• PDF / 3,469,947 Bytes
• 20 Pages / 595.276 x 790.866 pts Page_size
• 57 Downloads / 189 Views

DOWNLOAD

REPORT

(0123456789().,-volV)(0123456789(). ,- volV)

SysDroid: a dynamic ML-based android malware analyzer using system call traces Ananya A.1 • Aswathy A.1 • Amal T. R.1 • Swathy P. G.1 • Vinod P.1 • Mohammad Shojafar2,3 Received: 10 August 2019 / Revised: 29 November 2019 / Accepted: 31 December 2019 Ó Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Android is a popular open-source operating system highly susceptible to malware attacks. Researchers have developed machine learning models, learned from attributes extracted using static/dynamic approaches to identify malicious applications. However, such models suffer from low detection accuracy, due to the presence of noisy attributes, extracted from conventional feature selection algorithms. Hence, in this paper, a new feature selection mechanism known as selection of relevant attributes for improving locally extracted features using classical feature selectors (SAILS), is proposed. SAILS, targets on discovering prominent system calls from applications, and is built on the top of conventional feature selection methods, such as mutual information, distinguishing feature selector and Galavotti–Sebastiani–Simi. These classical attribute selection methods are used as local feature selectors. Besides, a novel global feature selection method known as, weighted feature selection is proposed. Comprehensive analysis of the proposed feature selectors, is conducted with the traditional methods. SAILS results in improved values for evaluation metrics, compared to the conventional feature selection algorithms for distinct machine learning models, developed using Logistic Regression, CART, Random Forest, XGBoost and Deep Neural Networks. Our evaluations observe accuracies ranging between 95 and 99% for dropout rate and learning rate in the range 0.1–0.8 and 0.001–0.2, respectively. Finally, the security evaluation of malware classifiers on adversarial examples are thoroughly investigated. A decline in accuracy with adversarial examples is observed. Also, SAILS recall rate of classifier subjected to such examples estimate in the range of 24.79–92.2%. However, prior to the attack, the true positive rate obtained by the classifier is reported between 95.2 and 99.79%. The results suggest that the hackers can bypass detection, by discovering the classifier blind spots, on augmenting a small number of legitimate attributes. Keywords Android malware  Machine learning (ML)  Deep learning (DL)  Feature selection  Adversarial machine learning (AML)  Attacks

& Mohammad Shojafar [email protected]; [email protected] Ananya A. [email protected] Aswathy A. [email protected]

1

Department of Computer Science & Engineering, SCMS School of Engineering and Technology, Ernakulam, Kerala, India

2

ICS/5GIC, University of Surrey, Guildford GU27XH, UK

3

University of Padua, 35131 Padua, Italy

Amal T. R. [email protected] Swathy P. G. [email protected] Vinod P. [email protected]

123

Cluster Computing

1 Introduction The number of Android

Recommend Documents

GroDDViewer: Dynamic Dual View of Android Malware

209 37 13MB

Android Malware

201 93 2MB

A Hidden File Extraction Scheme Defeating Malware Using Android Dynamic Loading

189 70 18MB

DaVinci: Android App Analysis Beyond Frida via Dynamic System Call Instrumentation

188 36 39MB

AOMDroid: Detecting Obfuscation Variants of Android Malware Using Transfer Learning

115 6 32MB

Robust Android Malware Detection System Against Adversarial Attacks Using Q-Learning

169 79 5MB

Emulation Versus Instrumentation for Android Malware Detection

215 107 9MB

A Study of Simple Classification of Malware Based on the Dynamic API Call Counts

169 121 88KB

A Survey of Intelligent Techniques for Android Malware Detection

206 97 23MB

Android Malware Detection via Behavior-Based Features

205 34 24MB

Software System Exploration Using Library Call Analysis

153 73 11MB

AndrOpGAN: An Opcode GAN for Android Malware Obfuscations

113 47 66MB