Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

Chien Hui Hung; Yi ming Chen; Chao Ching Wu

doi:10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

Chien Hui Hung, Yi ming Chen, Chao Ching Wu

資訊管理學系

研究成果: 書貢獻/報告類型 › 會議論文篇章 › 同行評審

2 引文斯高帕斯（Scopus）

摘要

Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

原文	???core.languages.en_GB???
主出版物標題	New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings
編輯	Sun-Yuan Hsieh, Ling-Ju Hung, Sheng-Lung Peng, Ralf Klasing, Chia-Wei Lee
發行者	Springer Science and Business Media Deutschland GmbH
頁面	362-373
頁數	12
ISBN（列印）	9789811995811
DOIs	https://doi.org/10.1007/978-981-19-9582-8_32
出版狀態	已出版 - 2022
事件	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 - Taoyuan, Taiwan 持續時間: 15 12月 2022 → 17 12月 2022

出版系列

名字	Communications in Computer and Information Science
卷	1723 CCIS
ISSN（列印）	1865-0929
ISSN（電子）	1865-0937

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022
國家/地區	Taiwan
城市	Taoyuan
期間	15/12/22 → 17/12/22

存取文件

10.1007/978-981-19-9582-8_32

引用此

Hung, C. H., Chen, Y. M., & Wu, C. C. (2022). Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. 於 S.-Y. Hsieh, L.-J. Hung, S.-L. Peng, R. Klasing, & C.-W. Lee (編輯), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings (頁 362-373). (Communications in Computer and Information Science; 卷 1723 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-19-9582-8_32

Hung, Chien Hui ; Chen, Yi ming ; Wu, Chao Ching. / Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. 編輯 / Sun-Yuan Hsieh ; Ling-Ju Hung ; Sheng-Lung Peng ; Ralf Klasing ; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. 頁 362-373 (Communications in Computer and Information Science).

@inproceedings{dbaacab0585d462f96cc5296db94717f,

title = "Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation",

abstract = "Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.",

keywords = "Android malware analysis, Deep learning, Dynamic analysis, Sequence relationships, System call sequences",

author = "Hung, {Chien Hui} and Chen, {Yi ming} and Wu, {Chao Ching}",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 ; Conference date: 15-12-2022 Through 17-12-2022",

year = "2022",

doi = "10.1007/978-981-19-9582-8_32",

language = "???core.languages.en_GB???",

isbn = "9789811995811",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "362--373",

editor = "Sun-Yuan Hsieh and Ling-Ju Hung and Sheng-Lung Peng and Ralf Klasing and Chia-Wei Lee",

booktitle = "New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings",

}

Hung, CH, Chen, YM & Wu, CC 2022, Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. 於 S-Y Hsieh, L-J Hung, S-L Peng, R Klasing & C-W Lee (編輯), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Communications in Computer and Information Science, 卷 1723 CCIS, Springer Science and Business Media Deutschland GmbH, 頁 362-373, 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022, Taoyuan, Taiwan, 15/12/22. https://doi.org/10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. / Hung, Chien Hui; Chen, Yi ming; Wu, Chao Ching.
New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. 編輯 / Sun-Yuan Hsieh; Ling-Ju Hung; Sheng-Lung Peng; Ralf Klasing; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. p. 362-373 (Communications in Computer and Information Science; 卷 1723 CCIS).

研究成果: 書貢獻/報告類型 › 會議論文篇章 › 同行評審

TY - GEN

T1 - Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

AU - Hung, Chien Hui

AU - Chen, Yi ming

AU - Wu, Chao Ching

PY - 2022

Y1 - 2022

N2 - Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

AB - Android, the most popular operating system in the mobile market, is the main target of hackers. The dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks. Therefore, this study uses a dynamic detection approach and uses system calls as a feature to represent the behaviour of an application. The TF-IDF feature processing method can assign different weights to the system call features according to the number of occurrences and the overall relationship, but this method uses one system call as a unit and therefore does not calculate the pre- and post- sequence relationships, which are important in system call sequences. This study uses the concept of n-grams to form system call groups combined with local TF-IDF to allow sequence-based data to be characterised by the pre-post relationship and importance of the sequences, and to analyse Android applications on a deep learning model that has shown excellent classification results in the field of malware detection. In this study, it is shown that this method improves the accuracy of multiple classification of apps by more than 3% and 11% for the unknown 2019 dataset.

KW - Android malware analysis

KW - Deep learning

KW - Dynamic analysis

KW - Sequence relationships

KW - System call sequences

UR - http://www.scopus.com/inward/record.url?scp=85150996303&partnerID=8YFLogxK

U2 - 10.1007/978-981-19-9582-8_32

DO - 10.1007/978-981-19-9582-8_32

M3 - 會議論文篇章

AN - SCOPUS:85150996303

SN - 9789811995811

T3 - Communications in Computer and Information Science

SP - 362

EP - 373

BT - New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings

A2 - Hsieh, Sun-Yuan

A2 - Hung, Ling-Ju

A2 - Peng, Sheng-Lung

A2 - Klasing, Ralf

A2 - Lee, Chia-Wei

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022

Y2 - 15 December 2022 through 17 December 2022

ER -

Hung CH, Chen YM, Wu CC. Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation. 於 Hsieh SY, Hung LJ, Peng SL, Klasing R, Lee CW, 編輯, New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 362-373. (Communications in Computer and Information Science). doi: 10.1007/978-981-19-9582-8_32

Detecting Android Malware by Combining System Call Sequence Relationships with Local Feature Calculation

摘要

出版系列

???event.eventtypes.event.conference???

存取文件

指紋

引用此