This document proposes using a Long Short-Term Memory (LSTM) neural network to detect and classify Android malware by analyzing app permissions. The LSTM network takes app permissions as input and is evaluated on a dataset of legitimate and malicious Android apps. The LSTM network achieves accurate malware detection and outperforms a traditional RNN network according to evaluation results. Future work is needed to better understand the internal dynamics of the LSTM network for malware classification.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152 malware samples belonging to 16 families and 523 benign samples.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a
software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152
malware samples belonging to 16 families and 523 benign samples.
Mobile botnets are the serious issue about the mobile devices such as car, smartphones, tablets,etc. Mobile botnets are the botnets which are occurred on smartphones and automobile devices. Such threat can be detected by using machine learning algorithms and system call analysis approach.
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMSAAKANKSHA JAIN
Slide present statistical mining of Malicious-Executable dataset collected from various antivirus log-files and other sources.
Further classifications of malicious code as per their impact on user's system & distinguishes threats on the muse in their connected severity.
Implementation of the algorithms JRIP ,PART and RIDOR in additional economical manner to acquire a level of accuracy to the classification results.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152 malware samples belonging to 16 families and 523 benign samples.
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
In the era of information technology and connected world, detecting malware has been a major security concern for individuals, companies and even for states. The New generation of malware samples upgraded with advanced protection mechanism such as packing, and obfuscation frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior thanks to its description capability of a
software functionality. In this paper, we propose an effective and efficient malware detection method that uses sequential pattern mining algorithm to discover representative and discriminative API call patterns. Then, we apply three machine learning algorithms to classify malware samples. Based on the experimental results, the proposed method assures favorable results with 0.999 F-measure on a dataset including 8152
malware samples belonging to 16 families and 523 benign samples.
Mobile botnets are the serious issue about the mobile devices such as car, smartphones, tablets,etc. Mobile botnets are the botnets which are occurred on smartphones and automobile devices. Such threat can be detected by using machine learning algorithms and system call analysis approach.
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMSAAKANKSHA JAIN
Slide present statistical mining of Malicious-Executable dataset collected from various antivirus log-files and other sources.
Further classifications of malicious code as per their impact on user's system & distinguishes threats on the muse in their connected severity.
Implementation of the algorithms JRIP ,PART and RIDOR in additional economical manner to acquire a level of accuracy to the classification results.
Today’s threats have become very complex and serious in their packing and encryption techniques. Every day new malware variants are becoming increasingly in quantity together with quality by using packing and encrypting techniques. The challenges in this research field are the traditional malware detection systems sometimes might fail to detect new malware variants and produces false alarms. Malicious software in the form of virus, worm, trojan, ransom, and spy harms our computer systems, network environment, and organizations in various ways. Therefore, malware analysis for detection and family classification plays a significant role in Cyber Crime Incident Handling Systems. This system contributes malware family classification with 10 prominent features by conduction feature selection process. The process of labeling the malicious samples using Regular Expressions has been contributed in this approach. The proposed malware classification system provides 7 different families including malware and benign using machine learning classifiers. The finding from our experiment proves that the selected 10 API features provide the best evaluation metrics in terms of accuracy, precision-recall, and ROC scores.
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
In recent years, cyber defenders protecting enterprise networks have started incorporating malware code sharing identification tools into their workflows. These tools compare new malware samples to a large databases of known malware samples, in order to identify samples with shared code relationships. When unknown malware binaries are found to share code "fingerprints" with malware from known adversaries, they provides a key clue into which adversary is generating these new binaries, thus helping develop a general mitigation strategy against that family of threats. The efficacy of code sharing identification systems is demonstrated every day, as new family of threats are discovered, and countermeasures are rapidly developed for them. Unfortunately, these systems are hard to maintain, deploy, and adapt to evolving threats. First and foremost, these systems do not learn to adapt to new malware obfuscation strategies, meaning they will continuously fall out of date with adversary tradecraft, requiring, periodically, a manually intensive tuning in order to adjust the formulae used for similarity between malware. In addition, these systems require an up to date, well maintained database of recent threats in order to provide relevant results. Such a database is difficult to deploy, and hard and expensive to maintain for smaller organizations. In order to address these issues we developed a new malware similarity detection approach. This approach, not only significantly reduces the need for manual tuning of the similarity formulate, but also allows for significantly smaller deployment footprint and provides significant increase in accuracy. Our family/similarity detection system is the first to use deep neural networks for code sharing identification, automatically learning to see through adversary tradecraft, thereby staying up to date with adversary evolution. Using traditional string similarity features our approach increased accuracy by 10%, from 65% to 75%. Using an advanced set of features that we specifically designed for malware classification, our approach has 98% accuracy. In this presentation we describe how our method works, why it is able to significantly improve upon current approaches, and how this approach can be easily adapted and tuned to individual/organization needs of the attendees.
(Source: Black Hat USA 2016, Las Vegas)
Intrusion detection system based on web usage miningIJCSEA Journal
This artical present a system developed to find cyber threats automatically based on web usage mining
methods in application layer. This system is an off-line intrusion detection system which includes different
part to detect attacks and as a result helps find different kinds of attacks with different dispersals. In this
study web server access logs used as the input data and after pre-processing, scanners and all identified
attacks will be detected. As the next step, vectors feature from web access logs and parameters sent by
HTTP will derived by three different means and at the end by employment of two clustering algorithms
based on K-Means, anomaly behaviour of data are detached. Tentative results derived from this system
represent that used methods are more applicable than similar systems because this system covers different
kinds of attacks and mostly increase the accuracy and decrease false alarms.
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
This research introduces a novel method for predicting Android ransomware attacks using categorical classification techniques. By analyzing features extracted from Android applications, the model effectively identifies malicious behavior, providing a proactive defense against ransomware threats on mobile devices. Enhancing security and ensuring a safer mobile ecosystem.
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDIJNSA Journal
Android is the most widely used operating system today and occupies more than 70% share of the smartphone market. It is also a popular target for attackers looking to exploit mobile operating systems for personal gains. More and more malware are targeting android operating system like Android Banking Trojans (ABTs) which are widely being discovered. To detect such malware, we propose a prediction model for ABTs that is based on hybrid analysis. The feature sets used with the machine learning algorithms are permissions, API calls, hidden application icon and device administrator. Feature selection methods based on frequency and gain ratio are used to minimize the number of features as well as to eliminate the low-impact features. The proposed system is able to achieve significant performance with selected machine learning algorithms and achieves accuracy up to 98% using random forest classifier.
Today’s threats have become very complex and serious in their packing and encryption techniques. Every day new malware variants are becoming increasingly in quantity together with quality by using packing and encrypting techniques. The challenges in this research field are the traditional malware detection systems sometimes might fail to detect new malware variants and produces false alarms. Malicious software in the form of virus, worm, trojan, ransom, and spy harms our computer systems, network environment, and organizations in various ways. Therefore, malware analysis for detection and family classification plays a significant role in Cyber Crime Incident Handling Systems. This system contributes malware family classification with 10 prominent features by conduction feature selection process. The process of labeling the malicious samples using Regular Expressions has been contributed in this approach. The proposed malware classification system provides 7 different families including malware and benign using machine learning classifiers. The finding from our experiment proves that the selected 10 API features provide the best evaluation metrics in terms of accuracy, precision-recall, and ROC scores.
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
In recent years, cyber defenders protecting enterprise networks have started incorporating malware code sharing identification tools into their workflows. These tools compare new malware samples to a large databases of known malware samples, in order to identify samples with shared code relationships. When unknown malware binaries are found to share code "fingerprints" with malware from known adversaries, they provides a key clue into which adversary is generating these new binaries, thus helping develop a general mitigation strategy against that family of threats. The efficacy of code sharing identification systems is demonstrated every day, as new family of threats are discovered, and countermeasures are rapidly developed for them. Unfortunately, these systems are hard to maintain, deploy, and adapt to evolving threats. First and foremost, these systems do not learn to adapt to new malware obfuscation strategies, meaning they will continuously fall out of date with adversary tradecraft, requiring, periodically, a manually intensive tuning in order to adjust the formulae used for similarity between malware. In addition, these systems require an up to date, well maintained database of recent threats in order to provide relevant results. Such a database is difficult to deploy, and hard and expensive to maintain for smaller organizations. In order to address these issues we developed a new malware similarity detection approach. This approach, not only significantly reduces the need for manual tuning of the similarity formulate, but also allows for significantly smaller deployment footprint and provides significant increase in accuracy. Our family/similarity detection system is the first to use deep neural networks for code sharing identification, automatically learning to see through adversary tradecraft, thereby staying up to date with adversary evolution. Using traditional string similarity features our approach increased accuracy by 10%, from 65% to 75%. Using an advanced set of features that we specifically designed for malware classification, our approach has 98% accuracy. In this presentation we describe how our method works, why it is able to significantly improve upon current approaches, and how this approach can be easily adapted and tuned to individual/organization needs of the attendees.
(Source: Black Hat USA 2016, Las Vegas)
Intrusion detection system based on web usage miningIJCSEA Journal
This artical present a system developed to find cyber threats automatically based on web usage mining
methods in application layer. This system is an off-line intrusion detection system which includes different
part to detect attacks and as a result helps find different kinds of attacks with different dispersals. In this
study web server access logs used as the input data and after pre-processing, scanners and all identified
attacks will be detected. As the next step, vectors feature from web access logs and parameters sent by
HTTP will derived by three different means and at the end by employment of two clustering algorithms
based on K-Means, anomaly behaviour of data are detached. Tentative results derived from this system
represent that used methods are more applicable than similar systems because this system covers different
kinds of attacks and mostly increase the accuracy and decrease false alarms.
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
This research introduces a novel method for predicting Android ransomware attacks using categorical classification techniques. By analyzing features extracted from Android applications, the model effectively identifies malicious behavior, providing a proactive defense against ransomware threats on mobile devices. Enhancing security and ensuring a safer mobile ecosystem.
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDIJNSA Journal
Android is the most widely used operating system today and occupies more than 70% share of the smartphone market. It is also a popular target for attackers looking to exploit mobile operating systems for personal gains. More and more malware are targeting android operating system like Android Banking Trojans (ABTs) which are widely being discovered. To detect such malware, we propose a prediction model for ABTs that is based on hybrid analysis. The feature sets used with the machine learning algorithms are permissions, API calls, hidden application icon and device administrator. Feature selection methods based on frequency and gain ratio are used to minimize the number of features as well as to eliminate the low-impact features. The proposed system is able to achieve significant performance with selected machine learning algorithms and achieves accuracy up to 98% using random forest classifier.
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
Malicious software is constantly being developed and improved, so detection and classification of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to detect new/unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the API (Application Program Interface) calls. This research uses a database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor, Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF) vectors and compared the results to other classification techniques.The proposed 1-D CNN outperformed other classification techniques with 91% overall accuracy for both categorical and TF-IDF vectors.
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniquesijwmn
Malware detection in IoT environments necessitates robust methodologies. This study introduces a CNN-LSTM hybrid model for IoT malware identification and evaluates its performance against established methods. Leveraging K-fold cross-validation, the proposed approach achieved 95.5% accuracy, surpassing existing methods. The CNN algorithm enabled superior learning model construction, and the LSTM classifier exhibited heightened accuracy in classification. Comparative analysis against prevalent techniques demonstrated the efficacy of the proposed model, highlighting its potential for enhancing IoT security. The study advocates for future exploration of SVMs as alternatives, emphasizes the need for distributed detection strategies, and underscores the importance of predictive analyses for a more powerful IOT security. This research serves as a platform for developing more resilient security measures in IoT ecosystems.
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESijwmn
Malware detection in IoT environments necessitates robust methodologies. This study introduces
a CNN-LSTM hybrid model for IoT malware identification and evaluates its performance against
established methods. Leveraging K-fold cross-validation, the proposed approach achieved 95.5%
accuracy, surpassing existing methods. The CNN algorithm enabled superior learning model
construction, and the LSTM classifier exhibited heightened accuracy in classification.
Comparative analysis against prevalent techniques demonstrated the efficacy of the proposed
model, highlighting its potential for enhancing IoT security. The study advocates for future
exploration of SVMs as alternatives, emphasizes the need for distributed detection strategies, and
underscores the importance of predictive analyses for a more powerful IOT security. This
research serves as a platform for developing more resilient security measures in IoT ecosystems.
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. AndroInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. The availability of multiple sources for downloading applications has also contributed to users falling prey to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to identify malicious applications. This paper presents AndroInspector, a system for comprehensive analysis of an Android application using both static and dynamic analysis techniques. And roInspector derives, extracts and analyses crucial features of Android applications using static analysis and subsequently classifies the application using machine learning techniques. Dynamic analysis includes automated execution of Android application to identify a set of pre-defined malicious actions performed by application at run-time.
BEHAVIOR-BASED SECURITY FOR MOBILE DEVICES USING MACHINE LEARNING TECHNIQUESijaia
The goal of this research project is to design and implement a mobile application and machine learning techniques to solve problems related to the security of mobile devices. We introduce in this paper a behavior-based approach that can be applied in a mobile environment to capture and learn the behavior of
mobile users. The proposed system was tested using Android OS and the initial experimental results show that the proposed technique is promising, and it can be used effectively to solve the problem of anomaly detection in mobile devices.
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
Malware is a nuisance for smartphone users. The impact is detrimental to smartphone users if the smartphone is infected by malware. Malware identification is not an easy process for ordinary users due to its deeply concealed dangers in application package kit (APK) files available in the Android Play Store. In this paper, the challenges of creating malware datasets are discussed. Long before a malware classification process and model can be built, the need for datasets with representative features for most types of malwares has to be addressed systematically. Only after a quality data set is available can a quality classification model be obtained using machine learning (ML) or deep learning (DL) algorithms. The entire malware classification process is a full pipeline process and sub processes. The authors purposefully focus on the process of building quality malware datasets, not on ML itself, because implementing ML requires another effort after the reliable dataset is fully built. The overall step in creating the malware dataset starts with the extraction of the Android Manifest from the APK file set and ends with the labeling method for all the extracted APK files. The key contribution of this paper is on how to generate datasets systematically from any APK file.
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMSIJNSA Journal
The emergence of mobile platforms with increased storage and computing capabilities and the pervasive use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of 6.25% and low false positive rate with ability of detecting real Android malware.
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMSIJNSA Journal
The emergence of mobile platforms with increased storage and computing capabilities and the pervasive
use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In
this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of
6.25% and low false positive rate with ability of detecting real Android malware.
Evaluating Deep Learning Approaches to Characterize and Classify the DGAs at Scale (https://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs169423)
Network traffic prediction aims at predicting the subsequent network traffic by using the previous network traffic data. This can serve as a proactive approach for network management and planning tasks. In this paper, recurrent neural network (RNN) is employed to predict the future time series based on the past information
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
1. Deep Android Malware Detection and
Classification
Vinayakumar R1, K.P Soman1 and Prabaharan Poornachandran2
1Centre for Computational Engineering and Networking (CEN), Amrita School of
Engineering, Coimbatore, Amrita Vishwa Vidyapeetham,
Amrita University, India.
2Center for Cyber Security Systems and Networks, Amrita School of Engineering,
Amritapuri, Amrita Vishwa Vidyapeetham,
Amrita University, India.
3. Introduction
• Android is the most commonly used mobile platform
for smartphones and the current market leader with a
market share holding nearly 87.6% [1].
• As the usage of smart phones surge past the personal
computers (PC’s), the malware writers also followed
suit, focusing their attention creating malware for the
smartphones.
• There is a sudden surge in Android malware and this
sheer number of new malware instances requires
newer approaches as writing signature for each
malware is a daunting task.
3
4. Methodology
• Static and Dynamic analysis are the most commonly
used approach.
• Static analysis collects set of features from apps by
unpacking or disassembling them without the run time
execution.
• Deep learning is a new field of machine learning that
has the capability to obtain optimal feature
representation by taking raw domain names as input
[2].
• Android permissions that are collected from the static
analysis are passed to recurrent neural network [3]
particularly long short-term memory [4] to detect and
classify the malicious apps.
4
5. Contd.
Figure 1. Proposed deep learning architecture: Maps android
permissions in AndroidManifest.xml to a unique id and passed to
embedding layer followed by RNN/LSTM layer and dense layer and
activation layer with non-linear activation function such as sigmoid for
classification.
5
6. Description of the data set and Results
The dataset is created from a set of APK (application package)
files collected from the Opera Mobile Store over the period of
January to September of 2014.
Table 1. Description of Data set
6
8. Contd.
Table 3. Summary of test results of CDMC 2016 Android
malware detection using LSTM network
8
9. Summary and Future work
• LSTM network is proposed to detect and
classify the malicious apps accurately by
considering the Android permissions as inputs
to the LSTM network.
• LSTM network has performed well in
comparision to the RNN network.
• We lack in explaining the internal dynamics of
LSTM network, this remained as one of
significant direction towards future work.
9
10. References
[1] M Lindorfer M, M Neugschwandtner,L Weichselbaum,
Y Fratantonio, V van der Veen, C Platzer, Andrubis-
1,000,000 Apps Later: a view on current android malware
behaviors. Third International Workshop on Building
Analysis Datasets and Gathering Experience Returns for
Security (BADGERS), IEEE 2014 Sep 11 (pp. 3-17)
[2] LeCun, Yann, Yoshua Bengio, and Geoffrey Hinton.
"Deep learning." Nature 521.7553 (2015): 436-444.
[3] Elman, Jeffrey L. "Finding structure in time." Cognitive
science 14.2 (1990): 179-211.
[4] Hochreiter, Sepp, and Jürgen Schmidhuber. "Long
short-term memory." Neural computation 9.8 (1997):
1735-1780.
10