AFWDroid: Android Kötücül Yazılım Tespitinde Derin Özellik Çıkarımı ve Ağırlıklandırma

Öz

Android kötücül yazılım tespiti, yaygın kullanıma sahip bir işletim sistemi için çözülmesi gereken oldukça kritik ve önemli bir sorundur. Geleneksel makine öğrenme teknikleri önce uygulamalardan birtakım özellikler çıkarmakta ve ardından kötü ve iyi niyetli uygulamaları ayırt etmek üzere sınıflandırıcılar oluşturmaktadır. Günümüzde mevcut çalışmaların çoğunda elde edilen özelliklerin ağırlıklandırması göz ardı edilmektedir. Bu sorunların üstesinden gelmek için bu çalışmada, sınıflandırmada kullanılacak özellik vektörlerindeki verilerin ağırlıklandırmasına dayalı yeni bir yazılım algılama metodu önerilmiştir. Bu amaç doğrultusunda ilk olarak, Android uygulama paketinden manifest dosyası okunmuştur. Dosya içerisinden aktiviteler, servisler, izinler gibi farklı özellikler çıkarılmış ve sınıflandırma için bu özellikler arasından seçim yapılmıştır. Seçim sonucunda elde edilen parametreler, derin sinir ağı modeli ile optimize edilmiştir. Yapılan çalışmalar neticesinde, özellik seçimi ve ağırlıklandırma sayesinde daha iyi performans değerlerininin yakalandığı, ağırlığa duyarlı sınıflandırıcılarda daha rekabetçi sonuçların alınabildiği gösterilmiştir.

Anahtar Kelimeler

• Özellik Ağırlıklandırma
• Kötücül Yazılım Tespiti
• Makine öğrenmesi
• yapay sinir ağları

AFWDroid: Deep Feature Extraction and Weighting for Android Malware Detection

Abstract

Android malware detection is a critical and important problem that must be solved for a widely used operating system. Conventional machine learning techniques first extract some features from applications, then create classifiers to distinguish between malicious and benign applications. Most of the studies available today ignore the weighting of the obtained features. To overcome this problem, this study proposes a new software detection method based on weighting the data in feature vectors to be used in classification. To this end, firstly, the manifest file was read from the Android application package. Different features such as activities, services, permissions were extracted from the file, and for classification, a selection was made among these features. The parameters obtained as a result of selection were optimized by the deep neural network model. Studies revealed that through feature selection and weighting, better performance values could be achieved and more competitive results could be obtained in weight-sensitive classification.

Keywords

• Malware Detection
• Feature Weighting
• Machine Learning
• Artificial Neural Network

References

1. [1] S. Wang, Z. Chen, Q. Yan, K. Ji, L. Peng, B. Yang and M. Conti, “Deep and broad URL feature mining for android malware detection”, Information Sciences, 513, 600-613, 2020.
2. [2] M. Amin, T. A. Tanveer, M. Tehseen, M. Khan, F. A. Khan and S. Anwar, “Static malware detection and attribution in android byte-code through and end to end deep system”, Future generation computer systems, 102, 112-126, 2020.
3. [3] J. Clement, “statista.com,” [Online]. Available:https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/.
4. [4] F-Secure Team, “f-secure.com” [Online]. Available: https://blog.f-secure.com/another-reason-99-percent-of-mobile-malware-targets-androids/.
5. [5] J. Johnson, “statista.com,” [Online]. Available: https://www.statista.com/statistics/680705/global-android-malware-volume/
6. [6] R.S. Arslan, İ. A. Doğru and N. Barışçı, “Permission comparison based malware detection system for Android mobile applications”, Journal of Polytechnic, 20(1), 175-189, 2017.
7. [7] A.T. Kabakuş and İ.A. Doğru, “An in-depth analysis of Android malware using hybrid techniques”, Digital Investigation, 24, 25-33, 2018.
8. [8] İ. A. Doğru and Ö. Kiraz, “Web-based android malicious software detection and classification system”, Applied Sciences, 8(9), 1622- 1641, 2018.

9. [9] M. Jerbi and Z. C. Dagdia, “On the use of artificial malicious patterns for android malware detection”, Computer & Security, 92, 1-22, 2020.
10. [10] C. Willems, T. Holz and F. Freiling, “Toward autmated dynamic malware analysis using cwsandbox”, IEEE Security and Privacy Magazine, 5(2), 32-39, 2007.
11. [11] K. Rieck, T. Holz, C. Willems and P. Düssel, “Learning and classification of malware behaviour”, Proceedings of the 5th International Conference on Detection of Instrusions and Malware, and Vulnerability Assessment, 1-20, 2008.
12. [12] M. Wozniak, M. Grana and Emilio Corchado, “A survey of multip classifier systems as hybrid systems”, Information Fusion, 16(1), 3-17, 2014.
13. [13] A. Mathur, L.M. Podila, K. Kurkarni, Q. Niyaz, A.Y. Javaid, “NATICUSdroid: A malware detection framework for Android using native and custom permissions”, Journal of Information Security and Applications, 58, 1-14, 2021.
14. [14] S. K. Sasidharan, C. Thomas, “ProDroid – An Android malware detection framework based on profile hidden markov model”, Pervasive and Mobile Computing, 72, 1-16, 2021.
15. [15] R. Feng, S. Chen, X. Xie, G. Meng, S.W. Lin ve Y. Liu, “A performance-sensitive malware detection system using deep learning on mobile devices”, Information forensics and security, 16, 1-16, 2021.
16. [16] F. Hossein, C. Mauro, Y. Danfeng and S. Alessandro, “Anastasion: android malware detection using static analysis of appication”, 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 1-5, 2016.
17. [17] R.S. Arslan, İ. A. Doğru and N. Barışçı, “Permission-based malware detection system for android using machine learning techniques”, International journal of software engineering and knowledge engineering, 29(01), 43-61, 2019.
18. [18] S. I. Imtiaz, S. Rehman, A. R. Javed, Z. Jalil, X. Liu and W. S. Alnumay, “DeepAMD: Detection and Identification of Android Malware using high-efficient Deep Artificial Neural Network”, Future Generation computer systems, 115, 844-856, 2020.
19. [19] S. Y. Yerima and S. Sezer, “DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection”, IEEE Transactions on Cynernetics, 49(2), 453-466, 2019.
20. [20] A. Feizollah, N. B. Anuar, R. Salleh, G. S. Tangil and S. Furnel, “AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection”, Computers & Security, 65, 121-134, 2017.
21. [21] S. S. Alotaibi, “Regression coefficients as triad scale for malware detection”, Computers and Electrical Engineering, 1-14, 2020.
22. [22] D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, K.Rieck and C. Siemens, “Drebin: Effective and explainable detection of android malware in your pocket”, Proceedings of the Annual Symposium on Network and Distributed System Security, 2014.
23. [23] Malgenome Project, “malgenomeproject.org,”[Online]. Available: http://www.malgenomeproject.org/.
24. [24] Google, “Google play store,” [Online]. Available: https://play.google.com/store/apps?hl=en.
25. [25] APKPure Team, “APKPure.com,” [Online]. Available: https://apkpure.com/cn/.
26. [26] L. Cai, Y. Li and Z. Xiong, “JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters”, Computer & Security, 100, 1-14, 2020.
27. [27] E. Ölmez, V. Akdoğan, M. Korkmaz and O. Er, “Automatic Segmentation of Meniscus in Multispectral MRI Using Regions with Convolutional Neural Network (R-CNN)”, Journal of Digital Imaging, 33, 916-929, 2020.
28. [28] J. Garcia, M. Hammad, B. Pedrood, A. Bagheri-Khaligh, S. Malek, “Obfuscation-resilient, efficient, and accurate detection and family identification of android malware”, Technical Report, Department of Computer Science, George Mason University, 1-15, 2015.
29. [29] M. Nauman, T.A. Tanveer, Sohail. K, Toqeer. A., “Deep neural architectures for large scale android malware analysis”, Cluster Computing Springer, 1-20, 2017,
30. [30] M. K. Alzaylaee, S. Yerima, S. Sezer, “Dl-droid: deep learning based android malware detection using real devices”, Computer and Security, 89,1-11,2020.
31. [31] E.B. Karbab, M. Debbabi, A. Derhab, D. Mouheb, “Maldozer:automatic framework for android malware detection using deep learning”, Digital investigation, 24, 48-59, 2018.