بررسی روشهای نوین شناسایی بدافزارهای اندرویدی
محورهای موضوعی : مهندسی کامپیوتر و فناوری اطلاعاتسیدعلیرضا خیامی 1 , سید ابراهیم دشتی 2 *
1 - گروه مهندسی کامپیوتر، واحد شیراز، دانشگاه آزاد اسلامی، شیراز، ایران
2 - گروه مهندسی کامپیوتر، واحد جهرم، دانشگاه آزاد اسلامی، جهرم، فارس، ایران
کلید واژه: شناسایی بدافزار, شناسایی استاتیک بدافزار, شناسایی دینامیک بد افزار.,
چکیده مقاله :
تشخیص بدافزارهای اندرویدی بهدلیل بهروز شدن روشهای هک و نفوذ به سیستمعاملهای اندرویدی، همواره با چالشهای مختلفی روبهرو بودهاست. بههمیندلیل، بسیاری از روشهای کلاسیک و قدیمی در تشخیص بدافزارهای اندرویدی جوابگو نیستند. هکرها با استفاده از روشهای مختلف میتوانند بدافزارهای خود را پنهان نمایند. از آنجا که شناسایی بدافزار به روشهای سنتی و با استفاده از امضای الکترونیکی، آنتروپی و… دشوار است، مطالعات به سمت شناسایی از طریق هوش مصنوعی سوق یافتهاست. شناسایی بدافزارهای اندرویدی در حوزه یادگیری ماشین شامل روشهای یادگیری پویا (دینامیک)، ایستا (استاتیک) و ترکیبی میباشد. بهرهگیری از روشهای ایستا بهتنهایی برخی از کاربردهای شناسایی بدافزار را ندارد، اما در سالهای اخیر توجه بسیاری به آن شدهاست. درخصوص روشهای شناسایی بدافزارهای اندرویدی به روش پویا، بهدلیل نیاز به فضای زیاد جهت آزمون نرمافزار، همواره این چالش وجود داشته که برنامه اندرویدی باید به فضایی دیگر (همچون ابر) ارسال شده و در آنجا آزمون شود و نتیجه آن به دستگاه اندرویدی بازگردانده گردد. از طرف دیگر، عدم توجه به حریم خصوصی کاربر نیز بهعنوان یک چالش مطرح میشود. بدافزارهای فعلی از چندریختی (پُلیمورفیسم)، دگردیسی (متامورفیسم) و دیگر روشهای گریزناپذیر برای تغییر سریع رفتار بدافزارها استفاده میکنند و حجم انبوهی از بدافزارهای جدید ایجاد میکنند. با این حال، روشهای متعارف یادگیری ماشین زمانبر هستند، زیرا نیازمند مهندسی ویژگی گسترده، یادگیری ویژگی و بازنمایی ویژگی میباشند. با استفاده از الگوریتمهای پیشرفته یادگیری ماشین مانند یادگیری عمیق، میتوان از مرحله مهندسی ویژگی بهطور کامل اجتناب کرد. در این مقاله، آخرین دستاوردهای علمی در این زمینه مورد بررسی قرار میگیرد.
Android malware detection has consistently faced numerous challenges due to the continuous evolution of hacking and penetration techniques targeting the Android operating system. Consequently, many classic and legacy methods for detecting Android malware are no longer adequate. Hackers can conceal their malware using a variety of obfuscation methods. Since identifying malware using traditional techniques—such as digital signatures, entropy analysis, etc.—has become increasingly difficult, research is shifting toward artificial intelligence-based detection. In the field of machine learning, Android malware detection encompasses dynamic, static, and hybrid analysis methods. Relying solely on static methods has certain limitations for malware detection; however, it has garnered significant attention in recent years. Regarding dynamic methods, a major persistent challenge is the substantial computational space and resources required for testing, often necessitating that the Android application be sent to a separate environment (e.g., a cloud sandbox) for analysis, with the results then relayed back to the device. This approach also raises significant user privacy concerns. Contemporary malware employs polymorphism, metamorphism, and other evasion techniques to rapidly alter their behavior and generate a vast number of new variants. Traditional machine learning methods can be time-consuming as they require extensive feature engineering, feature learning, and feature representation. By leveraging advanced machine learning algorithms, particularly deep learning, the feature engineering phase can be entirely bypassed. This article reviews the latest scientific advances in this field.
[1] S. D. Alotaibi, B. Alabduallah, Y. Said, S. B. H. Hassine, A. A. Alzubaidi, M. Alamri, and J. Majdoubi, "Bioinspired artificial intelligence based android malware detection and classification for cybersecurity applications," Alexandria Eng. J., vol. 100, pp. 142–152, 2024.
[2] M. K. Alzaylaee, S. Y. Yerima, and S. Sezer, "Emulator vs real phone: Android malware detection using machine learning," in Proc. 3rd ACM Int. Workshop Secur. Privacy Anal., 2017, pp. 65–72.
[3] B. Amos, H. Turner, and J. White, "Applying machine learning classifiers to dynamic android malware detection at scale," in Proc. 9th Int. Wireless Commun. Mobile Comput. Conf. (IWCMC), 2013, pp. 1666–1671.
[4] H. Cai, N. Meng, B. Ryder, and D. Yao, "Droidcat: Effective android malware detection and categorization via app-level profiling," IEEE Trans. Inf. Forensics Secur., vol. 14, no. 6, pp. 1455–1470, 2018.
[5] T. Chen, Q. Mao, Y. Yang, M. Lv, and J. Zhu, "Tinydroid: A lightweight and efficient model for android malware detection and classification," Mobile Inf. Syst., vol. 2018, Art. no. 4157156, 2018.
[6] J. Gu, H. Zhu, Z. Han, X. Li, and J. Zhao, "GSEDroid: GNN-based android malware detection framework using lightweight semantic embedding," Comput. Secur., vol. 140, Art. no. 103807, 2024.
[7] H. Han, S. Lim, K. Suh, S. Park, S. J. Cho, and M. Park, "Enhanced android malware detection: An SVM-based machine learning approach," in Proc. IEEE Int. Conf. Big Data Smart Comput. (BigComp), 2020, pp. 75–81.
[8] B. Kang, S. Y. Yerima, K. McLaughlin, and S. Sezer, "N-opcode analysis for android malware classification and categorization," in Proc. Int. Conf. Cyber Secur. Protect. Digit. Serv. (Cyber Secur.), 2016, pp. 1–7.
[9] J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-An, and H. Ye, "Significant permission identification for machine-learning-based android malware detection," IEEE Trans. Ind. Informat., vol. 14, no. 7, pp. 3216–3225, 2018.
[10] M. Lindorfer, M. Neugschwandtner, and C. Platzer, "Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis," in Proc. IEEE 39th Annu. Comput. Softw. Appl. Conf. (COMPSAC), vol. 2, 2015, pp. 422–433.
[11] Y. Lu, P. Zulie, L. Jingju, and S. Yi, "Android malware detection technology based on improved Bayesian classification," in Proc. 3rd Int. Conf. Instrum., Meas., Comput., Commun., Control (IMCCC), 2013, pp. 1338–1341.
[12] Z. Ma, H. Ge, Y. Liu, M. Zhao, and J. Ma, "A combination method for android malware detection based on control flow graphs and machine learning algorithms," IEEE Access, vol. 7, pp. 21235–21245, 2019.
[13] P. Maniriho, A. N. Mahmood, and M. J. M. Chowdhury, "MeMalDet: A memory analysis-based malware detection framework using deep autoencoders and stacked ensemble under temporal evaluations," Comput. Secur., vol. 142, Art. no. 103864, 2024.
[14] S. Millar, N. McLaughlin, J. M. del Rincon, and P. Miller, "Multi-view deep learning for zero-day Android malware detection," J. Inf. Secur. Appl., vol. 58, Art. no. 102718, 2021.
[15] A. Mu, H. Ra, A. Mi, and H. Za, "An in-depth review of machine learning based Android malware detection," Comput. Secur., vol. 121, Art. no. 202533, 2022.
[16] H. Ngirande, M. Muduva, R. Chiwariro, and A. Makate, "Detection and analysis of Android ransomware using the support vector machines," Int. J. Res. Appl. Sci. Eng. Technol. (IJRASET), vol. 12, pp. 241–252, 2024.
[17] J. Qiu et al., "A3CM: Automatic capability annotation for android malware," IEEE Access, vol. 7, pp. 147156–147168, 2019. [18] B. Sanz et al., "Puma: Permission usage to detect malware in android," in *Proc. Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12*, 2013, pp. 289–298.
[19] A. Saracino, D. Sgandurra, G. Dini, and F. Martinelli, "Madam: Effective and efficient behavior-based android malware detection and prevention," IEEE Trans. Dependable Secure Comput., vol. 15, no. 1, pp. 83–97, 2018.
[20] K. Shaukat, S. Luo, and V. Varadharajan, "A novel machine learning approach for detecting first-time-appeared malware," Eng. Appl. Artif. Intell., vol. 131, Art. no. 107801, 2024.
[21] Y. C. Shyong, T. H. Jeng, and Y. M. Chen, "Combining static permissions and dynamic packet analysis to improve android malware detection," in Proc. 2nd Int. Conf. Comput. Commun. Internet (ICCCI), 2020, pp. 75–81.
[22] S. K. Smmarwar, G. P. Gupta, and S. Kumar, "Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review," Telemat. Informat. Rep., vol. 100130, 2024.
[23] K. A. Talha, D. I. Alper, and C. Aydin, "APK Auditor: Permission-based Android malware detection system," Digit. Investig., vol. 13, pp. 1–14, 2015.
[24] R. Thangavelooa, W. W. Jinga, C. K. Lenga, and J. Abdullaha, "Datdroid: Dynamic analysis technique in android malware detection," Int. J. Adv. Sci., Eng., Inf. Technol., vol. 10, no. 2, pp. 536–541, 2020.
[25] S. Wang et al., "Trafficav: An effective and explainable detection of mobile malware behavior using network traffic," in *Proc. IEEE/ACM 24th Int. Symp. Qual. Service (IWQoS)*, 2016, pp. 1–6.
[26] W. Wang, X. Wang, D. Feng, J. Liu, Z. Han, and X. Zhang, "Exploring permission-induced risk in android applications for malicious application detection," IEEE Trans. Inf. Forensics Secur., vol. 9, no. 11, pp. 1869–1882, 2014.
[27] X. Wang, D. Zhang, X. Su, and W. Li, "Mlifdect: Android malware detection based on parallel machine learning and information fusion," Secur. Commun. Netw., vol. 2017, Art. no. 6451260, 2017.
[28] Y. Wang, Y. Chen, B. Lang, H. Liu, and S. Chen, "Topic model based android malware detection," in Proc. 12th Int. Conf. Secur., Privacy, Anonymity Comput., Commun., Storage (SpaCCS), 2019, pp. 384–396.
[29] Q. Wen and K. P. Chow, "CNN based zero-day malware detection using small binary segments," Forensic Sci. Int.: Digit. Investig., vol. 38, Art. no. 301128, 2021.
[30] F. Yang, Y. Zhuang, and J. Wang, "Android malware detection using hybrid analysis and machine learning technique," in Proc. 3rd Int. Conf. Cloud Comput. Secur. (ICCCS), 2017, pp. 565–575.
[31] R. A. Yunmar, S. S. Kusumawardani, and F. Mohsen, "Hybrid Android malware detection: A review of heuristic-based approach," IEEE Access, vol. 12, pp. 41255–41286, 2024.
[32] W. Z. Zarni Aung, "Permission-based android malware detection," Int. J. Sci. Technol. Res., vol. 2, no. 3, pp. 228–234, 2013.