A novel Android malware detection method with API semantics extraction

计算机科学 恶意软件 Android恶意软件 聚类分析 Android(操作系统) 人工智能 恶意软件分析 调用图 图形 机器学习 数据挖掘 程序设计语言 理论计算机科学 操作系统
作者
Hongyu Yang,Youwei Wang,Liang Zhang,Xiang Cheng,Ze Hu
出处
期刊:Computers & Security [Elsevier]
卷期号:137: 103651-103651 被引量:9
标识
DOI:10.1016/j.cose.2023.103651
摘要

Due to the continuous evolution of both the Android framework and malware, conventional malware detection methods that have been trained using outdated apps are inadequate in effectively identifying sophisticated evolved malware. To address this issue, in this paper, we propose a novel Android malware detection method with API semantics extraction (AMDASE), it can effectively identify evolved malware instances. Firstly, AMDASE performs API clustering to obtain cluster centers representing API functions before malware detection. We design API sentence to summarize API features and employ natural language processing (NLP) tools to acquire embeddings of API sentence for clustering. With the help of API sentence, it becomes possible to effectively extract the semantics of API contained in features like method name that accurately represents its intended functionality, which also makes the clustering results more accurate. Secondly, AMDASE extracts call graph from each app and optimizes the call graph by removing nodes corresponding to unknown functions, while ensuring the preservation of connectivity between their predecessor and successor nodes. The optimized call graph can extract more robust API contextual information that accurately represents the behavior of each app. Thirdly, in order to maintain resilience against the evolution of Android malware, AMDASE extracts function call pairs from the optimized call graph and abstracts the APIs in function call pairs into cluster centers obtained in API clustering. Finally, feature vectors are generated using one-hot mapping and machine learning classifiers are used for malware detection. We evaluate AMDASE on a dataset of 42,154 benign and 42,450 malicious apps developed over a seven-year period. The experimental results demonstrate that AMDASE greatly outperforms the existing state-of-the-art methods and has a significantly slower aging speed.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
更新
大幅提高文件上传限制,最高150M (2024-4-1)

科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
2秒前
英俊的铭应助yimi采纳,获得10
3秒前
4秒前
4秒前
CodeCraft应助白白不读书采纳,获得10
4秒前
5秒前
meehan完成签到,获得积分10
5秒前
友好小之发布了新的文献求助10
6秒前
苹果丑应助小白手套auv采纳,获得50
7秒前
9秒前
9秒前
淡淡冰薇发布了新的文献求助10
9秒前
9秒前
菲菲发布了新的文献求助10
10秒前
杳鸢应助白白不读书采纳,获得20
10秒前
11秒前
小玉完成签到,获得积分10
11秒前
科研通AI2S应助简单以冬采纳,获得10
12秒前
12秒前
共享精神应助墨aizhan采纳,获得10
13秒前
13秒前
yimi完成签到,获得积分10
13秒前
13秒前
乔呆驼完成签到,获得积分10
13秒前
仙林AK47完成签到,获得积分10
14秒前
港岛妹妹应助高贵超短裙采纳,获得10
14秒前
14秒前
和谐竺发布了新的文献求助10
15秒前
15秒前
wuta完成签到,获得积分10
16秒前
夏青荷发布了新的文献求助10
17秒前
Owen应助小玉采纳,获得10
18秒前
yyy1234567完成签到,获得积分10
18秒前
淡淡冰薇完成签到,获得积分10
18秒前
武雨寒发布了新的文献求助10
18秒前
wangtao发布了新的文献求助10
19秒前
20秒前
小泌完成签到,获得积分10
20秒前
神秘人完成签到,获得积分10
20秒前
咕咕唧唧发布了新的文献求助10
20秒前
高分求助中
The late Devonian Standard Conodont Zonation 2000
Nickel superalloy market size, share, growth, trends, and forecast 2023-2030 2000
The Lali Section: An Excellent Reference Section for Upper - Devonian in South China 1500
Very-high-order BVD Schemes Using β-variable THINC Method 870
Mantiden: Faszinierende Lauerjäger Faszinierende Lauerjäger 800
PraxisRatgeber: Mantiden: Faszinierende Lauerjäger 800
Fundamentals of Dispersed Multiphase Flows 500
热门求助领域 (近24小时)
化学 医学 生物 材料科学 工程类 有机化学 生物化学 物理 内科学 纳米技术 计算机科学 化学工程 复合材料 基因 遗传学 催化作用 物理化学 免疫学 量子力学 细胞生物学
热门帖子
关注 科研通微信公众号,转发送积分 3254496
求助须知:如何正确求助?哪些是违规求助? 2896621
关于积分的说明 8293567
捐赠科研通 2565575
什么是DOI,文献DOI怎么找? 1393151
科研通“疑难数据库(出版商)”最低求助积分说明 652436
邀请新用户注册赠送积分活动 629972