FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications

IF 5.1 2区工程技术 Q1 ENGINEERING, MULTIDISCIPLINARY

Engineering Science and Technology-An International Journal-Jestech Pub Date : 2025-02-01 DOI:10.1016/j.jestch.2024.101945

Kazım Kılıç , İsmail Atacak , İbrahim Alper Doğru

{"title":"FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications","authors":"Kazım Kılıç , İsmail Atacak , İbrahim Alper Doğru","doi":"10.1016/j.jestch.2024.101945","DOIUrl":null,"url":null,"abstract":"<div><div>The Android operating system, which is popular on mobile devices, creates concerns for users due to the malware it is exposed to. Android allows applications to be downloaded and installed outside the official application store. Applications installed from third-party environments threaten users’ privacy and security. Deep learning-based methods are popular for detecting Android malware. However, deep learning methods contain a large number of parameters and have high memory consumption and are graphics card dependent architectures. To overcome these difficulties, a detection architecture using lightweight Broad learning method that provides high detection performance as an alternative to layer stacking found in deep structures is presented. Our method is based on a lightweight deep neural network architecture based on broad learning to reveal hidden factors to detect Android malware. The proposed architecture uses the Factor Analysis (FA) dimension reduction method to reveal hidden factors within the hybrid features of Android applications. The features extracted by factor analysis are expanded using the broad learning method and fed to a deep neural network with two hidden layers. In the proposed method, the learning ability of the deep neural network architecture, which has strong computational ability, is increased with the broad learning technique. The Kronodroid dataset is used to validate our approach. The Kronodroid dataset is a dataset consisting of malware and benign applications, specifically designed to examine and explore the concept drift and cross-device detection issues in the problem domain. The Kronodroid dataset contains different datasets obtained from both real devices and emulator runtimes. The tests of our method were carried out separately with the features extracted in the real device and emulator runtime. In this way, the behaviors of malicious applications in different environments were compared. In order to verify the effectiveness of the factor analysis method, the classification performance was measured by extracting 32, 64, 128, and 256 features with different dimensionality reduction techniques. As a result of the experiments conducted using different rates of expansion with the broad learning method, a 98.20% accuracy value was achieved on the real device dataset with the proposed architecture. An accuracy value of 97.90% was produced on the emulator dataset. In order to compare the proposed method on different datasets, 4000 applications were downloaded from the Androzoo environment to create a hybrid feature dataset. The proposed method achieved 98.40% accuracy on the Androzoo dataset. The experimental results reveal that the broad learning method increases the performance compared to the raw features. The findings show that the proposed broad learning-based method exhibits successful performance compared to similar studies based on deep learning using ensemble learning methods and layer stacking.</div></div>","PeriodicalId":48609,"journal":{"name":"Engineering Science and Technology-An International Journal-Jestech","volume":"62 ","pages":"Article 101945"},"PeriodicalIF":5.1000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering Science and Technology-An International Journal-Jestech","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2215098624003318","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

The Android operating system, which is popular on mobile devices, creates concerns for users due to the malware it is exposed to. Android allows applications to be downloaded and installed outside the official application store. Applications installed from third-party environments threaten users’ privacy and security. Deep learning-based methods are popular for detecting Android malware. However, deep learning methods contain a large number of parameters and have high memory consumption and are graphics card dependent architectures. To overcome these difficulties, a detection architecture using lightweight Broad learning method that provides high detection performance as an alternative to layer stacking found in deep structures is presented. Our method is based on a lightweight deep neural network architecture based on broad learning to reveal hidden factors to detect Android malware. The proposed architecture uses the Factor Analysis (FA) dimension reduction method to reveal hidden factors within the hybrid features of Android applications. The features extracted by factor analysis are expanded using the broad learning method and fed to a deep neural network with two hidden layers. In the proposed method, the learning ability of the deep neural network architecture, which has strong computational ability, is increased with the broad learning technique. The Kronodroid dataset is used to validate our approach. The Kronodroid dataset is a dataset consisting of malware and benign applications, specifically designed to examine and explore the concept drift and cross-device detection issues in the problem domain. The Kronodroid dataset contains different datasets obtained from both real devices and emulator runtimes. The tests of our method were carried out separately with the features extracted in the real device and emulator runtime. In this way, the behaviors of malicious applications in different environments were compared. In order to verify the effectiveness of the factor analysis method, the classification performance was measured by extracting 32, 64, 128, and 256 features with different dimensionality reduction techniques. As a result of the experiments conducted using different rates of expansion with the broad learning method, a 98.20% accuracy value was achieved on the real device dataset with the proposed architecture. An accuracy value of 97.90% was produced on the emulator dataset. In order to compare the proposed method on different datasets, 4000 applications were downloaded from the Androzoo environment to create a hybrid feature dataset. The proposed method achieved 98.40% accuracy on the Androzoo dataset. The experimental results reveal that the broad learning method increases the performance compared to the raw features. The findings show that the proposed broad learning-based method exhibits successful performance compared to similar studies based on deep learning using ensemble learning methods and layer stacking.

查看原文本刊更多论文

FABLDroid：基于因子分析和广泛学习方法的混合分析的恶意软件检测，用于android应用程序

安卓操作系统在移动设备上很受欢迎，由于它暴露在恶意软件中，给用户带来了担忧。Android允许在官方应用程序商店之外下载和安装应用程序。第三方环境下安装的应用会对用户的隐私和安全造成威胁。基于深度学习的方法在检测Android恶意软件方面很受欢迎。然而，深度学习方法包含大量参数，内存消耗高，并且依赖于显卡架构。为了克服这些困难，提出了一种使用轻量级广义学习方法的检测体系结构，该方法提供了高检测性能，作为深层结构中发现的层堆叠的替代方案。我们的方法是基于基于广泛学习的轻量级深度神经网络架构，以揭示隐藏因素来检测Android恶意软件。提出的体系结构使用因子分析（FA）降维方法来揭示Android应用程序混合特性中的隐藏因素。利用广义学习方法对因子分析提取的特征进行扩展，并将其输入到具有两隐层的深度神经网络中。在该方法中，利用广义学习技术提高了计算能力强的深度神经网络结构的学习能力。Kronodroid数据集用于验证我们的方法。Kronodroid数据集是一个由恶意软件和良性应用程序组成的数据集，专门用于检查和探索问题领域中的概念漂移和跨设备检测问题。Kronodroid数据集包含从真实设备和模拟器运行时获得的不同数据集。将提取的特征分别在实际设备和仿真器运行时进行了测试。通过这种方式，比较了不同环境下恶意应用的行为。为了验证因子分析方法的有效性，通过提取不同降维技术的32、64、128和256个特征来衡量分类效果。采用广义学习方法进行了不同扩展率的实验，在实际设备数据集上的准确率达到了98.20%。在仿真数据集上得到了97.90%的精度值。为了在不同的数据集上比较所提出的方法，从Androzoo环境中下载了4000个应用程序来创建混合特征数据集。该方法在Androzoo数据集上的准确率达到了98.40%。实验结果表明，与原始特征相比，广义学习方法提高了性能。研究结果表明，与使用集成学习方法和层堆叠的基于深度学习的类似研究相比，所提出的基于广泛学习的方法表现出成功的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Engineering Science and Technology-An International Journal-Jestech Materials Science-Electronic, Optical and Magnetic Materials

CiteScore

11.20

自引率

3.50%

发文量

153

审稿时长

22 days

期刊介绍： Engineering Science and Technology, an International Journal (JESTECH) (formerly Technology), a peer-reviewed quarterly engineering journal, publishes both theoretical and experimental high quality papers of permanent interest, not previously published in journals, in the field of engineering and applied science which aims to promote the theory and practice of technology and engineering. In addition to peer-reviewed original research papers, the Editorial Board welcomes original research reports, state-of-the-art reviews and communications in the broadly defined field of engineering science and technology. The scope of JESTECH includes a wide spectrum of subjects including: -Electrical/Electronics and Computer Engineering (Biomedical Engineering and Instrumentation; Coding, Cryptography, and Information Protection; Communications, Networks, Mobile Computing and Distributed Systems; Compilers and Operating Systems; Computer Architecture, Parallel Processing, and Dependability; Computer Vision and Robotics; Control Theory; Electromagnetic Waves, Microwave Techniques and Antennas; Embedded Systems; Integrated Circuits, VLSI Design, Testing, and CAD; Microelectromechanical Systems; Microelectronics, and Electronic Devices and Circuits; Power, Energy and Energy Conversion Systems; Signal, Image, and Speech Processing) -Mechanical and Civil Engineering (Automotive Technologies; Biomechanics; Construction Materials; Design and Manufacturing; Dynamics and Control; Energy Generation, Utilization, Conversion, and Storage; Fluid Mechanics and Hydraulics; Heat and Mass Transfer; Micro-Nano Sciences; Renewable and Sustainable Energy Technologies; Robotics and Mechatronics; Solid Mechanics and Structure; Thermal Sciences) -Metallurgical and Materials Engineering (Advanced Materials Science; Biomaterials; Ceramic and Inorgnanic Materials; Electronic-Magnetic Materials; Energy and Environment; Materials Characterizastion; Metallurgy; Polymers and Nanocomposites)