AmandaSystem: A new framework for static and dynamic Android malware analysis

Muhammed Basheer Jasser Bayan Issa Mülhem İbrahim

2022

The computers nowadays are being replaced by the smartphones for the most of the internet users around the world, and Android is getting the most of the smartphone systems’ market. This rise of the usage of smartphones generally, and the Android system specifically, leads to a strong need to effectively secure Android, as the malware developers are targeting it with sophisticated and obfuscated malware applications. Consequently, a lot of studies were performed to propose a robust method to detect and classify android malicious software (malware). Some of them were effective, some were not; with accuracy below 90%, and some of them are being outdated; using datasets that became old containing applications for old versions of Android that are rarely used today. In this paper, a new method is proposed by using static analysis and gathering as most useful features of android applications as possible, along with two new proposed features, and then passing them to a functional API deep learning model we made. This method was implemented on a new and classified android application dataset, using 14079 malware and benign samples in total, with malware samples classified into four malware classes. Two major experiments with this dataset were implemented, one for malware detection with the dataset samples categorized into two classes as just malware and benign, the second one was made for malware detection and classification, using all the five classes of the dataset. As a result, our model overcomes the related works when using just two classes with F1-score of 99.5%. Also, high malware detection and classification performance was obtained by using the five classes, with F1-score of 97%.

Sukhdip Singh Gulshan Shrivastava Anuradha Dahiya

25 Oktober 2023

Android malware has been emerged as a significant threat, which includes exposure of confidential information, misrepresentation of facts and execution of applications without the knowledge of the users. Malware analysis plays an essential role in dealing with the unlawful behaviour of such malicious applications. Android malware analysis involves examining and understanding malware behaviour and its characteristics. It also includes potential adversarial impacts on Android devices. This paper presents a quick understanding and a holistic view of malware detection and analysis. The current investigation conducted a systematic literature review (SLR) to recognize the salient shifts in malware detection by examining a range of scholarly journals and conference papers. The SLR investigated 99 articles published between the years 2018 and 2023. The key observation of this SLR is that static analysis is the most implemented approach for detecting Android malware; Apktool and Androguard are the most frequently used tools. This study also conceded that deep learning and machine learning models have more potential to analyse the malicious behaviour of malware. Certain challenges are faced in Android malware analysis, that is, obfuscation techniques, dynamic code loading, and issues related to experimented datasets. Further, this study focuses on the following areas: the definition of the sample set, data optimisation and processing, feature extraction, machine learning application, and classifier validation. This investigation differs from previous analyses of Android malware detection by emphasizing additional methods based on machine learning.

Younghoon Ban Dokyung Song Sunjun Lee + 2 lainnya

2022

To handle relentlessly emerging Android malware, deep learning has been widely adopted in the research community. Prior work proposed deep learning-based approaches that use different features of malware, and reported a high accuracy in malware detection, i.e., classifying malware from benign applications. However, familial analysis of real-world Android malware has not been extensively studied yet. Familial analysis refers to the process of classifying a given malware into a family (or a set of families), which can greatly accelerate malware analysis as the analysis gives their fine-grained behavioral characteristics. In this work, we shed light on deep learning-based familial analysis by studying different features of Android malware and how effectively they can represent their (malicious) behaviors. We focus on string features of Android malware, namely the Abstract Syntax Trees (AST) of all functions extracted from each malware, which faithfully represent all string features of Android malware. We thoroughly study how different string features, such as how security-sensitive APIs are used in malware, affect the performance of our deep learning-based familial analysis model. A convolutional neural network was trained and tested in various configurations on 28,179 real-world malware dataset appeared in the wild from 2018 to 2020, where each malware has one or more labels assigned based on their behaviors. Our evaluation reveals how different features contribute to the performance of familial analysis. Notably, with all features combined, we were able to produce up to an accuracy of 98% and a micro F1-score of 0.82, a result on par with the state-of-the-art.

Cong-Danh Nguyen Nghi Hoang Khoa Cam Nguyen Tan + 1 lainnya

11 Januari 2023

In recent years, Android malware has been overgrown, challenging malware analysts. However, there has been a lot of research in detecting and classifying Android malware based on machine learning. Android malware classification is an essential goal in classifying malware families. This paper proposes the application of machine learning and deep learning methods in classifying malware families and categories based on many different datasets to evaluate and select suitable methods for each dataset. This work demonstrates that with the Drebin and CICMaldroid2020 datasets classified by family and category, respectively, after feature extraction and selection, trained and evaluated with machine learning models, results are high accuracy, and the false positive rate is low. We also compare our results with several previous studies to highlight our results.

W. El-shafai Mohanned Ahmed Iman M. Almomani

5 Juli 2022

This paper offers a comprehensive analysis model for android malware. The model presents the essential factors affecting the analysis results of android malware that are vision-based. Current android malware analysis and solutions might consider one or some of these factors while building their malware predictive systems. However, this paper comprehensively highlights these factors and their impacts through a deep empirical study. The study comprises 22 CNN (Convolutional Neural Network) algorithms, 21 of them are well-known, and one proposed algorithm. Additionally, several types of files are considered before converting them to images, and two benchmark android malware datasets are utilized. Finally, comprehensive evaluation metrics are measured to assess the produced predictive models from the security and complexity perspectives. Consequently, guiding researchers and developers to plan and build efficient malware analysis systems that meet their requirements and resources. The results reveal that some factors might significantly impact the performance of the malware analysis solution. For example, from a security perspective, the accuracy, F1-score, precision, and recall are improved by 131.29%, 236.44%, 192%, and 131.29%, respectively, when changing one factor and fixing all other factors under study. Similar results are observed in the case of complexity assessment, including testing time, CPU usage, storage size, and pre-processing speed, proving the importance of the proposed android malware analysis model.