Detecting Android Malware by Visualizing App Behaviors from Multiple Complementary Views
- URL: http://arxiv.org/abs/2410.06157v1
- Date: Tue, 8 Oct 2024 16:00:27 GMT
- Title: Detecting Android Malware by Visualizing App Behaviors from Multiple Complementary Views
- Authors: Zhaoyi Meng, Jiale Zhang, Jiaqi Guo, Wansen Wang, Wenchao Huang, Jie Cui, Hong Zhong, Yan Xiong,
- Abstract summary: We propose and implement LensDroid, a novel technique that detects Android malware by visualizing app behaviors from multiple complementary views.
Our goal is to harness the power of combining deep learning and software visualization to automatically capture and aggregate high-level features that are not inherently linked.
- Score: 28.69137642535078
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep learning has emerged as a promising technology for achieving Android malware detection. To further unleash its detection potentials, software visualization can be integrated for analyzing the details of app behaviors clearly. However, facing increasingly sophisticated malware, existing visualization-based methods, analyzing from one or randomly-selected few views, can only detect limited attack types. We propose and implement LensDroid, a novel technique that detects Android malware by visualizing app behaviors from multiple complementary views. Our goal is to harness the power of combining deep learning and software visualization to automatically capture and aggregate high-level features that are not inherently linked, thereby revealing hidden maliciousness of Android app behaviors. To thoroughly comprehend the details of apps, we visualize app behaviors from three related but distinct views of behavioral sensitivities, operational contexts and supported environments. We then extract high-order semantics based on the views accordingly. To exploit semantic complementarity of the views, we design a deep neural network based model for fusing the visualized features from local to global based on their contributions to downstream tasks. A comprehensive comparison with five baseline techniques is performed on datasets of more than 51K apps in three real-world typical scenarios, including overall threats, app evolution and zero-day malware. The experimental results show that the overall performance of LensDroid is better than the baseline techniques. We also validate the complementarity of the views and demonstrate that the multi-view fusion in LensDroid enhances Android malware detection.
Related papers
- The Impact of Train-Test Leakage on Machine Learning-based Android Malware Detection [6.9053043489744015]
We identify distinct Android apps that have identical or nearly identical app representations.
This will lead to a data leakage problem that inflates a machine learning model's performance.
We propose a leak-aware scheme to construct a machine learning-based Android malware detector.
arXiv Detail & Related papers (2024-10-25T08:04:01Z) - MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware.
We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph.
This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z) - Android Malware Detection Based on RGB Images and Multi-feature Fusion [3.1244204900991623]
This paper proposes an end-to-end Android malware detection technique based on RGB images and multi-feature fusion.
Experiments demonstrate that the proposed method effectively captures Android malware characteristics, achieving an accuracy of up to 97.25%.
arXiv Detail & Related papers (2024-08-29T14:18:54Z) - AppPoet: Large Language Model based Android malware detection via multi-view prompt engineering [1.3197408989895103]
AppPoet is a multi-view system for Android malware detection.
Our method achieves a detection accuracy of 97.15% and an F1 score of 97.21%, which is superior to the baseline methods.
arXiv Detail & Related papers (2024-04-29T15:52:45Z) - Can you See me? On the Visibility of NOPs against Android Malware Detectors [1.2187048691454239]
This paper proposes a visibility metric that assesses the difficulty in spotting NOPs and similar non-operational codes.
We tested our metric on a state-of-the-art, opcode-based deep learning system for Android malware detection.
arXiv Detail & Related papers (2023-12-28T20:48:16Z) - Open Gaze: Open Source eye tracker for smartphone devices using Deep Learning [0.0]
We present an open-source implementation of a smartphone-based gaze tracker that emulates the methodology proposed by a GooglePaper.
Through the integration of machine learning techniques, we unveil an accurate eye tracking solution that is native to smartphones.
Our findings exhibit the inherent potential to amplify eye movement research by significant proportions.
arXiv Detail & Related papers (2023-08-25T17:10:22Z) - Towards a Fair Comparison and Realistic Design and Evaluation Framework
of Android Malware Detectors [63.75363908696257]
We analyze 10 influential research works on Android malware detection using a common evaluation framework.
We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models.
We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
arXiv Detail & Related papers (2022-05-25T08:28:08Z) - Simple Transparent Adversarial Examples [65.65977217108659]
We introduce secret embedding and transparent adversarial examples as a simpler way to evaluate robustness.
As a result, they pose a serious threat where APIs are used for high-stakes applications.
arXiv Detail & Related papers (2021-05-20T11:54:26Z) - Anomaly Detection in Video via Self-Supervised and Multi-Task Learning [113.81927544121625]
Anomaly detection in video is a challenging computer vision problem.
In this paper, we approach anomalous event detection in video through self-supervised and multi-task learning at the object level.
arXiv Detail & Related papers (2020-11-15T10:21:28Z) - Visual Imitation Made Easy [102.36509665008732]
We present an alternate interface for imitation that simplifies the data collection process while allowing for easy transfer to robots.
We use commercially available reacher-grabber assistive tools both as a data collection device and as the robot's end-effector.
We experimentally evaluate on two challenging tasks: non-prehensile pushing and prehensile stacking, with 1000 diverse demonstrations for each task.
arXiv Detail & Related papers (2020-08-11T17:58:50Z) - Exploit Clues from Views: Self-Supervised and Regularized Learning for
Multiview Object Recognition [66.87417785210772]
This work investigates the problem of multiview self-supervised learning (MV-SSL)
A novel surrogate task for self-supervised learning is proposed by pursuing "object invariant" representation.
Experiments shows that the recognition and retrieval results using view invariant prototype embedding (VISPE) outperform other self-supervised learning methods.
arXiv Detail & Related papers (2020-03-28T07:06:06Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.