-
ActDroid: An active learning framework for Android malware detection
Authors:
Ali Muzaffar,
Hani Ragab Hassen,
Hind Zantout,
Michael A Lones
Abstract:
The growing popularity of Android requires malware detection systems that can keep up with the pace of new software being released. According to a recent study, a new piece of malware appears online every 12 seconds. To address this, we treat Android malware detection as a streaming data problem and explore the use of active online learning as a means of mitigating the problem of labelling applica…
▽ More
The growing popularity of Android requires malware detection systems that can keep up with the pace of new software being released. According to a recent study, a new piece of malware appears online every 12 seconds. To address this, we treat Android malware detection as a streaming data problem and explore the use of active online learning as a means of mitigating the problem of labelling applications in a timely and cost-effective manner. Our resulting framework achieves accuracies of up to 96\%, requires as little of 24\% of the training data to be labelled, and compensates for concept drift that occurs between the release and labelling of an application. We also consider the broader practicalities of online learning within Android malware detection, and systematically explore the trade-offs between using different static, dynamic and hybrid feature sets to classify malware.
△ Less
Submitted 30 January, 2024;
originally announced January 2024.
-
DroidDissector: A Static and Dynamic Analysis Tool for Android Malware Detection
Authors:
Ali Muzaffar,
Hani Ragab Hassen,
Hind Zantout,
Michael A Lones
Abstract:
DroidDissector is an extraction tool for both static and dynamic features. The aim is to provide Android malware researchers and analysts with an integrated tool that can extract all of the most widely used features in Android malware detection from one location. The static analysis module extracts features from both the manifest file and the source code of the application to obtain a broad array…
▽ More
DroidDissector is an extraction tool for both static and dynamic features. The aim is to provide Android malware researchers and analysts with an integrated tool that can extract all of the most widely used features in Android malware detection from one location. The static analysis module extracts features from both the manifest file and the source code of the application to obtain a broad array of features that include permissions, API call graphs and opcodes. The dynamic analysis module runs on the latest version of Android and analyses the complete behaviour of an application by tracking the system calls used, network traffic generated, API calls used and log files produced by the application.
△ Less
Submitted 30 November, 2023; v1 submitted 8 August, 2023;
originally announced August 2023.
-
Investigating Feature and Model Importance in Android Malware Detection: An Implemented Survey and Experimental Comparison of ML-Based Methods
Authors:
Ali Muzaffar,
Hani Ragab Hassen,
Hind Zantout,
Michael A Lones
Abstract:
The popularity of Android means it is a common target for malware. Over the years, various studies have found that machine learning models can effectively discriminate malware from benign applications. However, as the operating system evolves, so does malware, bringing into question the findings of these previous studies, many of which report very high accuracies using small, outdated, and often i…
▽ More
The popularity of Android means it is a common target for malware. Over the years, various studies have found that machine learning models can effectively discriminate malware from benign applications. However, as the operating system evolves, so does malware, bringing into question the findings of these previous studies, many of which report very high accuracies using small, outdated, and often imbalanced datasets. In this paper, we reimplement 18 representative past works and reevaluate them using a balanced, relevant, and up-to-date dataset comprising 124,000 applications. We also carry out new experiments designed to fill holes in existing knowledge, and use our findings to identify the most effective features and models to use for Android malware detection within a contemporary environment. We show that high detection accuracies (up to 96.8%) can be achieved using features extracted through static analysis alone, yielding a modest benefit (1%) from using far more expensive dynamic analysis. API calls and opcodes are the most productive static and TCP network traffic provide the most predictive dynamic features. Random forests are generally the most effective model, outperforming more complex deep learning approaches. Whilst directly combining static and dynamic features is generally ineffective, ensembling models separately leads to performances comparable to the best models but using less brittle features.
△ Less
Submitted 26 March, 2024; v1 submitted 30 January, 2023;
originally announced January 2023.
-
An early warning tool for predicting mortality risk of COVID-19 patients using machine learning
Authors:
Muhammad E. H. Chowdhury,
Tawsifur Rahman,
Amith Khandakar,
Somaya Al-Madeed,
Susu M. Zughaier,
Suhail A. R. Doi,
Hanadi Hassen,
Mohammad T. Islam
Abstract:
COVID-19 pandemic has created an extreme pressure on the global healthcare services. Fast, reliable and early clinical assessment of the severity of the disease can help in allocating and prioritizing resources to reduce mortality. In order to study the important blood biomarkers for predicting disease mortality, a retrospective study was conducted on 375 COVID-19 positive patients admitted to Ton…
▽ More
COVID-19 pandemic has created an extreme pressure on the global healthcare services. Fast, reliable and early clinical assessment of the severity of the disease can help in allocating and prioritizing resources to reduce mortality. In order to study the important blood biomarkers for predicting disease mortality, a retrospective study was conducted on 375 COVID-19 positive patients admitted to Tongji Hospital (China) from January 10 to February 18, 2020. Demographic and clinical characteristics, and patient outcomes were investigated using machine learning tools to identify key biomarkers to predict the mortality of individual patient. A nomogram was developed for predicting the mortality risk among COVID-19 patients. Lactate dehydrogenase, neutrophils (%), lymphocyte (%), high sensitive C-reactive protein, and age - acquired at hospital admission were identified as key predictors of death by multi-tree XGBoost model. The area under curve (AUC) of the nomogram for the derivation and validation cohort were 0.961 and 0.991, respectively. An integrated score (LNLCA) was calculated with the corresponding death probability. COVID-19 patients were divided into three subgroups: low-, moderate- and high-risk groups using LNLCA cut-off values of 10.4 and 12.65 with the death probability less than 5%, 5% to 50%, and above 50%, respectively. The prognostic model, nomogram and LNLCA score can help in early detection of high mortality risk of COVID-19 patients, which will help doctors to improve the management of patient stratification.
△ Less
Submitted 29 July, 2020;
originally announced July 2020.
-
A Comparative study of Arabic handwritten characters invariant feature
Authors:
Hamdi Hassen,
Maher khemakhem
Abstract:
This paper is practically interested in the unchangeable feature of Arabic handwritten character. It presents results of comparative study achieved on certain features extraction techniques of handwritten character, based on Hough transform, Fourier transform, Wavelet transform and Gabor Filter. Obtained results show that Hough Transform and Gabor filter are insensible to the rotation and translat…
▽ More
This paper is practically interested in the unchangeable feature of Arabic handwritten character. It presents results of comparative study achieved on certain features extraction techniques of handwritten character, based on Hough transform, Fourier transform, Wavelet transform and Gabor Filter. Obtained results show that Hough Transform and Gabor filter are insensible to the rotation and translation, Fourier Transform is sensible to the rotation but insensible to the translation, in contrast to Hough Transform and Gabor filter, Wavelets Transform is sensitive to the rotation as well as to the translation.
△ Less
Submitted 8 November, 2012;
originally announced November 2012.