ActDroid: An active learning framework for Android malware detection

• URL: http://arxiv.org/abs/2401.16982v1
• Date: Tue, 30 Jan 2024 13:10:33 GMT
• Title: ActDroid: An active learning framework for Android malware detection
• Authors: Ali Muzaffar, Hani Ragab Hassen, Hind Zantout, Michael A Lones
• Abstract summary: A new piece of malware appears online every 12 seconds. Online learning can be used to mitigate the problem of labelling applications. Our framework achieves accuracies of up to 96%.
• Score: 3.195234044113248
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The growing popularity of Android requires malware detection systems that can keep up with the pace of new software being released. According to a recent study, a new piece of malware appears online every 12 seconds. To address this, we treat Android malware detection as a streaming data problem and explore the use of active online learning as a means of mitigating the problem of labelling applications in a timely and cost-effective manner. Our resulting framework achieves accuracies of up to 96\%, requires as little of 24\% of the training data to be labelled, and compensates for concept drift that occurs between the release and labelling of an application. We also consider the broader practicalities of online learning within Android malware detection, and systematically explore the trade-offs between using different static, dynamic and hybrid feature sets to classify malware.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Detecting Android Malware: From Neural Embeddings to Hands-On Validation with BERTroid [0.38233569758620056]
  We present BERTroid, an innovative malware detection model built on the BERT architecture. BERTroid emerged as a promising solution for combating Android malware. Our approach has demonstrated promising resilience against the rapid evolution of malware on Android systems.
  arXiv  Detail & Related papers  (2024-05-06T16:35:56Z)
• MalDICT: Benchmark Datasets on Malware Behaviors, Platforms, Exploitation, and Packers [44.700094741798445]
  Existing research on malware classification focuses almost exclusively on two tasks: distinguishing between malicious and benign files and classifying malware by family. We have identified four tasks which are under-represented in prior work: classification by behaviors that malware exhibit, platforms that malware run on, vulnerabilities that malware exploit, and packers that malware are packed with. We are releasing benchmark datasets for each of these four classification tasks, tagged using ClarAVy and comprising nearly 5.5 million malicious files in total.
  arXiv  Detail & Related papers  (2023-10-18T04:36:26Z)
• A survey on hardware-based malware detection approaches [45.24207460381396]
  Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess. We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
  arXiv  Detail & Related papers  (2023-03-22T13:00:41Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Continuous Learning for Android Malware Detection [15.818435778629635]
  We propose a new hierarchical contrastive learning scheme, and a new sample selection technique to continuously train the Android malware classifier. Our approach reduces the false negative rate from 14% (for the best baseline) to 9%, while also reducing the false positive rate (from 0.86% to 0.48%).
  arXiv  Detail & Related papers  (2023-02-08T20:54:11Z)
• Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art [44.975088044180374]
  This paper focuses on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware. We first outline the general learning framework of Windows PE malware detection based on ML/DL. We then highlight three unique challenges of performing adversarial attacks in the context of PE malware.
  arXiv  Detail & Related papers  (2021-12-23T02:12:43Z)
• Android Malware Category and Family Detection and Identification using Machine Learning [0.0]
  We present two machine-learning approaches for Dynamic Analysis of Android Malware. Our approach achieves in Android Malware Category detection more than 96 % accurate and achieves in Android Malware Family detection more than 99% accurate.
  arXiv  Detail & Related papers  (2021-07-05T10:48:40Z)
• Deep Learning for Android Malware Defenses: a Systematic Literature Review [16.2206504908646]
  Malicious applications (especially in the Android platform) are a serious threat to developers and end-users. Deep learning techniques to thwart the attack of Android malware has recently gained considerable research attention. Yet, there exists no systematic literature review that focuses on deep learning approaches for Android Malware defenses.
  arXiv  Detail & Related papers  (2021-03-09T08:33:08Z)
• Identification of Significant Permissions for Efficient Android Malware Detection [2.179313476241343]
  One out of every five business/industry mobile application leaks sensitive personal data. Traditional signature/heuristic-based malware detection systems are unable to cope up with current malware challenges. We propose an efficient Android malware detection system using machine learning and deep neural network.
  arXiv  Detail & Related papers  (2021-02-28T22:07:08Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.