In this work, we propose a transfer learning and stacking approach to efficiently detect the Android malware files by utilizing two well-known machine learning models, ResNet-50 and Support Vector Machine (SVM).
Several Convolutional Neural Network (CNN) based methods have been proposed in this regard however, there is still room for performance improvement. Therefore, efficient identification and classification of Android malicious files is crucial. The rapid proliferation of Android malware apps poses a significant security risk to users, making static and manual analysis of malicious files difficult. Mobile malware specifically targets Android operating system as it has grown in popularity. Mobile malware is likely to continue to evolve and proliferate to carry out a variety of cybercrimes on mobile devices. Mobile malware is one of the most dangerous threats, causing both security breaches and financial losses. There has been an increase in attacks on mobile devices, such as smartphones and tablets, due to their growing popularity. The proposed method achieves a classification accuracy of 96.24% using the CICInvesAndMal2019 dataset. The TCN employs casual convolutions and dilations due to its temporality and broad receptive fields, making it very responsive to API-call sequences and malware activities in the manifest file. Finally, the multi-head Temporal Convolutional Network (TCN) is designed to identify malware based on fine-tuned features. To thoroughly analyze the novel features, the word2vec is fine-tuned with random, static, and dynamic strategies. Third, a transfer learning approach based on word2vec is developed to extract trained features from digital fingerprints. The API calls and manifest information are then combined to produce digital fingerprints of Android app actions.
Second, to represent Android apps with elevated features, we develop a features selection method that retrieves API calls and API sequences from CFGs. First, reverse engineering tools are used to mine manifest files and Java source codes from Android Package Kit (APK). This paper proposes a novel malware detection method called Droid-MCFG that combines the Android features of manifest and Control Flow Graph (CFG). Therefore, the Android security team must constantly develop novel features to detect suspicious attacks. Despite machine learning-based malware detectors having hundreds of features, attackers can use feature-related expertise to generate malware variants to avoid detection. Machine learning-based attack detection techniques have recently emerged as promising methods that relies heavily on particular features to classify malware. Android is the most popular mobile operating system, making it the main target of malware attacks.
0 kommentar(er)
