Search Results (6)

As Android malware grows increasingly sophisticated, traditional detection methods struggle to keep pace, creating an urgent need for robust, interpretable, and real-time solutions to safeguard mobile ecosystems. This study introduces YoloMal-XAI, a novel deep learning framework that transforms Android application files into RGB image representations by mapping DEX (Dalvik Executable), Manifest.xml, and Resources.arsc files to distinct color channels. Evaluated on the CICMalDroid2020 dataset using YOLO11 pretrained classification models, YoloMal-XAI achieves 99.87% accuracy in binary classification and 99.56% in multi-class classification (Adware, Banking, Riskware, SMS, and Benign). Compared to ResNet-50, GoogLeNet, and MobileNetV2, YOLO11 offers competitive accuracy with at least 7× faster training over 100 epochs. Against YOLOv8, YOLO11 achieves comparable or superior accuracy while reducing training time by up to 3.5×. Cross-corpus validation using Drebin and CICAndMal2017 further confirms the model’s generalization capability on previously unseen malware. An ablation study highlights the value of integrating DEX, Manifest, and Resources components, with the full RGB configuration consistently delivering the best performance. Explainable AI (XAI) techniques—Grad-CAM, Grad-CAM++, Eigen-CAM, and HiRes-CAM—are employed to interpret model decisions, revealing the DEX segment as the most influential component. These results establish YoloMal-XAI as a scalable, efficient, and interpretable framework for Android malware detection, with strong potential for future deployment on resource-constrained mobile devices. Full article

As Android holds a commanding position in the smartphone operating system market, the proliferation of malicious applications on this platform has also escalated rapidly. This surge in diverse malware variants has compelled researchers to explore innovative techniques leveraging machine learning. Given the significance of static analysis in network security, and the proven effectiveness of Dalvik opcode as a precise representation of malware, many studies have adopted the use of Dalvik opcode in conjunction with machine learning algorithms to detect Android malware. Currently, a considerable number of opcode-based approaches are being developed to extract semantic information from opcode sequences. Nonetheless, these approaches encounter considerable challenges in terms of achieving precision. Despite the integration of additional semantic features, they do not succeed in enhancing precision and often result in longer computation times. Furthermore, the extensive length of opcode sequences poses a significant obstacle in the analysis of their underlying semantics. When confronted with these challenges, delving into alternative characteristics could hold the potential to overcome the prevailing predicament, thereby enhancing our comprehension of malwares’ operational mechanisms. Considering the rich informational content embedded within opcode dependencies, despite the scarcity of research in this domain, we intend to prioritize our focus on these dependencies. By constructing opcode graphs, we aim to gain deeper insights into the topological properties of these dependencies, thereby facilitating a more comprehensive analysis. This paper presents an innovative Android malware detection method. The core process of this method includes building a Dalvik opcode graph, extracting frequent subgraphs, and embedding subgraphs using graph convolutional neural networks to extract topological features and train classification models. This model aims to accurately distinguish between malicious Android applications and legitimate applications. Based on the above method, we have successfully developed a lightweight prototype for Android malware variant detection. Through theoretical analysis and practical experimental verification, the prototype demonstrates excellent effectiveness, efficiency, and stability. Specifically, its detection accuracy is nearly 95%, and the time cost for a single detection does not exceed 0.1 s. Full article

Expanded polystyrene (EPS) boxes are used for the packaging of perishable and vulnerable goods during transportation; for instance, fresh fish fillets. It is important to minimize the weight and cost of the packaging materials while maximizing strength to avoid damage to the packaging and the product itself. EPS boxes have to withstand considerable loading, which arises due to rough handling and stacking during transport. This work focused on the compressive and flexural properties and stacking strength of 3 kg capacity EPS boxes with densities of 22 and 23 kg/m${}^3$, by combining experiments and simulation. Material properties were obtained from the compression test, and the behavior of EPS boxes under stacking load was investigated through both experiments and finite element simulations. The influences of density and different sample preparation methods on material properties and stacking strength were investigated. The results indicated that, with the density increasing by 1 kg/m${}^3$, the initial modulus rises 10–15% and the compressive strength increases by 7–8% in the compression test, while in the flexure test, the rupture stress increases by 3–7%. Additionally, an increase of around 2% was observed for the specimens cut with a hot wire compared to those cut with a table saw. However, because the failure mechanism for a box as a whole differs from that of small units in the compression and flexure tests, density has less of an impact on stacking strength. Finally, a good agreement was obtained between the simulation and stacking strength test results. Full article

The aim of the study was to explore the effects of different design variables in the onboard bleeding process of cod on bleeding efficiency and the resulting product quality. A time- and flow-controlled process was used to create variable bleeding conditions for whole gutted cod onboard a wet-fish trawler. Two main design variables influencing the bleeding process are the pump flow recirculation (PFR) and the water replacement ratio (WRR); they were studied in five different combinations (groups). The effects of different bleeding conditions were evaluated by measurements of free fatty acids (FFAs), phospholipids (PLs), and total heme iron (HI) content during freezer storage for up to four months. The results for PL content and the regression model indicate that the enzyme activity in the fish muscle is lower in cases where PFR exerts greater influence in the bleeding process than WRR. The effects of successful blood removal also seem to be most noticeable after one month of freezer storage, rather than in fresh cod after seven days or after four months of simulated frozen food-chain storage. The study indicates that, with the bleeding medium to fish ratio of around 3:1 and enough WRR (over 100% replacement in 20 min), the PFR becomes the limiting design parameter regarding efficient blood removal and should be at least 10% of the tank volume per minute to ensure enough recirculation and flow of water in the bleed-out tanks. Full article

As interest in Internet of Things environments rapidly increases throughout the IT convergence field, compatibility with mobile devices must be provided to enable personalized services. The security of mobile platforms and applications is critical because security vulnerabilities of mobile devices can be spread to all things in these environments. Android, the leading open mobile platform, has long used the Dalvik virtual machine as its runtime system. However, it has recently been completely replaced by a new runtime system, namely Android Runtime (ART). The change from Android’s Dalvik to ART means that the existing Dalvik bytecode-based application execution structure has been changed to a machine code-based application execution structure. Consequently, a detailed understanding of ART, such as new file formats and execution switching methods between codes, is required from the viewpoint of application security. In this paper, we demonstrate that an existing Dalvik-based application vulnerability can be exploited as-is in ART. This is because existing Dalvik executable files coexist in the ART executable file, and these Dalvik bytecodes and compiled machine codes have one-to-one mapping relationships. We then propose an ART-based application protection scheme to secure this by dynamically eliminating the one-to-one mapping. In addition, the proposed scheme is implemented to evaluate its reverse engineering resistance and performance through experiments. Full article

Recently, Android malicious code has increased dramatically and the technology of reinforcement is increasingly powerful. Due to the development of code obfuscation and polymorphic deformation technology, the current Android malicious code static detection method whose feature selected is the semantic of application source code can not completely extract malware’s code features. The Android malware static detection methods whose features used are only obtained from the AndroidManifest.xml file are easily affected by useless permissions. Therefore, there are some limitations in current Android malware static detection methods. The current Android malware dynamic detection algorithm is mostly required to customize the system or needs system root permissions. Based on the Dendritic Cell Algorithm (DCA), this paper proposes an Android malware algorithm that has a higher detection rate, does not need to modify the system, and reduces the impact of code obfuscation to a certain degree. This algorithm is applied to an Android malware detection method based on oriented Dalvik disassembly sequence and application interface (API) calling sequence. Through the designed experiments, the effectiveness of this method is verified for the detection of Android malware. Full article