{"title":"通过gabor过滤器的眼睛挖掘android字节码来检测恶意软件","authors":"Shahid Alam, A. K. Demir","doi":"10.34028/iajit/20/2/4","DOIUrl":null,"url":null,"abstract":"One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.","PeriodicalId":13624,"journal":{"name":"Int. Arab J. Inf. Technol.","volume":"33 1","pages":"180-189"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Mining android bytecodes through the eyes of gabor filters for detecting malware\",\"authors\":\"Shahid Alam, A. K. Demir\",\"doi\":\"10.34028/iajit/20/2/4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.\",\"PeriodicalId\":13624,\"journal\":{\"name\":\"Int. Arab J. Inf. Technol.\",\"volume\":\"33 1\",\"pages\":\"180-189\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. Arab J. Inf. Technol.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.34028/iajit/20/2/4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. Arab J. Inf. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34028/iajit/20/2/4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mining android bytecodes through the eyes of gabor filters for detecting malware
One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
