Over the years, the frequency of cybersecurity attacks has surged as cybercriminals continually exploit vulnerabilities to amass profits through the unauthorized acquisition and resale of personal information on the dark web or by demanding ransoms. Fueled by this malicious motivation, researchers have diligently sought innovative methodologies to detect and thwart these cyber threats across various environments. Among the targeted landscapes, Android stands out due to its widespread usage, making it a prime target for attempted attacks. In response to this escalating challenge, in this paper we design and develop a method for identifying malicious and benign system calls through the usage of Deep Learning and an algorithm of Dynamic programming such as the Longest Common Subsequence algorithm. To conduct our research, we meticulously extracted System Calls from Android applications, transforming them into images to create a robust dataset comprising 13,570 samples. With the dataset in hand, we employed four different Convolutional Neural Networks, utilizing them to train and test various models. At the end of this process, our model achieved an accuracy rate of 0.890. To enhance the explainability of our findings, we applied two distinct Class Activation Mapping algorithms. These algorithms help spotlight the most significant areas during the classification process. Once these visual representations were obtained, we merged the original images with the heat maps generated by Class Activation Mapping algorithms. This fusion allowed to identify and extract the most discriminative system calls, providing valuable insights into the distinguishing features between malicious and benign behaviors.
Dynamic analysis for explainable fine-grained android malware detection
Ciaramella Giovanni;
2024
Abstract
Over the years, the frequency of cybersecurity attacks has surged as cybercriminals continually exploit vulnerabilities to amass profits through the unauthorized acquisition and resale of personal information on the dark web or by demanding ransoms. Fueled by this malicious motivation, researchers have diligently sought innovative methodologies to detect and thwart these cyber threats across various environments. Among the targeted landscapes, Android stands out due to its widespread usage, making it a prime target for attempted attacks. In response to this escalating challenge, in this paper we design and develop a method for identifying malicious and benign system calls through the usage of Deep Learning and an algorithm of Dynamic programming such as the Longest Common Subsequence algorithm. To conduct our research, we meticulously extracted System Calls from Android applications, transforming them into images to create a robust dataset comprising 13,570 samples. With the dataset in hand, we employed four different Convolutional Neural Networks, utilizing them to train and test various models. At the end of this process, our model achieved an accuracy rate of 0.890. To enhance the explainability of our findings, we applied two distinct Class Activation Mapping algorithms. These algorithms help spotlight the most significant areas during the classification process. Once these visual representations were obtained, we merged the original images with the heat maps generated by Class Activation Mapping algorithms. This fusion allowed to identify and extract the most discriminative system calls, providing valuable insights into the distinguishing features between malicious and benign behaviors.| File | Dimensione | Formato | |
|---|---|---|---|
|
978-3-031-76371-7_8.pdf
non disponibili
Descrizione: Dynamic Analysis for Explainable Fine-Grained Android Malware Detection
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
5.61 MB
Formato
Adobe PDF
|
5.61 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
