Android malware classification with API call-grams
•
1 like•96 views
Master thesis of the Master of Engineering in Computer Science. My advisor was Prof. Leonardo Querzoni. Malware classification system with machine learning algorithms and static API call-grams extracted from the call graph of the disassembled code of the application.
Report
Share
Report
Share
Download to read offline
Recommended
Cryptographic misuse in android applications
Android developers use less secure cypto API's to develop applications and hackers find it easy to hack into the data.Here is a study about all those development flaws which distinguishes a developer from a cryptographer.Cryptolint is solution to all of it .People are still in terms of using AES,DES algorithms for their encryption decryotion but what they are not realising is people have found ways to crack this.There are security flaws like in password storage applications where all passwords are stored in a normal text file.Cryptolint provides ways to find all these flaws and give remedies for same.
Cryptographic misuse
This document discusses cryptographic misuse in Android applications. It introduces Cryptolint, a tool that analyzes Android applications to detect typical cryptographic misuses. Cryptolint leverages the Androguard framework to extract control graphs from applications and check for violations of cryptographic best practices. The author analyzes over 11,000 Android applications and finds widespread cryptographic issues, with many applications improperly using static keys or non-random initialization vectors. Case studies of specific applications reveal real-world security vulnerabilities.
IRJET- Android Malware Detection using Deep Learning
This document summarizes a research paper that proposes a machine learning model to detect Android malware. It extracts permission data from a large dataset of benign and malicious Android apps. A deep learning model is trained on the permission data to classify unknown apps as benign or malicious. The model achieves 88% accuracy on the test data, which is higher than other techniques. However, it may be vulnerable to encryption techniques used by some malware to evade detection.
AppCoins @ Kyber event in Seoul (20 Jan 2018)
This is the presentation I used during my participation in the Kyber Network's event in Seoul, Korea. I talked briefly about Aptoide (the company behind AppCoins), about AppCoins (the new open-source app store protocol) and about the partnership with Kyber.
Malware Detection in Android Applications
Android is a Linux based operating system used for smart phone devices. Since 2008, Android devices gained huge market share due to its open architecture and popularity. Increased popularity of the Android devices and associated primary benefits attracted the malware developers. Rate of Android malware applications increased between 2008 and 2016. In this paper, we proposed dynamic malware detection approach for Android applications. In dynamic analysis, system calls are recorded to calculate the density of the system calls. For density calculation, we used two different lengths of system calls that are 3 gram and 5 gram. Furthermore, Naive Bayes algorithm is applied to classify applications as benign or malicious. The proposed algorithm detects malware using 100 real world samples of benign and malware applications. We observe that proposed method gives effective and accurate results. The 3 gram Naive Bayes algorithm detects 84 malware application correctly and 14 benign application incorrectly. The 5 gram Naive Bayes algorithm detects 88 malware application correctly and 10 benign application incorrectly. Mr. Tushar Patil | Prof. Bharti Dhote "Malware Detection in Android Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26449.pdfPaper URL: https://www.ijtsrd.com/engineering/computer-engineering/26449/malware-detection-in-android-applications/mr-tushar-patil
A Large-Scale Empirical Study on the Effects of Code Obfuscations on Android ...
The Android platform has been the dominant mobile platform in recent years resulting in millions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially from malicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation on Android apps and anti-malware products, we have conducted a large-scale empirical study that evaluates the effectiveness of the top anti-malware products against various obfuscation tools and strategies. To that end, we have obfuscated 3,000 benign apps and 3,000 malicious apps and generated 73,362 obfuscated apps using 29 obfuscation strategies from 7 open-source, academic, and commercial obfuscation tools. The findings of our study indicate that (1) code obfuscation significantly impacts Android anti-malware products; (2) the majority of anti-malware products are severely impacted by even trivial obfuscations; (3) in general, combined obfuscation strategies do not successfully evade anti-malware products more than individual strategies; (4) the detection of anti-malware products depend not only on the applied obfuscation strategy but also on the leveraged obfuscation tool; (5) anti-malware products are slow to adopt signatures of malicious apps; and (6) code obfuscation often results in changes to an app’s semantic behaviors.
AndRadar: Fast Discovery of Android Applications in Alternative Markets
Compared to traditional desktop software, Android applica- tions are delivered through software repositories, commonly known as application markets. Other mobile platforms, such as Apple iOS and BlackBerry OS also use the marketplace model, but what is unique to Android is the existence of a plethora of alternative application markets. This complicates the task of detecting and tracking Android malware. Identifying a malicious application in one particular market is simply not enough, as many instances of this application may exist in other markets. To quantify this phenomenon, we exhaustively crawled 8 markets between June and November 2013. Our findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of mal- ware, and some markets even allow authors to publish known malicious apps without prompt action.
Motivated by these findings, we present AndRadar, a framework for dis- covering multiple instances of a malicious Android application in a set of alternative application markets. AndRadar scans a set of markets in parallel to discover similar applications. Each lookup takes no more than a few seconds, regardless of the size of the marketplace. Moreover, it is modular, and new markets can be transparently added once the search and download URLs are known.
Using AndRadar we are able to achieve three goals. First, we can discover malicious applications in alternative markets, second, we can expose app distribution strategies used by malware developers, and third, we can moni- tor how different markets react to new malware. During a three-month eval- uation period, AndRadar tracked over 20,000 apps and recorded more than 1,500 app deletions in 16 markets. Nearly 8% of those deletions were related to apps that were hopping from market to market. The most established markets were able to react and delete new malware within tens of days from the malicious app publication date while other markets did not react at all.
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
This document discusses machine learning approaches for detecting malware in Android apps. It first classifies different types of malware like viruses, trojans, worms, spyware, adware, and ransomware. It then discusses important features for malware detection like n-grams, opcodes, strings, memory access, and API calls. The document reviews several papers on machine learning techniques for Android malware detection using methods like random forest, SVM, decision trees, and evaluating accuracy and efficiency. It proposes using ANN and SVM models to identify malicious and benign apps and providing a category-based machine learning approach to improve detection accuracy.
Recommended
Cryptographic misuse in android applications
Android developers use less secure cypto API's to develop applications and hackers find it easy to hack into the data.Here is a study about all those development flaws which distinguishes a developer from a cryptographer.Cryptolint is solution to all of it .People are still in terms of using AES,DES algorithms for their encryption decryotion but what they are not realising is people have found ways to crack this.There are security flaws like in password storage applications where all passwords are stored in a normal text file.Cryptolint provides ways to find all these flaws and give remedies for same.
Cryptographic misuse
This document discusses cryptographic misuse in Android applications. It introduces Cryptolint, a tool that analyzes Android applications to detect typical cryptographic misuses. Cryptolint leverages the Androguard framework to extract control graphs from applications and check for violations of cryptographic best practices. The author analyzes over 11,000 Android applications and finds widespread cryptographic issues, with many applications improperly using static keys or non-random initialization vectors. Case studies of specific applications reveal real-world security vulnerabilities.
IRJET- Android Malware Detection using Deep Learning
This document summarizes a research paper that proposes a machine learning model to detect Android malware. It extracts permission data from a large dataset of benign and malicious Android apps. A deep learning model is trained on the permission data to classify unknown apps as benign or malicious. The model achieves 88% accuracy on the test data, which is higher than other techniques. However, it may be vulnerable to encryption techniques used by some malware to evade detection.
AppCoins @ Kyber event in Seoul (20 Jan 2018)
This is the presentation I used during my participation in the Kyber Network's event in Seoul, Korea. I talked briefly about Aptoide (the company behind AppCoins), about AppCoins (the new open-source app store protocol) and about the partnership with Kyber.
Malware Detection in Android Applications
Android is a Linux based operating system used for smart phone devices. Since 2008, Android devices gained huge market share due to its open architecture and popularity. Increased popularity of the Android devices and associated primary benefits attracted the malware developers. Rate of Android malware applications increased between 2008 and 2016. In this paper, we proposed dynamic malware detection approach for Android applications. In dynamic analysis, system calls are recorded to calculate the density of the system calls. For density calculation, we used two different lengths of system calls that are 3 gram and 5 gram. Furthermore, Naive Bayes algorithm is applied to classify applications as benign or malicious. The proposed algorithm detects malware using 100 real world samples of benign and malware applications. We observe that proposed method gives effective and accurate results. The 3 gram Naive Bayes algorithm detects 84 malware application correctly and 14 benign application incorrectly. The 5 gram Naive Bayes algorithm detects 88 malware application correctly and 10 benign application incorrectly. Mr. Tushar Patil | Prof. Bharti Dhote "Malware Detection in Android Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26449.pdfPaper URL: https://www.ijtsrd.com/engineering/computer-engineering/26449/malware-detection-in-android-applications/mr-tushar-patil
A Large-Scale Empirical Study on the Effects of Code Obfuscations on Android ...
The Android platform has been the dominant mobile platform in recent years resulting in millions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially from malicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation on Android apps and anti-malware products, we have conducted a large-scale empirical study that evaluates the effectiveness of the top anti-malware products against various obfuscation tools and strategies. To that end, we have obfuscated 3,000 benign apps and 3,000 malicious apps and generated 73,362 obfuscated apps using 29 obfuscation strategies from 7 open-source, academic, and commercial obfuscation tools. The findings of our study indicate that (1) code obfuscation significantly impacts Android anti-malware products; (2) the majority of anti-malware products are severely impacted by even trivial obfuscations; (3) in general, combined obfuscation strategies do not successfully evade anti-malware products more than individual strategies; (4) the detection of anti-malware products depend not only on the applied obfuscation strategy but also on the leveraged obfuscation tool; (5) anti-malware products are slow to adopt signatures of malicious apps; and (6) code obfuscation often results in changes to an app’s semantic behaviors.
AndRadar: Fast Discovery of Android Applications in Alternative Markets
Compared to traditional desktop software, Android applica- tions are delivered through software repositories, commonly known as application markets. Other mobile platforms, such as Apple iOS and BlackBerry OS also use the marketplace model, but what is unique to Android is the existence of a plethora of alternative application markets. This complicates the task of detecting and tracking Android malware. Identifying a malicious application in one particular market is simply not enough, as many instances of this application may exist in other markets. To quantify this phenomenon, we exhaustively crawled 8 markets between June and November 2013. Our findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of mal- ware, and some markets even allow authors to publish known malicious apps without prompt action.
Motivated by these findings, we present AndRadar, a framework for dis- covering multiple instances of a malicious Android application in a set of alternative application markets. AndRadar scans a set of markets in parallel to discover similar applications. Each lookup takes no more than a few seconds, regardless of the size of the marketplace. Moreover, it is modular, and new markets can be transparently added once the search and download URLs are known.
Using AndRadar we are able to achieve three goals. First, we can discover malicious applications in alternative markets, second, we can expose app distribution strategies used by malware developers, and third, we can moni- tor how different markets react to new malware. During a three-month eval- uation period, AndRadar tracked over 20,000 apps and recorded more than 1,500 app deletions in 16 markets. Nearly 8% of those deletions were related to apps that were hopping from market to market. The most established markets were able to react and delete new malware within tens of days from the malicious app publication date while other markets did not react at all.
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
This document discusses machine learning approaches for detecting malware in Android apps. It first classifies different types of malware like viruses, trojans, worms, spyware, adware, and ransomware. It then discusses important features for malware detection like n-grams, opcodes, strings, memory access, and API calls. The document reviews several papers on machine learning techniques for Android malware detection using methods like random forest, SVM, decision trees, and evaluating accuracy and efficiency. It proposes using ANN and SVM models to identify malicious and benign apps and providing a category-based machine learning approach to improve detection accuracy.
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. AndroInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
Androinspector a system for
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. And roInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
Fraud and Malware Detection in Google Play by using Search Rank
1. The document presents a new system called FairPlay that aims to detect fraud and malware in Google Play apps.
2. FairPlay generates relational, behavioral and linguistic features from apps to train machine learning models to classify apps as fraudulent, benign, or malware.
3. Experimental results show that FairPlay achieves over 97% accuracy in detecting fraudulent apps and over 95% accuracy in detecting malware apps, outperforming existing approaches. FairPlay also discovered hundreds of fraudulent apps not detected by Google's systems.
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...IJCSIS Research Publications
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
Android is the most widely used operating system today and occupies more than 70% share of the smartphone market. It is also a popular target for attackers looking to exploit mobile operating systems for personal gains. More and more malware are targeting android operating system like Android Banking Trojans (ABTs) which are widely being discovered. To detect such malware, we propose a prediction model for ABTs that is based on hybrid analysis. The feature sets used with the machine learning algorithms are permissions, API calls, hidden application icon and device administrator. Feature selection methods based on frequency and gain ratio are used to minimize the number of features as well as to eliminate the low-impact features. The proposed system is able to achieve significant performance with selected machine learning algorithms and achieves accuracy up to 98% using random forest classifier.
Pindroid - Android Malware Detection Tool
This document describes PIndroid, a novel Android malware detection system that uses permissions and intents extracted from app manifest files along with ensemble learning methods. PIndroid analyzes apps' use of permissions, which provide access to device resources, and intents, which enable communication. It extracts these features, preprocesses the data, and classifies apps using multiple machine learning classifiers. PIndroid achieves high detection accuracy while requiring less analysis time than other approaches. The system is effective at identifying malware families and could also detect colluding apps.
IRJET- Android Malware Detection System
This document presents a proposed machine learning-based Android malware detection system. It discusses how Android devices are increasingly being targeted by malware due to the open nature of the Android app marketplace. The proposed system would use machine learning classifiers to analyze permission-based features and events from Android apps to classify them as goodware or malware. It would monitor apps and detect malware to enhance security and privacy for smartphone users. The system design uses k-means clustering and naive Bayes classification on XML and DEX file features to detect malware in two layers if needed.
Humming bad research-report-final-62916
This document analyzes the HummingBad Android malware campaign. It found that the campaign is run by a Chinese company called Yingmob and infects over 85 million Android devices worldwide, generating $300,000 per month for Yingmob through fraudulent ad revenue and app installations. The document provides details on how HummingBad works, the organization behind it, and its global reach and monetary impact.
Permission based Android Malware Detection using Random Forest
This document presents a machine learning approach for detecting unknown Android malware using permissions as features. The study collected 15,000 malware and 15,000 benign Android applications and extracted Android Open Source Project (AOSP) permissions and third-party permissions as features. A random forest classifier was trained on these features with 10-fold cross-validation. The random forest model achieved 91.1% accuracy for AOSP permissions and 72.3% accuracy for third-party permissions in classifying malware applications. The methodology demonstrates the potential for discovering new anomalous Android applications through a machine learning technique focused on permission features.
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
The slides are used in ASE 2016 for presentation of paper Taming Android Fragmentation: Characterizing and Detecting Compatibility Issues for Android Apps
Eurecom уличили приложения для Android в тайной от пользователя активности
This research report summarizes a study that characterized the network behavior of Android applications through analyzing the URLs they connect to. The researchers developed a lightweight methodology to automatically extract network traces from applications and categorize the destination URLs. They found instances of excessive advertising, user tracking, and connections to previously suspicious sites. To provide visibility into app network activity, the researchers also developed an Android application to monitor outgoing traffic and identify destinations in categories like ads, trackers, and suspicious sites.
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
This document describes research on using data mining techniques to detect permission-induced risks in Android devices. It aims to develop a malware-free application using permission ranking, similarity-based feature selection, and association rule mining. These techniques are used to rank permissions and detect malware applications based on their permissions. The random forest algorithm is then applied to further increase the accuracy of malware detection. The proposed system detects malicious applications and notifies users, allowing them to block apps if desired. It analyzes app permissions to identify malware while improving on existing detection methods.
Slide Intervento Zanero Giornata del Perito 2015
Le slide dell'intervento del Prof. Stefano Zanero alla Giornata del perito 2015 di Modena dal titolo "Mobile malware tra mito e realtà: quante volte possiamo gridare al lupo?"
Survey on Fraud Malware Detection in Google Play Store
This document discusses methods for detecting fraud and malware in mobile applications on the Google Play Store. It proposes an incremental learning framework that aggregates evidence from an app's ratings, reviews, and rankings over time to detect suspicious changes that may indicate fraud. The framework characterizes large datasets of apps and can be extended with additional evidence sources. An experiment on real app data validated that the proposed approach more effectively detects fraud compared to existing methods. The framework provides accurate fraud assessments while being scalable to the large number of apps on Google Play.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152 malware samples belonging to 16 families and 523 benign samples.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a
software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152
malware samples belonging to 16 families and 523 benign samples.
Reading Group Presentation: Why Eve and Mallory Love Android
This presentation contains multiple pointers to academic research pertaining to Android and its security model. I presented these works to a weekly Security and Privacy reading group.
The academic proceeding can be found here:
www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
Are free Android app security analysis tools effective in detecting known vul...
Are free Android app security analysis tools effective in detecting known vul...Venkatesh Prasad Ranganath
An evaluation of the effectiveness of 14 Android security analysis tools in detecting 42 known vulnerabilities spread across different aspects of apps, e.g., crypto, ICC, web.
It is also the first evaluation of representativess of vulnerability benchmarks -- is the manifestation of the vulnerability in the benchmark similar to its manifestation in real world apps?Android security
The document summarizes a research paper that studied detecting malicious Android applications in official and third-party Android app markets. The researchers developed a system called DroidRanger that uses permission-based filtering and behavioral analysis to detect both known and unknown malware. DroidRanger revealed 211 malicious apps total, with 32 from the official market and 179 from alternative markets. It also discovered a sophisticated zero-day malware with 40 samples, 11 of which were in the official market.
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
Android being a widely used mobile platform has witnessed an increase in the number of malicious samples on its market place. The availability of multiple sources for downloading
applications has also contributed to users falling prey to malicious applications. Classification of an Android application as malicious or benign remains a challenge as malicious applications maneuver to pose themselves as benign. This paper presents an approach which extracts various features from Android Application Package file (APK) using static analysis and subsequently classifies using machine learning techniques. The contribution of this work includes deriving, extracting and analyzing crucial features of Android applications that aid in efficient classification. The analysis is carried out using various machine learning algorithms
with both weighted and non-weighted approaches. It was observed that weighted approach depicts higher detection rates using fewer features. Random Forest algorithm exhibited high detection rate and shows the least false positive rate.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
More Related Content
Similar to Android malware classification with API call-grams
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. AndroInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
Androinspector a system for
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. And roInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
Fraud and Malware Detection in Google Play by using Search Rank
1. The document presents a new system called FairPlay that aims to detect fraud and malware in Google Play apps.
2. FairPlay generates relational, behavioral and linguistic features from apps to train machine learning models to classify apps as fraudulent, benign, or malware.
3. Experimental results show that FairPlay achieves over 97% accuracy in detecting fraudulent apps and over 95% accuracy in detecting malware apps, outperforming existing approaches. FairPlay also discovered hundreds of fraudulent apps not detected by Google's systems.
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...IJCSIS Research Publications
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
Android is the most widely used operating system today and occupies more than 70% share of the smartphone market. It is also a popular target for attackers looking to exploit mobile operating systems for personal gains. More and more malware are targeting android operating system like Android Banking Trojans (ABTs) which are widely being discovered. To detect such malware, we propose a prediction model for ABTs that is based on hybrid analysis. The feature sets used with the machine learning algorithms are permissions, API calls, hidden application icon and device administrator. Feature selection methods based on frequency and gain ratio are used to minimize the number of features as well as to eliminate the low-impact features. The proposed system is able to achieve significant performance with selected machine learning algorithms and achieves accuracy up to 98% using random forest classifier.
Pindroid - Android Malware Detection Tool
This document describes PIndroid, a novel Android malware detection system that uses permissions and intents extracted from app manifest files along with ensemble learning methods. PIndroid analyzes apps' use of permissions, which provide access to device resources, and intents, which enable communication. It extracts these features, preprocesses the data, and classifies apps using multiple machine learning classifiers. PIndroid achieves high detection accuracy while requiring less analysis time than other approaches. The system is effective at identifying malware families and could also detect colluding apps.
IRJET- Android Malware Detection System
This document presents a proposed machine learning-based Android malware detection system. It discusses how Android devices are increasingly being targeted by malware due to the open nature of the Android app marketplace. The proposed system would use machine learning classifiers to analyze permission-based features and events from Android apps to classify them as goodware or malware. It would monitor apps and detect malware to enhance security and privacy for smartphone users. The system design uses k-means clustering and naive Bayes classification on XML and DEX file features to detect malware in two layers if needed.
Humming bad research-report-final-62916
This document analyzes the HummingBad Android malware campaign. It found that the campaign is run by a Chinese company called Yingmob and infects over 85 million Android devices worldwide, generating $300,000 per month for Yingmob through fraudulent ad revenue and app installations. The document provides details on how HummingBad works, the organization behind it, and its global reach and monetary impact.
Permission based Android Malware Detection using Random Forest
This document presents a machine learning approach for detecting unknown Android malware using permissions as features. The study collected 15,000 malware and 15,000 benign Android applications and extracted Android Open Source Project (AOSP) permissions and third-party permissions as features. A random forest classifier was trained on these features with 10-fold cross-validation. The random forest model achieved 91.1% accuracy for AOSP permissions and 72.3% accuracy for third-party permissions in classifying malware applications. The methodology demonstrates the potential for discovering new anomalous Android applications through a machine learning technique focused on permission features.
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
The slides are used in ASE 2016 for presentation of paper Taming Android Fragmentation: Characterizing and Detecting Compatibility Issues for Android Apps
Eurecom уличили приложения для Android в тайной от пользователя активности
This research report summarizes a study that characterized the network behavior of Android applications through analyzing the URLs they connect to. The researchers developed a lightweight methodology to automatically extract network traces from applications and categorize the destination URLs. They found instances of excessive advertising, user tracking, and connections to previously suspicious sites. To provide visibility into app network activity, the researchers also developed an Android application to monitor outgoing traffic and identify destinations in categories like ads, trackers, and suspicious sites.
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
This document describes research on using data mining techniques to detect permission-induced risks in Android devices. It aims to develop a malware-free application using permission ranking, similarity-based feature selection, and association rule mining. These techniques are used to rank permissions and detect malware applications based on their permissions. The random forest algorithm is then applied to further increase the accuracy of malware detection. The proposed system detects malicious applications and notifies users, allowing them to block apps if desired. It analyzes app permissions to identify malware while improving on existing detection methods.
Slide Intervento Zanero Giornata del Perito 2015
Le slide dell'intervento del Prof. Stefano Zanero alla Giornata del perito 2015 di Modena dal titolo "Mobile malware tra mito e realtà: quante volte possiamo gridare al lupo?"
Survey on Fraud Malware Detection in Google Play Store
This document discusses methods for detecting fraud and malware in mobile applications on the Google Play Store. It proposes an incremental learning framework that aggregates evidence from an app's ratings, reviews, and rankings over time to detect suspicious changes that may indicate fraud. The framework characterizes large datasets of apps and can be extended with additional evidence sources. An experiment on real app data validated that the proposed approach more effectively detects fraud compared to existing methods. The framework provides accurate fraud assessments while being scalable to the large number of apps on Google Play.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152 malware samples belonging to 16 families and 523 benign samples.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a
software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152
malware samples belonging to 16 families and 523 benign samples.
Reading Group Presentation: Why Eve and Mallory Love Android
This presentation contains multiple pointers to academic research pertaining to Android and its security model. I presented these works to a weekly Security and Privacy reading group.
The academic proceeding can be found here:
www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
Are free Android app security analysis tools effective in detecting known vul...
Are free Android app security analysis tools effective in detecting known vul...Venkatesh Prasad Ranganath
An evaluation of the effectiveness of 14 Android security analysis tools in detecting 42 known vulnerabilities spread across different aspects of apps, e.g., crypto, ICC, web.
It is also the first evaluation of representativess of vulnerability benchmarks -- is the manifestation of the vulnerability in the benchmark similar to its manifestation in real world apps?Android security
The document summarizes a research paper that studied detecting malicious Android applications in official and third-party Android app markets. The researchers developed a system called DroidRanger that uses permission-based filtering and behavioral analysis to detect both known and unknown malware. DroidRanger revealed 211 malicious apps total, with 32 from the official market and 179 from alternative markets. It also discovered a sophisticated zero-day malware with 40 samples, 11 of which were in the official market.
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
Android being a widely used mobile platform has witnessed an increase in the number of malicious samples on its market place. The availability of multiple sources for downloading
applications has also contributed to users falling prey to malicious applications. Classification of an Android application as malicious or benign remains a challenge as malicious applications maneuver to pose themselves as benign. This paper presents an approach which extracts various features from Android Application Package file (APK) using static analysis and subsequently classifies using machine learning techniques. The contribution of this work includes deriving, extracting and analyzing crucial features of Android applications that aid in efficient classification. The analysis is carried out using various machine learning algorithms
with both weighted and non-weighted approaches. It was observed that weighted approach depicts higher detection rates using fewer features. Random Forest algorithm exhibited high detection rate and shows the least false positive rate.
Similar to Android malware classification with API call-grams (20)
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
Fraud and Malware Detection in Google Play by using Search Rank
Fraud and Malware Detection in Google Play by using Search Rank
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...
Detecting Windows Operating System’s Ransomware based on Statistical Analysis...
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
Permission based Android Malware Detection using Random Forest
Permission based Android Malware Detection using Random Forest
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
Eurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активности
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
Survey on Fraud Malware Detection in Google Play Store
Survey on Fraud Malware Detection in Google Play Store
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
Are free Android app security analysis tools effective in detecting known vul...
Are free Android app security analysis tools effective in detecting known vul...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
Recently uploaded
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
dbms calicut university B. sc Cs 4th sem.pdf
Its a seminar ppt on database management system using sql
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Recently uploaded (20)
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Android malware classification with API call-grams
- 1. Sara Veterini Sapienza, Università di Roma Master in Engineering in Computer Science Android Malware Classification with API call-grams
- 2. 15/01/2018Android Malware Classification with API call-grams Page 2 Does Android malware exist? Yes. And it is also growing. Symantec observed 18.4 million detections in 2016, double than 2015
- 3. 15/01/2018Android Malware Classification with API call-grams Page 3 Why does Android malware exist? • Smartphones contain sensitive data monetize! • It is easy to develop it banking trojans are sold in the black market for 200 $ • It is easy to distribute it third party stores
- 4. 15/01/2018Android Malware Classification with API call-grams Page 4 What is Google doing? • Google Bouncer, an antivirus system that scans both new and existing apps on Google Play Store • Google Play Protect, integration of Google Play application that scans your device But..
- 5. 15/01/2018Android Malware Classification with API call-grams Page 5 What can we do? • Detection: understanding if the sample is malware or not • Classification: understanding which family the malware belongs to Both detection and classification can be performed with machine learning techniques learn autonomously, with the help of a knowledge base of many analyzed samples
- 6. 15/01/2018Android Malware Classification with API call-grams Page 6 State of the art - Features
- 7. 15/01/2018Android Malware Classification with API call-grams Page 7 State of the art - Features
- 8. 15/01/2018Android Malware Classification with API call-grams Page 8 Distribution of works by feature used
- 9. 15/01/2018Android Malware Classification with API call-grams Page 9 Distribution of works by feature used
- 10. 15/01/2018Android Malware Classification with API call-grams Page 10 Thesis contributions • Malware classification system with machine learning algorithms • Static features only: API call-grams (apigrams) extracted from the call graph of the application, that are sequences of API calls in order
- 11. 15/01/2018Android Malware Classification with API call-grams Page 11 What is an apigram? • Example:
- 12. 15/01/2018Android Malware Classification with API call-grams Page 12 Proposed approach • Extract call graph of the apk with Androguard library • Create apigrams of length 3 from the graph • Discard apigrams occurring in just one apk: they are not representative! • Build a matrix of size N * M: – Each row of the matrix is a binary vector representing an apk a – each element eag corresponds to a particular apigram ag
- 13. 15/01/2018Android Malware Classification with API call-grams Page 13 Proposed approach • Apigrams are extracted with two levels of abstraction • 1st level, complete apigrams, containing: – Activity name where the method is called – Method name – Method descriptor • 2nd level, abstracted apigrams: – Activity name – Method name
- 14. 15/01/2018Android Malware Classification with API call-grams Page 14 Proposed approach • Before building the matrix, feature selection with Chi- Square algorithm is applied • Objective: reduce the number of features (they can reach the magnitude of millions), and keep the best ones • Classification is performed with Random Forest and Decision Tree algorithms
- 15. 15/01/2018Android Malware Classification with API call-grams Page 15 Datasets • Tests made on two datasets. • Drebin: it contains 5,560 malware samples in the period from 2010 to 2012. Many approaches have been tested on it. • AndroZoo: updated dataset, it currently contains 5,704,998 samples. For each application, it gives its type and its family, collected from VirusTotal reports with an automatic tool.
- 16. 15/01/2018Android Malware Classification with API call-grams Page 16 Tests • Drebin experiments: – First: we classified taking the 9 biggest families, 100 samples for each, obtaining a perfectly balanced set, both with normal and abstracted apigrams. – Second: we classified taking all samples of those 9 families, obtaining an unbalanced set. • AndroZoo experiments (both with normal and abstracted apigrams) : – First: we classified taking 9 families of type “trojan”, 100 samples each, most of them are the same of the 9 families from Drebin. – Second: we classified taking 9 families of different type, 100 samples each, to see the differences in the two classifications.
- 17. 15/01/2018Android Malware Classification with API call-grams Page 17 Results – Drebin Features selected Accuracy
- 18. 15/01/2018Android Malware Classification with API call-grams Page 18 Results – AndroZoo – 9 trojan families Features selected Accuracy
- 19. 15/01/2018Android Malware Classification with API call-grams Page 19 Results – AndroZoo – 9 different families Features selected Accuracy
- 20. 15/01/2018Android Malware Classification with API call-grams Page 20 Conclusions and future work • Accuracies of tests with trojans only fall in a range 82-87 % • Accuracies with families of different types reach 94-95% • A future work direction may be trying the same tests I did with trojans on other types of malware • Also, it can be interesting to find more levels of abstraction of apigrams, to see which information must be kept in the string to reach highest accuracy, in parallel with the previous tests I suggested, on other types of malware