Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

Chien Hui Hung; Yi ming Chen; Chao Ching Wu

doi:10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

Chien Hui Hung, Yi ming Chen, Chao Ching Wu

Department of Information Management

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

Original language	English
Title of host publication	New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings
Editors	Sun-Yuan Hsieh, Ling-Ju Hung, Sheng-Lung Peng, Ralf Klasing, Chia-Wei Lee
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	362-373
Number of pages	12
ISBN (Print)	9789811995811
DOIs	https://doi.org/10.1007/978-981-19-9582-8_32
State	Published - 2022
Event	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 - Taoyuan, Taiwan Duration: 15 Dec 2022 → 17 Dec 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1723 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022
Country/Territory	Taiwan
City	Taoyuan
Period	15/12/22 → 17/12/22

Keywords

Android malware analysis
Deep learning
Dynamic analysis
Sequence relationships
System call sequences

Access to Document

10.1007/978-981-19-9582-8_32

Cite this

Hung, C. H., Chen, Y. M., & Wu, C. C. (2022). Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. In S-Y. Hsieh, L-J. Hung, S-L. Peng, R. Klasing, & C-W. Lee (Eds.), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings (pp. 362-373). (Communications in Computer and Information Science; Vol. 1723 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-19-9582-8_32

Hung, Chien Hui ; Chen, Yi ming ; Wu, Chao Ching. / Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. editor / Sun-Yuan Hsieh ; Ling-Ju Hung ; Sheng-Lung Peng ; Ralf Klasing ; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. pp. 362-373 (Communications in Computer and Information Science).

@inproceedings{dbaacab0585d462f96cc5296db94717f,

title = "Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation",

abstract = "Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.",

keywords = "Android malware analysis, Deep learning, Dynamic analysis, Sequence relationships, System call sequences",

author = "Hung, {Chien Hui} and Chen, {Yi ming} and Wu, {Chao Ching}",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 ; Conference date: 15-12-2022 Through 17-12-2022",

year = "2022",

doi = "10.1007/978-981-19-9582-8_32",

language = "???core.languages.en_GB???",

isbn = "9789811995811",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "362--373",

editor = "Sun-Yuan Hsieh and Ling-Ju Hung and Sheng-Lung Peng and Ralf Klasing and Chia-Wei Lee",

booktitle = "New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings",

}

Hung, CH, Chen, YM & Wu, CC 2022, Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. in S-Y Hsieh, L-J Hung, S-L Peng, R Klasing & C-W Lee (eds), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Communications in Computer and Information Science, vol. 1723 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 362-373, 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022, Taoyuan, Taiwan, 15/12/22. https://doi.org/10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. / Hung, Chien Hui; Chen, Yi ming; Wu, Chao Ching.
New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. ed. / Sun-Yuan Hsieh; Ling-Ju Hung; Sheng-Lung Peng; Ralf Klasing; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. p. 362-373 (Communications in Computer and Information Science; Vol. 1723 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

AU - Hung, Chien Hui

AU - Chen, Yi ming

AU - Wu, Chao Ching

PY - 2022

Y1 - 2022

N2 - Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

AB - Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

KW - Android malware analysis

KW - Deep learning

KW - Dynamic analysis

KW - Sequence relationships

KW - System call sequences

UR - http://www.scopus.com/inward/record.url?scp=85150996303&partnerID=8YFLogxK

U2 - 10.1007/978-981-19-9582-8_32

DO - 10.1007/978-981-19-9582-8_32

M3 - 會議論文篇章

AN - SCOPUS:85150996303

SN - 9789811995811

T3 - Communications in Computer and Information Science

SP - 362

EP - 373

BT - New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings

A2 - Hsieh, Sun-Yuan

A2 - Hung, Ling-Ju

A2 - Peng, Sheng-Lung

A2 - Klasing, Ralf

A2 - Lee, Chia-Wei

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022

Y2 - 15 December 2022 through 17 December 2022

ER -

Hung CH, Chen YM, Wu CC. Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. In Hsieh S-Y, Hung L-J, Peng S-L, Klasing R, Lee C-W, editors, New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 362-373. (Communications in Computer and Information Science). doi: 10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this