Android Malware Detection using Feature Ranking of Permissions
- URL: http://arxiv.org/abs/2201.08468v1
- Date: Thu, 20 Jan 2022 22:08:20 GMT
- Title: Android Malware Detection using Feature Ranking of Permissions
- Authors: Muhammad Suleman Saleem, Jelena Mi\v{s}i\'c, and Vojislav B.
Mi\v{s}i\'c
- Abstract summary: We use Android permissions as a vehicle to allow for quick and effective differentiation between benign and malware apps.
Our analysis indicates that this approach can result in better accuracy and F-score value than other reported approaches.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: We investigate the use of Android permissions as the vehicle to allow for
quick and effective differentiation between benign and malware apps. To this
end, we extract all Android permissions, eliminating those that have zero
impact, and apply two feature ranking algorithms namely Chi-Square test and
Fisher's Exact test to rank and additionally filter them, resulting in a
comparatively small set of relevant permissions. Then we use Decision Tree,
Support Vector Machine, and Random Forest Classifier algorithms to detect
malware apps. Our analysis indicates that this approach can result in better
accuracy and F-score value than other reported approaches. In particular, when
random forest is used as the classifier with the combination of Fisher's Exact
test, we achieve 99.34\% in accuracy and 92.17\% in F-score with the false
positive rate of 0.56\% for the dataset in question, with results improving to
99.82\% in accuracy and 95.28\% in F-score with the false positive rate as low
as 0.05\% when only malware from three most popular malware families are
considered.
Related papers
- Towards a Trustworthy Anomaly Detection for Critical Applications through Approximated Partial AUC Loss [2.09942566943801]
A binary classifier is trained to optimize the specific range of the AUC ROC curve that prevents the True Positive Rate (TPR) to reach 100% while minimizing the False Positive Rate (FPR)
The results show a TPR of 92.52% at a 20.43% FPR for an average across 6 datasets, representing a TPR improvement of 4.3% for a FPR cost of 12.2% against other state-of-the-art methods.
arXiv Detail & Related papers (2025-02-17T08:59:59Z) - Leveraging Large Language Models for Cybersecurity: Enhancing SMS Spam Detection with Robust and Context-Aware Text Classification [4.281580125566764]
This study evaluates the effectiveness of different feature extraction techniques and classification algorithms in detecting spam messages within SMS data.
We found that TF-IDF, when paired with Naive Bayes, Support Vector Machines, or Deep Neural Networks, provides the most reliable performance.
arXiv Detail & Related papers (2025-02-16T06:39:36Z) - Certified Robustness Under Bounded Levenshtein Distance [55.54271307451233]
We propose the first method for computing the Lipschitz constant of convolutional classifiers with respect to the Levenshtein distance.
Our method, LipsLev, is able to obtain $38.80$% and $13.93$% verified accuracy at distance $1$ and $2$ respectively.
arXiv Detail & Related papers (2025-01-23T13:58:53Z) - Leveraging Large Language Models to Detect npm Malicious Packages [4.479741014073169]
This study empirically studies the effectiveness of Large Language Models (LLMs) in detecting malicious code.
We present SocketAI, a malicious code review workflow to detect malicious code.
arXiv Detail & Related papers (2024-03-18T19:10:12Z) - Small Effect Sizes in Malware Detection? Make Harder Train/Test Splits! [51.668411293817464]
Industry practitioners care about small improvements in malware detection accuracy because their models are deployed to hundreds of millions of machines.
Academic research is often restrained to public datasets on the order of ten thousand samples.
We devise an approach to generate a benchmark of difficulty from a pool of available samples.
arXiv Detail & Related papers (2023-12-25T21:25:55Z) - Towards a Fair Comparison and Realistic Design and Evaluation Framework
of Android Malware Detectors [63.75363908696257]
We analyze 10 influential research works on Android malware detection using a common evaluation framework.
We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models.
We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
arXiv Detail & Related papers (2022-05-25T08:28:08Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - Leveraging Uncertainty for Improved Static Malware Detection Under
Extreme False Positive Constraints [21.241478970181912]
We show how ensembling and Bayesian treatments of machine learning methods for static malware detection allow for improved identification of model errors.
In particular, we improve the true positive rate (TPR) at an actual realized FPR of 1e-5 from an expected 0.69 for previous methods to 0.80 on the best performing model class on the Sophos industry scale dataset.
arXiv Detail & Related papers (2021-08-09T14:30:23Z) - Identification of Significant Permissions for Efficient Android Malware
Detection [2.179313476241343]
One out of every five business/industry mobile application leaks sensitive personal data.
Traditional signature/heuristic-based malware detection systems are unable to cope up with current malware challenges.
We propose an efficient Android malware detection system using machine learning and deep neural network.
arXiv Detail & Related papers (2021-02-28T22:07:08Z) - Maat: Automatically Analyzing VirusTotal for Accurate Labeling and
Effective Malware Detection [71.84087757644708]
The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 scanners.
There are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies.
We implemented a method, Maat, that tackles these issues of standardization and sustainability by automatically generating a Machine Learning (ML)-based labeling scheme.
arXiv Detail & Related papers (2020-07-01T14:15:03Z) - Robust Spammer Detection by Nash Reinforcement Learning [64.80986064630025]
We develop a minimax game where the spammers and spam detectors compete with each other on their practical goals.
We show that an optimization algorithm can reliably find an equilibrial detector that can robustly prevent spammers with any mixed spamming strategies from attaining their practical goal.
arXiv Detail & Related papers (2020-06-10T21:18:07Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.