DroidDissector: A Static and Dynamic Analysis Tool for Android Malware Detection

• URL: http://arxiv.org/abs/2308.04170v3
• Date: Thu, 30 Nov 2023 19:28:38 GMT
• Title: DroidDissector: A Static and Dynamic Analysis Tool for Android Malware Detection
• Authors: Ali Muzaffar, Hani Ragab Hassen, Hind Zantout, Michael A Lones
• Abstract summary: DroidDissector is an extraction tool for both static and dynamic features. The static analysis module extracts features from both the manifest file and the source code of the application to obtain a broad array of features. The dynamic analysis module runs on the latest version of Android and analyses the complete behaviour of an application.
• Score: 3.195234044113248
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: DroidDissector is an extraction tool for both static and dynamic features. The aim is to provide Android malware researchers and analysts with an integrated tool that can extract all of the most widely used features in Android malware detection from one location. The static analysis module extracts features from both the manifest file and the source code of the application to obtain a broad array of features that include permissions, API call graphs and opcodes. The dynamic analysis module runs on the latest version of Android and analyses the complete behaviour of an application by tracking the system calls used, network traffic generated, API calls used and log files produced by the application.

Related papers

• Shelving it rather than Ditching it: Dynamically Debloating DEX and Native Methods of Android Applications without APK Modification [29.467587717542013]
  3DNDroid is a Dynamic Debloating approach targeting both DEX and Native methods in AnDroid apps. It intercepts invocations of debloated bytecode methods to prevent their interpretation, compilation, and execution. Evaluation demonstrates 3DNDroid's ability to debloat 187 DEX methods and 30 native methods across 55 real-world apps.
  arXiv  Detail & Related papers  (2025-01-09T04:34:00Z)
• Fakeium: A Dynamic Execution Environment for JavaScript Program Analysis [3.7980955101286322]
  Fakeium is a novel, open source, and lightweight execution environment designed for efficient, large-scale dynamic analysis of JavaScript programs. Fakeium complements traditional static analysis by providing additional API calls and string literals. Fakeium's flexibility and ability to detect hidden API calls, especially in obfuscated sources, highlights its potential as a valuable tool for security analysts to detect malicious behavior.
  arXiv  Detail & Related papers  (2024-10-28T09:27:26Z)
• Detecting Android Malware by Visualizing App Behaviors from Multiple Complementary Views [28.69137642535078]
  We propose and implement LensDroid, a novel technique that detects Android malware by visualizing app behaviors from multiple complementary views. Our goal is to harness the power of combining deep learning and software visualization to automatically capture and aggregate high-level features that are not inherently linked.
  arXiv  Detail & Related papers  (2024-10-08T16:00:27Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Android Malware Detection Based on RGB Images and Multi-feature Fusion [3.1244204900991623]
  This paper proposes an end-to-end Android malware detection technique based on RGB images and multi-feature fusion. Experiments demonstrate that the proposed method effectively captures Android malware characteristics, achieving an accuracy of up to 97.25%.
  arXiv  Detail & Related papers  (2024-08-29T14:18:54Z)
• Prompt Engineering-assisted Malware Dynamic Analysis Using GPT-4 [45.935748395725206]
  We introduce a prompt engineering-assisted malware dynamic analysis using GPT-4. In this method, GPT-4 is employed to create explanatory text for each API call within the API sequence. BERT is used to obtain the representation of the text, from which we derive the representation of the API sequence.
  arXiv  Detail & Related papers  (2023-12-13T17:39:44Z)
• Light up that Droid! On the Effectiveness of Static Analysis Features against App Obfuscation for Android Malware Detection [42.50353398405467]
  Malware authors have seen obfuscation as the mean to bypass malware detectors based on static analysis features. In this article we assess the impact of specific obfuscation techniques on common features extracted using static analysis. We propose a ML malware detector for Android that is robust against obfuscation and outperforms current state-of-the-art detectors.
  arXiv  Detail & Related papers  (2023-10-24T09:07:23Z)
• Linear Object Detection in Document Images using Multiple Object Tracking [58.720142291102135]
  Linear objects convey substantial information about document structure. Many approaches can recover some vector representation, but only one closed-source technique introduced in 1994. We propose a framework for accurate instance segmentation of linear objects in document images using Multiple Object Tracking.
  arXiv  Detail & Related papers  (2023-05-26T14:22:03Z)
• Distractor-Aware Fast Tracking via Dynamic Convolutions and MOT Philosophy [63.91005999481061]
  A practical long-term tracker typically contains three key properties, i.e. an efficient model design, an effective global re-detection strategy and a robust distractor awareness mechanism. We propose a two-task tracking frame work (named DMTrack) to achieve distractor-aware fast tracking via Dynamic convolutions (d-convs) and Multiple object tracking (MOT) philosophy. Our tracker achieves state-of-the-art performance on the LaSOT, OxUvA, TLP, VOT2018LT and VOT 2019LT benchmarks and runs in real-time (3x faster
  arXiv  Detail & Related papers  (2021-04-25T00:59:53Z)
• D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis [55.15995704119158]
  We propose D2A, a differential analysis based approach to label issues reported by static analysis tools. We use D2A to generate a large labeled dataset to train models for vulnerability identification.
  arXiv  Detail & Related papers  (2021-02-16T07:46:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.