Abstract:

Efficient three-dimensional imaging of pulmonary arteries and real- Android has been a constant target of cybercriminals that try to attack one of the most used operating systems, commonly using malicious applications (denominated malware) that, once installed on a device, can harm users in several ways. Existing malware detection solutions are usually invasive as they obtain classification features by performing reverse engineering, de-compilation, or disassembly of the analyzed application, which infringes licenses and terms of use of applications. In addition, these solutions often employ a single machine learning (ML) model to detect various types of malware, resulting in several false alarms. In this context, we propose an approach to detect Android malware consisting of a set of specific-type detectors in which each one performs a multi-stage analysis, based on rules and ML techniques, in different phases of the application cycle (before and after its installation). Our approach also differs from state-of-the-art solutions by being non-invasive, since it leverages a process to obtain application’s features that does not infringe licenses and terms of use of applications. In addition, according to experiments performed on a real Android smartphone, our proposal presents the following additional advantages over state-of-the-art solutions: a more efficient process to classify applications that is three times faster and requires ten times less CPU usage in some cases (saving device energy); and a better detection performance, with higher balanced accuracy, nine times less false positive cases, and ten times less false negative cases.
INDEX TERMS : Convolutional Neural Networks, Support Vector Machines (SVMs).