Android malware defense through a hybrid multi-modal approach

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2024-09-30 DOI:10.1016/j.jnca.2024.104035

Asmitha K.A. , Vinod P. , Rafidha Rehiman K.A. , Neeraj Raveendran , Mauro Conti

{"title":"Android malware defense through a hybrid multi-modal approach","authors":"Asmitha K.A. , Vinod P. , Rafidha Rehiman K.A. , Neeraj Raveendran , Mauro Conti","doi":"10.1016/j.jnca.2024.104035","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid proliferation of Android apps has given rise to a dark side, where increasingly sophisticated malware poses a formidable challenge for detection. To combat this evolving threat, we present an explainable hybrid multi-modal framework. This framework leverages the power of deep learning, with a novel model fusion technique, to illuminate the hidden characteristics of malicious apps. Our approach combines models (leveraging late fusion approach) trained on attributes derived from static and dynamic analysis, hence utilizing the unique strengths of each model. We thoroughly analyze individual feature categories, feature ensembles, and model fusion using traditional machine learning classifiers and deep neural networks across diverse datasets. Our hybrid fused model outperforms others, achieving an F1-score of 99.97% on CICMaldroid2020. We use SHAP (SHapley Additive exPlanations) and t-SNE (t-distributed Stochastic Neighbor Embedding) to further analyze and interpret the best-performing model. We highlight the efficacy of our architectural design through an ablation study, revealing that our approach consistently achieves over 99% detection accuracy across multiple deep learning models. This paves the way groundwork for substantial advancements in security and risk mitigation within interconnected Android OS environments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"233 ","pages":"Article 104035"},"PeriodicalIF":7.7000,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524002121","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid proliferation of Android apps has given rise to a dark side, where increasingly sophisticated malware poses a formidable challenge for detection. To combat this evolving threat, we present an explainable hybrid multi-modal framework. This framework leverages the power of deep learning, with a novel model fusion technique, to illuminate the hidden characteristics of malicious apps. Our approach combines models (leveraging late fusion approach) trained on attributes derived from static and dynamic analysis, hence utilizing the unique strengths of each model. We thoroughly analyze individual feature categories, feature ensembles, and model fusion using traditional machine learning classifiers and deep neural networks across diverse datasets. Our hybrid fused model outperforms others, achieving an F1-score of 99.97% on CICMaldroid2020. We use SHAP (SHapley Additive exPlanations) and t-SNE (t-distributed Stochastic Neighbor Embedding) to further analyze and interpret the best-performing model. We highlight the efficacy of our architectural design through an ablation study, revealing that our approach consistently achieves over 99% detection accuracy across multiple deep learning models. This paves the way groundwork for substantial advancements in security and risk mitigation within interconnected Android OS environments.

查看原文本刊更多论文

通过多模式混合方法防御安卓恶意软件

安卓应用程序的迅速普及带来了黑暗的一面，日益复杂的恶意软件给检测工作带来了巨大的挑战。为了应对这种不断演变的威胁，我们提出了一种可解释的混合多模态框架。该框架利用深度学习的强大功能和新颖的模型融合技术来揭示恶意应用程序的隐藏特征。我们的方法结合了根据静态和动态分析得出的属性训练的模型（利用后期融合方法），从而利用了每个模型的独特优势。我们使用传统的机器学习分类器和深度神经网络，在不同的数据集上对单个特征类别、特征集合和模型融合进行了深入分析。我们的混合融合模型优于其他模型，在 CICMaldroid2020 上取得了 99.97% 的 F1 分数。我们使用 SHAP（SHapley Additive exPlanations）和 t-SNE（t-distributed Stochastic Neighbor Embedding）来进一步分析和解释表现最佳的模型。我们通过一项消融研究强调了我们的架构设计的功效，结果表明我们的方法在多个深度学习模型中始终保持 99% 以上的检测准确率。这为在互联的安卓操作系统环境中大幅提高安全性和降低风险奠定了基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.