AndroMalPack: Enhancing the ML-based Malware Classification by Detection and Removal of Repacked Apps for Android Systems

Rafiq, Husnain, Aslam, Nauman, Aleem, Muhammad, Issac, Biju and Randhawa, Rizwan Hamid (2022) AndroMalPack: Enhancing the ML-based Malware Classification by Detection and Removal of Repacked Apps for Android Systems. Scientific Reports, 12 (1). p. 19534. ISSN 2045-2322

[img]
Preview
Text
s41598-022-23766-w.pdf - Published Version
Available under License Creative Commons Attribution 4.0.

Download (2MB) | Preview
[img] Text
Accepted manuscript_AndroMalPack.pdf - Accepted Version
Restricted to Repository staff only

Download (2MB) | Request a copy
Official URL: https://doi.org/10.1038/s41598-022-23766-w

Abstract

Due to the widespread usage of Android smartphones in the present era, Android malware has become a grave security concern. The research community relies on publicly available datasets to keep pace with evolving malware. However, a plethora of apps in those datasets are mere clones of previously identified malware. The reason is that instead of creating novel versions, malware authors generally repack existing malicious applications to create malware clones with minimal effort and expense. This paper investigates three benchmark Android malware datasets to quantify repacked malware using package names-based similarity. We consider 5560 apps from the Drebin dataset, 24,533 apps from the AMD and 695,470 apps from the AndroZoo dataset for analysis. Our analysis reveals that 52.3 apps in Drebin, 29.8 apps in the AMD and 42.3 apps in the AndroZoo dataset are repacked malware. Furthermore, we present AndroMalPack, an Android malware detector trained on clones-free datasets and optimized using Nature-inspired algorithms. Although trained on a reduced version of datasets, AndroMalPack classifies novel and repacked malware with a remarkable detection accuracy of up to 98.2 and meagre false-positive rates. Finally, we publish a dataset of cloned apps in Drebin, AMD, and AndrooZoo to foster research in the repacked malware analysis domain.

Item Type: Article
Additional Information: Funding information: This work is supported by Northumbria’s Academic Centre of Excellence in Cyber Security Research (ACE-CSR), and we are thankful for the support.
Subjects: G400 Computer Science
G500 Information Systems
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: John Coen
Date Deposited: 04 Nov 2022 14:19
Last Modified: 03 Feb 2023 12:00
URI: https://nrl.northumbria.ac.uk/id/eprint/50541

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics