Show simple item record

dc.contributor.authorYerima, Suleiman
dc.contributor.authorAlzaylaee, Mohammed K.
dc.contributor.authorSezer, Sakir
dc.date.accessioned2019-05-07T11:57:51Z
dc.date.available2019-05-07T11:57:51Z
dc.date.issued2019-04-29
dc.identifier.citationYerima, S. Y., Alzaylaee, M. K., and Sezer, S. (2019) Machine learning-based dynamic analysis of Android apps with improved code coverage. EURASIP Journal on Information Security, 4, pp. 1-24.en
dc.identifier.urihttps://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-019-0087-1
dc.identifier.urihttps://www.dora.dmu.ac.uk/handle/2086/17779
dc.descriptionopen access articleen
dc.description.abstractThis paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the generation of events to trigger the user interface and maximize the discovery of the run-time behavioral features. The commonly used event generation approach in most existing Android dynamic analysis systems is the random-based approach implemented with the Monkey tool that comes with the Android SDK. Monkey is utilized in popular dynamic analysis platforms like AASandbox, vetDroid, MobileSandbox, TraceDroid, Andrubis, ANANAS, DynaLog, and HADM. In this paper, we propose and investigate approaches based on stateful event generation and compare their code coverage capabilities with the state-of-the-practice random-based Monkey approach. The two proposed approaches are the state-based method (implemented with DroidBot) and a hybrid approach that combines the state-based and random-based methods. We compare the three different input generation methods on real devices, in terms of their ability to log dynamic behavior features and the impact on various machine learning algorithms that utilize the behavioral features for malware detection. Experiments performed using 17,444 applications show that overall, the proposed methods provide much better code coverage which in turn leads to more accurate machine learning-based malware detection compared to the state-of- the- art approach.en
dc.language.isoenen
dc.publisherSpringeren
dc.subjectAndroid malware detectionen
dc.subjectcode coverageen
dc.subjectMonkeyen
dc.subjectDroidBoten
dc.subjectDynamic analysisen
dc.subjectMachine learningen
dc.subjectEvent generationen
dc.subjectState-based input generationen
dc.subjectModel-based input generationen
dc.subjectRandom input generationen
dc.titleMachine learning-based dynamic analysis of Android apps with improved code coverageen
dc.typeArticleen
dc.identifier.doihttps://doi.org/10.1186/s13635-019-0087-1
dc.peerreviewedYesen
dc.funderEPSRC (Engineering and Physical Sciences Research Council)en
dc.projectidCSIT-2 EP/N508664/1en
dc.cclicenceCC BYen
dc.date.acceptance2019-04-04
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record