Next Article in Journal
Enzymatic Degradation of 2,4,6-Trichlorophenol in a Microreactor using Soybean Peroxidase
Next Article in Special Issue
Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review
Previous Article in Journal
Direct Separation of the Diastereomers of Cholesterol Ester Hydroperoxide Using LC-MS/MS to Evaluate Enzymatic Lipid Oxidation
Previous Article in Special Issue
AACS: Attribute-Based Access Control Mechanism for Smart Locks
Open AccessArticle

Two Anatomists Are Better than One—Dual-Level Android Malware Detection

1
Department of Information & Communication Systems Engineering, University of Aegean, 83200 Karlovasi Samos, Greece
2
European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Symmetry 2020, 12(7), 1128; https://doi.org/10.3390/sym12071128
Received: 1 June 2020 / Revised: 27 June 2020 / Accepted: 29 June 2020 / Published: 7 July 2020
The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, that is, fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-à-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics. View Full-Text
Keywords: mobile malware; malware analysis; machine learning classification; hybrid detection; android security mobile malware; malware analysis; machine learning classification; hybrid detection; android security
Show Figures

Figure 1

MDPI and ACS Style

Kouliaridis, V.; Kambourakis, G.; Geneiatakis, D.; Potha, N. Two Anatomists Are Better than One—Dual-Level Android Malware Detection. Symmetry 2020, 12, 1128. https://doi.org/10.3390/sym12071128

AMA Style

Kouliaridis V, Kambourakis G, Geneiatakis D, Potha N. Two Anatomists Are Better than One—Dual-Level Android Malware Detection. Symmetry. 2020; 12(7):1128. https://doi.org/10.3390/sym12071128

Chicago/Turabian Style

Kouliaridis, Vasileios; Kambourakis, Georgios; Geneiatakis, Dimitris; Potha, Nektaria. 2020. "Two Anatomists Are Better than One—Dual-Level Android Malware Detection" Symmetry 12, no. 7: 1128. https://doi.org/10.3390/sym12071128

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop