Mining android bytecodes through the eyes of gabor filters for detecting malware

Shahid Alam, A. K. Demir
{"title":"Mining android bytecodes through the eyes of gabor filters for detecting malware","authors":"Shahid Alam, A. K. Demir","doi":"10.34028/iajit/20/2/4","DOIUrl":null,"url":null,"abstract":"One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.","PeriodicalId":13624,"journal":{"name":"Int. Arab J. Inf. Technol.","volume":"33 1","pages":"180-189"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. Arab J. Inf. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34028/iajit/20/2/4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过gabor过滤器的眼睛挖掘android字节码来检测恶意软件
Gabor滤波器的一个基本特性是它能提供局部区域内特定频率的有用信息。当转换成图像以查找嵌入的恶意模式时,这些信息可用于定位程序中的代码片段,即本地化代码。为了保持这种现象,我们提出了一种新的技术,使用Gabor过滤器上的滑动窗口来挖掘Android应用程序(APK)的Dalvik可执行文件(DEX)字节码来发现恶意模式。通过对DEX字节码的二维灰度图像进行Gabor滤波,提取APK的结构、行为功能和定位信息。在这些特征上滑动一个窗口,并根据其使用频率分配权重。选择权重大于给定阈值的Windows,用于训练分类器来检测恶意软件apk。我们的技术不需要任何反汇编或执行恶意软件程序,因此更安全,更准确。为了进一步改进特征选择,我们采用贪婪优化算法来寻找性能最好的特征子集。当使用真实恶意软件和良性apk进行测试时,该技术通过10倍交叉验证获得了98.9%的检测率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Novel Energy Efficient Harvesting Technique for SDWSN using RF Transmitters with MISO Beamforming Incorporating triple attention and multi-scale pyramid network for underwater image enhancement Generative adversarial networks with data augmentation and multiple penalty areas for image synthesis MAPNEWS: a framework for aggregating and organizing online news articles Deep learning based mobilenet and multi-head attention model for facial expression recognition
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1