legitimate attributes.
DROIDSCRIBE: Classifying android malware based on runtime behavior
Santanu Kumar Dash,Guillermo Suarez Tangil,Salah J. Khan,Kim Tae Woong,Mansoor Ahmad,Johannes Kinder,Lorenzo Cavallaro +6 more
TL;DR: In this article, the authors use machine learning to automatically classify Android malware samples into families with high accuracy, while observing only their runtime behavior, focusing exclusively on dynamic analysis of runtime behavior to provide a clean point of comparison.
References
More filters
Journal ArticleDOI
Random Forests
TL;DR: Internal estimates monitor error, strength, and correlation and these are used to show the response to increasing the number of features used in the forest, and are also applicable to regression.
Journal ArticleDOI
The random subspace method for constructing decision forests
TL;DR: A method to construct a decision tree based classifier is proposed that maintains highest accuracy on training data and improves on generalization accuracy as it grows in complexity.
Journal ArticleDOI
Do we need hundreds of classifiers to solve real world classification problems
TL;DR: The random forest is clearly the best family of classifiers (3 out of 5 bests classifiers are RF), followed by SVM (4 classifiers in the top-10), neural networks and boosting ensembles (5 and 3 members in theTop-20, respectively).
Proceedings Article
QEMU, a fast and portable dynamic translator
TL;DR: QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU.
Proceedings ArticleDOI
Classification using intersection kernel support vector machines is efficient
TL;DR: It is shown that one can build histogram intersection kernel SVMs (IKSVMs) with runtime complexity of the classifier logarithmic in the number of support vectors as opposed to linear for the standard approach.