The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Os malwares Android estão rapidamente se tornando uma ameaça potencial para os usuários. Entre vários esquemas de detecção de malware Android, o esquema que utiliza comunicação entre componentes (ICC) está chamando a atenção. Esse esquema extrai vários recursos relacionados ao ICC para detectar malwares por meio de aprendizado de máquina. Para mitigar a degradação do desempenho de detecção causada por recursos redundantes, a seleção de recursos baseada em correlação (CFS) é aplicada ao recurso antes do aprendizado de máquina. O CFS seleciona características úteis para detecção de acordo com a teoria de que um bom subconjunto de características tem pouca correlação com características mútuas. No entanto, o CFS pode remover recursos úteis relacionados ao ICC devido à forte correlação entre eles. Neste artigo, propomos um esquema eficaz de seleção de recursos para detecção de malware baseado em Android ICC usando a lacuna da proporção de aparência. Argumentamos que os recursos que aparecem frequentemente em aplicativos benignos ou em malwares são úteis para detecção de malware, mesmo que estejam fortemente correlacionados entre si. Para selecionar recursos úteis com base em nosso argumento, apresentamos a proporção da proporção de aparência de um recurso entre aplicativos benignos e malwares. Como a proporção pode representar se um recurso aparece frequentemente em aplicativos benignos ou em malwares, essa métrica é útil para a seleção de recursos com base em nosso argumento. Infelizmente, a proporção é ineficaz quando um recurso aparece apenas uma vez em todos os aplicativos. Assim, também apresentamos a diferença na proporção de aparência de um recurso entre aplicativos benignos e malwares. Como a diferença representa simplesmente a diferença na proporção de aparência, podemos selecionar recursos úteis usando essa métrica quando tal situação ocorrer. Por simulação computacional com conjunto de dados reais, demonstramos que nosso esquema melhora a precisão da detecção selecionando os recursos úteis descartados no esquema anterior.
Kyohei OSUGE
Keio University
Hiroya KATO
Keio University
Shuichiro HARUTA
Keio University
Iwao SASASE
Keio University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Kyohei OSUGE, Hiroya KATO, Shuichiro HARUTA, Iwao SASASE, "An Effective Feature Selection Scheme for Android ICC-Based Malware Detection Using the Gap of the Appearance Ratio" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 6, pp. 1136-1144, June 2019, doi: 10.1587/transinf.2018EDP7301.
Abstract: Android malwares are rapidly becoming a potential threat to users. Among several Android malware detection schemes, the scheme using Inter-Component Communication (ICC) is gathering attention. That scheme extracts numerous ICC-related features to detect malwares by machine learning. In order to mitigate the degradation of detection performance caused by redundant features, Correlation-based Feature Selection (CFS) is applied to feature before machine learning. CFS selects useful features for detection in accordance with the theory that a good feature subset has little correlation with mutual features. However, CFS may remove useful ICC-related features because of strong correlation between them. In this paper, we propose an effective feature selection scheme for Android ICC-based malware detection using the gap of the appearance ratio. We argue that the features frequently appearing in either benign apps or malwares are useful for malware detection, even if they are strongly correlated with each other. To select useful features based on our argument, we introduce the proportion of the appearance ratio of a feature between benign apps and malwares. Since the proportion can represent whether a feature frequently appears in either benign apps or malwares, this metric is useful for feature selection based on our argument. Unfortunately, the proportion is ineffective when a feature appears only once in all apps. Thus, we also introduce the difference of the appearance ratio of a feature between benign apps and malwares. Since the difference simply represents the gap of the appearance ratio, we can select useful features by using this metric when such a situation occurs. By computer simulation with real dataset, we demonstrate our scheme improves detection accuracy by selecting the useful features discarded in the previous scheme.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDP7301/_p
Copiar
@ARTICLE{e102-d_6_1136,
author={Kyohei OSUGE, Hiroya KATO, Shuichiro HARUTA, Iwao SASASE, },
journal={IEICE TRANSACTIONS on Information},
title={An Effective Feature Selection Scheme for Android ICC-Based Malware Detection Using the Gap of the Appearance Ratio},
year={2019},
volume={E102-D},
number={6},
pages={1136-1144},
abstract={Android malwares are rapidly becoming a potential threat to users. Among several Android malware detection schemes, the scheme using Inter-Component Communication (ICC) is gathering attention. That scheme extracts numerous ICC-related features to detect malwares by machine learning. In order to mitigate the degradation of detection performance caused by redundant features, Correlation-based Feature Selection (CFS) is applied to feature before machine learning. CFS selects useful features for detection in accordance with the theory that a good feature subset has little correlation with mutual features. However, CFS may remove useful ICC-related features because of strong correlation between them. In this paper, we propose an effective feature selection scheme for Android ICC-based malware detection using the gap of the appearance ratio. We argue that the features frequently appearing in either benign apps or malwares are useful for malware detection, even if they are strongly correlated with each other. To select useful features based on our argument, we introduce the proportion of the appearance ratio of a feature between benign apps and malwares. Since the proportion can represent whether a feature frequently appears in either benign apps or malwares, this metric is useful for feature selection based on our argument. Unfortunately, the proportion is ineffective when a feature appears only once in all apps. Thus, we also introduce the difference of the appearance ratio of a feature between benign apps and malwares. Since the difference simply represents the gap of the appearance ratio, we can select useful features by using this metric when such a situation occurs. By computer simulation with real dataset, we demonstrate our scheme improves detection accuracy by selecting the useful features discarded in the previous scheme.},
keywords={},
doi={10.1587/transinf.2018EDP7301},
ISSN={1745-1361},
month={June},}
Copiar
TY - JOUR
TI - An Effective Feature Selection Scheme for Android ICC-Based Malware Detection Using the Gap of the Appearance Ratio
T2 - IEICE TRANSACTIONS on Information
SP - 1136
EP - 1144
AU - Kyohei OSUGE
AU - Hiroya KATO
AU - Shuichiro HARUTA
AU - Iwao SASASE
PY - 2019
DO - 10.1587/transinf.2018EDP7301
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 6
JA - IEICE TRANSACTIONS on Information
Y1 - June 2019
AB - Android malwares are rapidly becoming a potential threat to users. Among several Android malware detection schemes, the scheme using Inter-Component Communication (ICC) is gathering attention. That scheme extracts numerous ICC-related features to detect malwares by machine learning. In order to mitigate the degradation of detection performance caused by redundant features, Correlation-based Feature Selection (CFS) is applied to feature before machine learning. CFS selects useful features for detection in accordance with the theory that a good feature subset has little correlation with mutual features. However, CFS may remove useful ICC-related features because of strong correlation between them. In this paper, we propose an effective feature selection scheme for Android ICC-based malware detection using the gap of the appearance ratio. We argue that the features frequently appearing in either benign apps or malwares are useful for malware detection, even if they are strongly correlated with each other. To select useful features based on our argument, we introduce the proportion of the appearance ratio of a feature between benign apps and malwares. Since the proportion can represent whether a feature frequently appears in either benign apps or malwares, this metric is useful for feature selection based on our argument. Unfortunately, the proportion is ineffective when a feature appears only once in all apps. Thus, we also introduce the difference of the appearance ratio of a feature between benign apps and malwares. Since the difference simply represents the gap of the appearance ratio, we can select useful features by using this metric when such a situation occurs. By computer simulation with real dataset, we demonstrate our scheme improves detection accuracy by selecting the useful features discarded in the previous scheme.
ER -