The high number of Android devices that are active around the world makes these platforms appealing targets for malware attacks. A malware is shorthand for malicious applications developed by cyber attackers with the intention of gaining access or causing damage to a computer device or network, often while the victim remains oblivious to the fact there’s been a compromise. Android security requires machine learning approaches to quickly and accurately flag malicious applications. This paper describes a supervised learning approach for classifying Android applications as genuine or malicious. It uses reverse engineering to look for dangerous capabilities within the application code and structure before it is executed and applies to an intriguing combination of clustering and classification, in order to deal with the imbalanced data problem and avoid a detection system that skews towards modeling the genuine applications. We use benchmark Android applications to assess that the presented approach is able to correctly detect malware applications. The significance of the computed detection patterns is evaluated using established machine learning metrics.

Dealing with Class Imbalance in Android Malware Detection by Cascading Clustering and Classification

Andresini G.
;
Appice A.;Malerba D.
2020-01-01

Abstract

The high number of Android devices that are active around the world makes these platforms appealing targets for malware attacks. A malware is shorthand for malicious applications developed by cyber attackers with the intention of gaining access or causing damage to a computer device or network, often while the victim remains oblivious to the fact there’s been a compromise. Android security requires machine learning approaches to quickly and accurately flag malicious applications. This paper describes a supervised learning approach for classifying Android applications as genuine or malicious. It uses reverse engineering to look for dangerous capabilities within the application code and structure before it is executed and applies to an intriguing combination of clustering and classification, in order to deal with the imbalanced data problem and avoid a detection system that skews towards modeling the genuine applications. We use benchmark Android applications to assess that the presented approach is able to correctly detect malware applications. The significance of the computed detection patterns is evaluated using established machine learning metrics.
2020
978-3-030-36616-2
978-3-030-36617-9
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11586/258851
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
social impact