Serviceeinschränkungen vom 12.-22.02.2026 - weitere Infos auf der UB-Homepage
  • Android malware detection as a...

Treffer: Android malware detection as a Bi-level problem

Title:
Android malware detection as a Bi-level problem
Authors:
Jerbi, Manel, Chelly Dagdia, Zaineb, Bechikh, Slim, Ben Said, Lamjed
Contributors:
Laboratoire BESTMOD ISG Tunis, ISG Tunis, Données et algorithmes pour une ville intelligente et durable - DAVID (DAVID), Université de Versailles Saint-Quentin-en-Yvelines (UVSQ), Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Supérieur de Gestion de Tunis Tunis (ISG), Université de Tunis, Zaineb Chelly Dagdia , Associate Professor UVSQ, Paris-Saclay, France 45 Avenue des États Unis, 78000 Versailles, France Email: zaineb.chelly-dagdia@uvsq.fr Homepage: https://sites.google.com/site/zeinebchelly/home Zaineb Chelly Dagdia is an Associate Professor at the Versailles Saint-Quentin-en-Yvelines University / Paris-Saclay, France. She is part of the Data and Algorithms for an Intelligent and Sustainable City Laboratory. She received her MSc. and Ph.D. in Computer Science at the University of Tunis, Tunisia, in 2010 and 2014, respectively. After that, she holds the position of a Marie Skłodowska Curie Research Fellow at Aberystwyth University, UK. Her research interests include different aspects of artificial intelligence. She has a strong publication record. She was awarded the Young Researcher First Price (IEEE EHB’2013), the ACM-WAward, the Marie Sklodowska Curie Individual European Fellowship and the Best Reviewer Award (iCDEc 2018). She also acts as a Marie Sklodowska Curie Ambassador, selected as a Female Scientist Role Model, and selected to be among the 200 most qualified Heidelberg- Laureate-Forum (HLF) young researchers. Further details could be found on her personal Webpage: https://sites.google.com/site/zeinebchelly/home .
Source:
ISSN: 0167-4048 ; Computers & Security ; https://hal.science/hal-03837347 ; Computers & Security, 2022, 121, pp.102825. ⟨10.1016/j.cose.2022.102825⟩.
Publisher Information:
CCSD
Elsevier
Publication Year:
2022
Collection:
LillOA (HAL Lille Open Archive, Université de Lille)
Subject Terms:
Evolutionary algorithms, Detection rules generation, Bi-level optimization, Artificial malicious patterns, Android malware detection, Android malware detection Bi-level optimization Detection rules generation Artificial malicious patterns Evolutionary algorithms, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Document Type:
Fachzeitschrift article in journal/newspaper
Language:
English
DOI:
10.1016/j.cose.2022.102825
Availability:
https://hal.science/hal-03837347
https://hal.science/hal-03837347v1/document
https://hal.science/hal-03837347v1/file/BMD__Final.pdf
https://doi.org/10.1016/j.cose.2022.102825
Rights:
http://hal.archives-ouvertes.fr/licences/copyright/ ; info:eu-repo/semantics/OpenAccess
Accession Number:
edsbas.743615EF
Database:
BASE

Weitere Informationen

International audience ; Malware detection is still a very challenging topic in the cybersecurity field. This is mainly due to the use of obfuscation techniques. To solve this issue, researchers proposed to extract frequent API (Application Programming Interface) call sequences and then use them as behavior indicators. Several methods aiming at generating malware detection rules have been proposed with the goal to come up with a set of rules that is able to accurately detect malicious code patterns. However, the rules generation process heavily depends on the training database content which will affect the detection rate of the model when confronted to new variants of malicious patterns. In order to assess a rule's detection accuracy, we need to execute the rule on the whole malware database which makes the detection rule quality evaluation very sensitive to the database content. To solve this issue, we suggest in this paper to consider the detection rules generation process as a BLOP (Bi-Level Optimization Problem), where a lower-level optimization task is embedded within the upper-level one. The goal of the upper-level is to generate a set of detection rules in the form of: trees of combined patterns. Those rules are able to detect not only the real patterns from the base of examples but also the artificial patterns generated by the lower-level. The lower-level aims to generate a set of artificial malicious patterns that escape the rules of the upper-level. An efficient co-evolutionary algorithm is adopted as a search engine to ensure optimization at both levels. Such an automated competition between the two levels makes our new method BMD (Bi-level Malware Detection) able to produce effective detection rules that are capable of detecting new predictable malicious behaviors in addition to existing ones. Based on the statistical analysis of the experimental results, our BMD method has shown its merits when compared to several relevant state-of-the-art malware detection techniques on different Android malware ...