A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization
Abstract Android is the most widely used mobile platform, making it a prime target for malicious attacks. Therefore, it is imperative to effectively circumvent these attacks. Recently, machine learning has been a promising solution for malware detection, which relies on distinguishing features. Whil...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
SpringerOpen
2022-11-01
|
Series: | Journal of Cloud Computing: Advances, Systems and Applications |
Subjects: | |
Online Access: | https://doi.org/10.1186/s13677-022-00349-8 |
_version_ | 1811328819435405312 |
---|---|
author | Farhan Ullah Gautam Srivastava Shamsher Ullah |
author_facet | Farhan Ullah Gautam Srivastava Shamsher Ullah |
author_sort | Farhan Ullah |
collection | DOAJ |
description | Abstract Android is the most widely used mobile platform, making it a prime target for malicious attacks. Therefore, it is imperative to effectively circumvent these attacks. Recently, machine learning has been a promising solution for malware detection, which relies on distinguishing features. While machine learning-based malware scanners have a large number of features, adversaries can avoid detection by using feature-related expertise. Therefore, one of the main tasks of the Android security industry is to consistently propose cutting-edge features that can detect suspicious activity. This study presents a novel feature representation approach for malware detection that combines API-Call Graphs (ACGs) with byte-level image representation. First, the reverse engineering procedure is used to obtain the Java programming codes and Dalvik Executable (DEX) file from Android Package Kit (APK). Second, to depict Android apps with high-level features, we develop ACGs by mining API-Calls and API sequences from Control Flow Graph (CFG). The ACGs can act as a digital fingerprint of the actions taken by Android apps. Next, the multi-head attention-based transfer learning method is used to extract trained features vector from ACGs. Third, the DEX file is converted to a malware image, and the texture features are extracted and highlighted using a combination of FAST (Features from Accelerated Segment Test) and BRIEF (Binary Robust Independent Elementary Features). Finally, the ACGs and texture features are combined for effective malware detection and classification. The proposed method uses a customized dataset prepared from the CIC-InvesAndMal2019 dataset and outperforms state-of-the-art methods with 99.27% accuracy. |
first_indexed | 2024-04-13T15:32:50Z |
format | Article |
id | doaj.art-10779afa39f04ad89d370f1e2da177ed |
institution | Directory Open Access Journal |
issn | 2192-113X |
language | English |
last_indexed | 2024-04-13T15:32:50Z |
publishDate | 2022-11-01 |
publisher | SpringerOpen |
record_format | Article |
series | Journal of Cloud Computing: Advances, Systems and Applications |
spelling | doaj.art-10779afa39f04ad89d370f1e2da177ed2022-12-22T02:41:20ZengSpringerOpenJournal of Cloud Computing: Advances, Systems and Applications2192-113X2022-11-0111112110.1186/s13677-022-00349-8A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualizationFarhan Ullah0Gautam Srivastava1Shamsher Ullah2School of Software, Northwestern Polytechnical UniversityDepartment of Math and Computer Science, Brandon UniversitySchool of Software, Northwestern Polytechnical UniversityAbstract Android is the most widely used mobile platform, making it a prime target for malicious attacks. Therefore, it is imperative to effectively circumvent these attacks. Recently, machine learning has been a promising solution for malware detection, which relies on distinguishing features. While machine learning-based malware scanners have a large number of features, adversaries can avoid detection by using feature-related expertise. Therefore, one of the main tasks of the Android security industry is to consistently propose cutting-edge features that can detect suspicious activity. This study presents a novel feature representation approach for malware detection that combines API-Call Graphs (ACGs) with byte-level image representation. First, the reverse engineering procedure is used to obtain the Java programming codes and Dalvik Executable (DEX) file from Android Package Kit (APK). Second, to depict Android apps with high-level features, we develop ACGs by mining API-Calls and API sequences from Control Flow Graph (CFG). The ACGs can act as a digital fingerprint of the actions taken by Android apps. Next, the multi-head attention-based transfer learning method is used to extract trained features vector from ACGs. Third, the DEX file is converted to a malware image, and the texture features are extracted and highlighted using a combination of FAST (Features from Accelerated Segment Test) and BRIEF (Binary Robust Independent Elementary Features). Finally, the ACGs and texture features are combined for effective malware detection and classification. The proposed method uses a customized dataset prepared from the CIC-InvesAndMal2019 dataset and outperforms state-of-the-art methods with 99.27% accuracy.https://doi.org/10.1186/s13677-022-00349-8Android malwareControl flow graphMalware visualizationTransfer learningEnsemble learningCybersecurity |
spellingShingle | Farhan Ullah Gautam Srivastava Shamsher Ullah A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization Journal of Cloud Computing: Advances, Systems and Applications Android malware Control flow graph Malware visualization Transfer learning Ensemble learning Cybersecurity |
title | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization |
title_full | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization |
title_fullStr | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization |
title_full_unstemmed | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization |
title_short | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization |
title_sort | malware detection system using a hybrid approach of multi heads attention based control flow traces and image visualization |
topic | Android malware Control flow graph Malware visualization Transfer learning Ensemble learning Cybersecurity |
url | https://doi.org/10.1186/s13677-022-00349-8 |
work_keys_str_mv | AT farhanullah amalwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization AT gautamsrivastava amalwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization AT shamsherullah amalwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization AT farhanullah malwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization AT gautamsrivastava malwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization AT shamsherullah malwaredetectionsystemusingahybridapproachofmultiheadsattentionbasedcontrolflowtracesandimagevisualization |